[crypto] acme/autocert: fix data race in Manager.createCert

0 views
Skip to first unread message

Gopher Robot (Gerrit)

unread,
Jun 26, 2026, 11:59:26 AM (yesterday) Jun 26
to Daniel McCarney, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Carlos Amedee, Roland Shoemaker, Filippo Valsorda, Neal Patel, Ian Stapleton Cordasco, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com

Gopher Robot submitted the change

Change information

Commit message:
acme/autocert: fix data race in Manager.createCert

Previously Manager.createCert() read state.locked without holding any
lock, while the owner goroutine wrote state.locked = false under the
state's write lock. Concurrent goroutines for the same domain raced on
that field.

We fix the issue by removing the certState.locked field and instead
having Manager.certState() return an additional owner bool computed
under the m.stateMu lock. This allows the Manager.createCert() caller to
know whether it must block on the read lock and return the state handled
by another goroutine, or instead do the work itself and release the
write lock.

A regression unit test is included that fails under -race without the
fix, and passes with the fix in-place.

Fixes golang/go#80119
Change-Id: I0f4c5c98f7e6bcf1ab71a3c0707bb0c7ce73415b
Reviewed-by: Roland Shoemaker <rol...@golang.org>
Reviewed-by: Carlos Amedee <car...@golang.org>
Auto-Submit: Daniel McCarney <dan...@binaryparadox.net>
Files:
  • M acme/autocert/autocert.go
  • M acme/autocert/autocert_test.go
Change size: M
Delta: 2 files changed, 48 insertions(+), 23 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: crypto
Gerrit-Branch: master
Gerrit-Change-Id: I0f4c5c98f7e6bcf1ab71a3c0707bb0c7ce73415b
Gerrit-Change-Number: 793840
Gerrit-PatchSet: 3
Gerrit-Owner: Daniel McCarney <dan...@binaryparadox.net>
Gerrit-Reviewer: Carlos Amedee <car...@golang.org>
Gerrit-Reviewer: Daniel McCarney <dan...@binaryparadox.net>
Gerrit-Reviewer: Filippo Valsorda <fil...@golang.org>
Gerrit-Reviewer: Gopher Robot <go...@golang.org>
Gerrit-Reviewer: Neal Patel <ne...@golang.org>
Gerrit-Reviewer: Roland Shoemaker <rol...@golang.org>
Gerrit-CC: Ian Stapleton Cordasco <graffatc...@gmail.com>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages