From 8f549c44702051bc96caf3f62ff40ffa00795cd6 Mon Sep 17 00:00:00 2001 From: Walter Boring Date: Fri, 5 Jun 2026 09:54:56 -0400 Subject: [PATCH] [cinder-csi-plugin] Protect OsInstances global map with mutex The OsInstances map is accessed from both CreateOpenStackProvider (write) and GetOpenStackProvider (read) without synchronization. Although current usage is single-threaded at startup, this is a latent data race if the driver is ever accessed concurrently. Add a sync.Mutex to guard read and write access to the OsInstances map, preventing potential concurrent map access panics. Signed-off-by: Walter Boring --- pkg/csi/cinder/openstack/openstack.go | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/pkg/csi/cinder/openstack/openstack.go b/pkg/csi/cinder/openstack/openstack.go index 7402a61fbb..221fa40612 100644 --- a/pkg/csi/cinder/openstack/openstack.go +++ b/pkg/csi/cinder/openstack/openstack.go @@ -21,6 +21,7 @@ import ( "fmt" "net/http" "os" + "sync" "github.com/gophercloud/gophercloud/v2" "github.com/gophercloud/gophercloud/v2/openstack" @@ -147,8 +148,9 @@ func GetConfigFromFiles(configFilePaths []string) (Config, error) { const defaultMaxVolAttachLimit int64 = 256 var ( - OsInstances map[string]IOpenStack - configFiles = []string{"/etc/cloud.conf"} + OsInstances map[string]IOpenStack + osInstancesMu sync.Mutex + configFiles = []string{"/etc/cloud.conf"} ) func InitOpenStackProvider(cfgFiles []string, httpEndpoint string) { @@ -212,7 +214,7 @@ func CreateOpenStackProvider(cloudName string) (IOpenStack, error) { } // Init OpenStack - OsInstances[cloudName] = &OpenStack{ + osInstance := &OpenStack{ compute: computeclient, blockstorage: blockstorageclient, bsOpts: cfg.BlockStorage, @@ -220,21 +222,27 @@ func CreateOpenStackProvider(cloudName string) (IOpenStack, error) { metadataOpts: cfg.Metadata, } - return OsInstances[cloudName], nil + osInstancesMu.Lock() + OsInstances[cloudName] = osInstance + osInstancesMu.Unlock() + + return osInstance, nil } // GetOpenStackProvider returns Openstack Instance func GetOpenStackProvider(cloudName string) (IOpenStack, error) { - OsInstance, OsInstanceDefined := OsInstances[cloudName] - if OsInstanceDefined { - return OsInstance, nil + osInstancesMu.Lock() + osInstance, ok := OsInstances[cloudName] + osInstancesMu.Unlock() + if ok { + return osInstance, nil } - OsInstance, err := CreateOpenStackProvider(cloudName) + osInstance, err := CreateOpenStackProvider(cloudName) if err != nil { return nil, err } - return OsInstance, nil + return osInstance, nil } // GetMetadataOpts returns metadataopts