wgengine/magicsock: fix magicsock deadlock around Conn.NoteRecvActivity (#16687) (#16696)

Updates #16651 Updates tailscale/corp#30836 (cherry picked from commit a9f3fd1c67ca427aceee708f319a0a12df6a5de8) Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-29 15:23:45 +00:00 · 2025-07-28 19:28:27 -07:00 · 2025-07-28 19:28:27 -07:00 · 50a476fbc4
commit 50a476fbc4
parent 9c7305074a
2 changed files with 6 additions and 2 deletions
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@ -167,7 +167,8 @@ type CapabilityVersion int
 //   - 120: 2025-07-15: Client understands peer relay disco messages, and implements peer client and relay server functions
 //   - 121: 2025-07-19: Client understands peer relay endpoint alloc with [disco.AllocateUDPRelayEndpointRequest] & [disco.AllocateUDPRelayEndpointResponse]
 //   - 122: 2025-07-21: Client sends Hostinfo.ExitNodeID to report which exit node it has selected, if any.
-const CurrentCapabilityVersion CapabilityVersion = 122
+//   - 123: 2025-07-28: fix deadlock regression from cryptokey routing change (issue #16651)
+const CurrentCapabilityVersion CapabilityVersion = 123

 // ID is an integer ID for a user, node, or login allocated by the
 // control plane.
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@ -4119,8 +4119,11 @@ func (le *lazyEndpoint) InitiationMessagePublicKey(peerPublicKey [32]byte) {
 		return
 	}
 	le.c.mu.Lock()
-	defer le.c.mu.Unlock()
 	ep, ok := le.c.peerMap.endpointForNodeKey(pubKey)
+	// [Conn.mu] must not be held while [Conn.noteRecvActivity] is called, which
+	// [endpoint.noteRecvActivity] can end up calling. See
+	// [Options.NoteRecvActivity] docs.
+	le.c.mu.Unlock()
 	if !ok {
 		return
 	}