From 2bea5af2c8d4534d741be2b1881e129584aedd24 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 21 Jun 2025 20:54:16 +0200 Subject: [PATCH] detect/multi-tenant: address various thread safety warnings --- src/detect-engine.c | 17 ++++++++++++----- src/detect-engine.h | 2 +- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index b70f01da58..b5fe6dbf1e 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -3155,16 +3155,18 @@ static void DetectEngineThreadCtxDeinitKeywords(DetectEngineCtx *de_ctx, DetectE static TmEcode DetectEngineThreadCtxInitForMT(ThreadVars *tv, DetectEngineThreadCtx *det_ctx) { DetectEngineMasterCtx *master = &g_master_de_ctx; + SCMutexLock(&master->lock); + DetectEngineTenantMapping *map_array = NULL; uint32_t map_array_size = 0; uint32_t map_cnt = 0; uint32_t max_tenant_id = 0; DetectEngineCtx *list = master->list; - HashTable *mt_det_ctxs_hash = NULL; if (master->tenant_selector == TENANT_SELECTOR_UNKNOWN) { SCLogError("no tenant selector set: " "set using multi-detect.selector"); + SCMutexUnlock(&master->lock); return TM_ECODE_FAILED; } @@ -3177,7 +3179,8 @@ static TmEcode DetectEngineThreadCtxInitForMT(ThreadVars *tv, DetectEngineThread tcnt++; } - mt_det_ctxs_hash = HashTableInit(tcnt * 2, TenantIdHash, TenantIdCompare, TenantIdFree); + HashTable *mt_det_ctxs_hash = + HashTableInit(tcnt * 2, TenantIdHash, TenantIdCompare, TenantIdFree); if (mt_det_ctxs_hash == NULL) { goto error; } @@ -3257,6 +3260,7 @@ static TmEcode DetectEngineThreadCtxInitForMT(ThreadVars *tv, DetectEngineThread break; } + SCMutexUnlock(&master->lock); return TM_ECODE_OK; error: if (map_array != NULL) @@ -3264,6 +3268,7 @@ error: if (mt_det_ctxs_hash != NULL) HashTableFree(mt_det_ctxs_hash); + SCMutexUnlock(&master->lock); return TM_ECODE_FAILED; } @@ -3870,11 +3875,13 @@ DetectEngineCtx *DetectEngineReference(DetectEngineCtx *de_ctx) return de_ctx; } -/** TODO locking? Not needed if this is a one time setting at startup */ -int DetectEngineMultiTenantEnabled(void) +bool DetectEngineMultiTenantEnabled(void) { DetectEngineMasterCtx *master = &g_master_de_ctx; - return (master->multi_tenant_enabled); + SCMutexLock(&master->lock); + bool enabled = master->multi_tenant_enabled; + SCMutexUnlock(&master->lock); + return enabled; } /** \internal diff --git a/src/detect-engine.h b/src/detect-engine.h index 0ba8322415..c778a9d412 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -108,7 +108,7 @@ void DetectEngineDeReference(DetectEngineCtx **de_ctx); int DetectEngineReload(const SCInstance *suri); int DetectEngineEnabled(void); int DetectEngineMTApply(void); -int DetectEngineMultiTenantEnabled(void); +bool DetectEngineMultiTenantEnabled(void); int DetectEngineMultiTenantSetup(const bool unix_socket); int DetectEngineReloadStart(void); -- 2.47.2