From: Victor Julien <vjulien@oisf.net>
Date: Thu, 19 Jun 2025 12:24:18 +0000 (+0200)
Subject: flow/manager: fix threading/locking coverity warnings
X-Git-Tag: suricata-8.0.0~38
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=5aaef39c8c727cf44c5a0142285e5e6ed65e9c11;p=thirdparty%2Fsuricata.git

flow/manager: fix threading/locking coverity warnings

In flow manager and recycler timed condition wait loops.

First check loop break conditions before entiring the timed wait.

CID 1638284: (#1 of 1): Indefinite wait (BAD_CHECK_OF_WAIT_COND)
dead_wait: A wait is performed without ensuring that the condition is not already satisfied while holding lock flow_manager_ctrl_mutex. This can cause a deadlock if the notification happens before the lock is acquired.

CID 1638293: (#1 of 1): Indefinite wait (BAD_CHECK_OF_WAIT_COND)
dead_wait: A wait is performed without ensuring that the condition is not already satisfied while holding lock flow_recycler_ctrl_mutex. This can cause a deadlock if the notification happens before the lock is acquired.
---

diff --git a/src/flow-manager.c b/src/flow-manager.c
index 0b074acb25..32708eefe4 100644
--- a/src/flow-manager.c
+++ b/src/flow-manager.c
@@ -977,11 +977,12 @@ static TmEcode FlowManager(ThreadVars *th_v, void *thread_data)
             struct timespec cond_time = FROM_TIMEVAL(cond_tv);
             SCCtrlMutexLock(&flow_manager_ctrl_mutex);
             while (1) {
+                if (SC_ATOMIC_GET(flow_flags) & FLOW_EMERGENCY) {
+                    break;
+                }
                 int rc = SCCtrlCondTimedwait(
                         &flow_manager_ctrl_cond, &flow_manager_ctrl_mutex, &cond_time);
-                if (rc == ETIMEDOUT || rc < 0)
-                    break;
-                if (SC_ATOMIC_GET(flow_flags) & FLOW_EMERGENCY) {
+                if (rc == ETIMEDOUT || rc < 0) {
                     break;
                 }
             }
@@ -1153,17 +1154,17 @@ static TmEcode FlowRecycler(ThreadVars *th_v, void *thread_data)
             struct timespec cond_time = FROM_TIMEVAL(cond_tv);
             SCCtrlMutexLock(&flow_recycler_ctrl_mutex);
             while (1) {
-                int rc = SCCtrlCondTimedwait(
-                        &flow_recycler_ctrl_cond, &flow_recycler_ctrl_mutex, &cond_time);
-                if (rc == ETIMEDOUT || rc < 0) {
-                    break;
-                }
                 if (SC_ATOMIC_GET(flow_flags) & FLOW_EMERGENCY) {
                     break;
                 }
                 if (SC_ATOMIC_GET(flow_recycle_q.non_empty)) {
                     break;
                 }
+                int rc = SCCtrlCondTimedwait(
+                        &flow_recycler_ctrl_cond, &flow_recycler_ctrl_mutex, &cond_time);
+                if (rc == ETIMEDOUT || rc < 0) {
+                    break;
+                }
             }
             SCCtrlMutexUnlock(&flow_recycler_ctrl_mutex);
         }