From c7f1bed882659d6bd5374eca883f5be6c35d2ac8 Mon Sep 17 00:00:00 2001
From: Wade Simmons <wsimmons@slack-corp.com>
Date: Thu, 11 Apr 2024 12:58:25 -0400
Subject: [PATCH 1/2] avoid deadlock in lighthouse queryWorker

If the lighthouse queryWorker tries to grab to call StartHandshake on
a lighthouse vpnIp, we can deadlock on the handshake_manager lock. This
change drops the handshake_manager lock before we send on the lighthouse
queryChan (which could block), and also avoids sending to the channel if
this is a lighthouse IP itself.
---
 handshake_manager.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/handshake_manager.go b/handshake_manager.go
index b14b0fd..241a168 100644
--- a/handshake_manager.go
+++ b/handshake_manager.go
@@ -374,9 +374,9 @@ func (hm *HandshakeManager) GetOrHandshake(vpnIp iputil.VpnIp, cacheCb func(*Han
 // StartHandshake will ensure a handshake is currently being attempted for the provided vpn ip
 func (hm *HandshakeManager) StartHandshake(vpnIp iputil.VpnIp, cacheCb func(*HandshakeHostInfo)) *HostInfo {
 	hm.Lock()
-	defer hm.Unlock()
 
 	if hh, ok := hm.vpnIps[vpnIp]; ok {
+		hm.Unlock()
 		// We are already trying to handshake with this vpn ip
 		if cacheCb != nil {
 			cacheCb(hh)
@@ -421,7 +421,10 @@ func (hm *HandshakeManager) StartHandshake(vpnIp iputil.VpnIp, cacheCb func(*Han
 		}
 	}
 
-	hm.lightHouse.QueryServer(vpnIp)
+	hm.Unlock()
+	if !hm.lightHouse.IsLighthouseIP(vpnIp) {
+		hm.lightHouse.QueryServer(vpnIp)
+	}
 	return hostinfo
 }
 

From 2ff26b261db4f55c34812ce8c7c17b5392bf78e6 Mon Sep 17 00:00:00 2001
From: Wade Simmons <wsimmons@slack-corp.com>
Date: Thu, 11 Apr 2024 13:02:13 -0400
Subject: [PATCH 2/2] need to hold lock during cacheCb

---
 handshake_manager.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/handshake_manager.go b/handshake_manager.go
index 241a168..640227a 100644
--- a/handshake_manager.go
+++ b/handshake_manager.go
@@ -376,11 +376,11 @@ func (hm *HandshakeManager) StartHandshake(vpnIp iputil.VpnIp, cacheCb func(*Han
 	hm.Lock()
 
 	if hh, ok := hm.vpnIps[vpnIp]; ok {
-		hm.Unlock()
 		// We are already trying to handshake with this vpn ip
 		if cacheCb != nil {
 			cacheCb(hh)
 		}
+		hm.Unlock()
 		return hh.hostinfo
 	}
 
@@ -422,9 +422,7 @@ func (hm *HandshakeManager) StartHandshake(vpnIp iputil.VpnIp, cacheCb func(*Han
 	}
 
 	hm.Unlock()
-	if !hm.lightHouse.IsLighthouseIP(vpnIp) {
-		hm.lightHouse.QueryServer(vpnIp)
-	}
+	hm.lightHouse.QueryServer(vpnIp)
 	return hostinfo
 }