)]}'
{"id":"openvpn~1737","triplet_id":"openvpn~master~Ia7894fc360b12c5a0f63fad2abb9bbb1ad9c2bd5","project":"openvpn","branch":"master","attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2026-06-29 00:36:01.000000000","reason":"Reviewer was added"}},"removed_from_attention_set":{},"hashtags":[],"change_id":"Ia7894fc360b12c5a0f63fad2abb9bbb1ad9c2bd5","subject":"dco_linux: read multicast notifications on a dedicated netlink socket","status":"NEW","created":"2026-06-29 00:36:00.000000000","updated":"2026-06-29 00:36:01.000000000","submit_type":"CHERRY_PICK","submittable":false,"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"f15cb5ff42560307093dee4c39e1ec02b438a520","_number":1737,"virtual_id_number":1737,"owner":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-06-29 00:36:01.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2026-06-29 00:36:01.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"}],"messages":[{"id":"369300f59ce2f3b20f61df5b30589d775e6ccd51","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2026-06-29 00:36:00.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1}],"current_revision_number":1,"current_revision":"faaea4c811c3bc93b2121a96b2a4aef893259467","revisions":{"faaea4c811c3bc93b2121a96b2a4aef893259467":{"kind":"REWORK","_number":1,"created":"2026-06-29 00:36:00.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/37/1737/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/37/1737/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/37/1737/1 \u0026\u0026 git checkout -b change-1737 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/37/1737/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/37/1737/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/37/1737/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/37/1737/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/37/1737/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"2b8afc6c685f4e451fd0fa5aa37f18147520dfc1","subject":"openvpnserv: always use W variant of RpcStringFree()"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-29 00:30:51.000000000","tz":120},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2026-06-29 00:33:59.000000000","tz":120},"subject":"dco_linux: read multicast notifications on a dedicated netlink socket","message":"dco_linux: read multicast notifications on a dedicated netlink socket\n\novpn-dco shared a single netlink socket for both synchronous\nrequest/reply transactions (peer create/delete/get, key operations,\nstats) and the asynchronous multicast notification group (peer\ndel/float, key swap). Because every ovpn_nl_msg_send() drains its reply\nwith nl_recvmsgs() on that same socket, a notification queued by the\nkernel could be dispatched re-entrantly in the middle of an unrelated\nrequest/reply: the NL_CB_VALID handler runs ovpn_handle_msg() -\u003e\nmulti_process_incoming_dco() -\u003e multi_close_instance() while the caller\nis still walking an instance collection. For example multi_print_status()\nrefreshes stats with dco_get_peer_stats_multi() and then iterates\nm-\u003ehash, and multi_delete_dup() iterates m-\u003einstances[] while closing\nduplicates; an instance freed underneath either iterator becomes a\nuse-after-free and the server crashes (observed under mass simultaneous\nclient reconnects).\n\nSubscribe the multicast group on a dedicated socket (nl_sock_notify) and\nread it only from dco_read_and_process(), the top-level event-loop point\nwhere closing an instance is safe. The request/reply socket is no longer\na member of the group, so parsing a command or stats reply can never\ndispatch a notification. The event loop now monitors the notification\nsocket; the request/reply socket keeps being drained synchronously by\novpn_nl_msg_send().\n\nChange-Id: Ia7894fc360b12c5a0f63fad2abb9bbb1ad9c2bd5\nGitHub: closes OpenVPN/openvpn#1067\nSigned-off-by: Antonio Quartulli \u003cantonio.quartulli@openvpn.com\u003e\n"},"branch":"refs/heads/master"}},"requirements":[{"status":"NOT_READY","fallback_text":"All required checks must pass","type":"checks_pass"}],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"NOT_READY","labels":[{"label":"Code-Review","status":"NEED"}]},{"rule_name":"checks~ChecksSubmitRule","status":"NOT_READY","requirements":[{"status":"NOT_READY","fallback_text":"All required checks must pass","type":"checks_pass"}]}],"submit_requirements":[{"name":"Code-Review","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX -label:Code-Review\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Code-Review\u003dMAX","-label:Code-Review\u003dMIN"]}},{"name":"checks~ChecksSubmitRule","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"rule:checks~ChecksSubmitRule","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["checks~ChecksSubmitRule"]}}]}
