Fix data race in FQDN ruleSyncTracker #5583
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ruleSyncTracker.Run() can update ruleSyncTracker.dirtyRules in-place,
while ruleSyncTracker.getDirtyRules() returns the pointer of the set
which could be read by other goroutines and leads to a data race like
below:
WARNING: DATA RACE
Write at 0x00c000dd8180 by goroutine 276:
runtime.mapdelete_faststr()
/usr/local/go/src/runtime/map_faststr.go:301 +0x0
k8s.io/apimachinery/pkg/util/sets.Set[go.shape.string].Delete()
/root/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/sets/set.go:62 +0x2ae
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*ruleSyncTracker).Run()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:570 +0x1d2
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*fqdnController).runRuleSyncTracker()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:584 +0x4a
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1.4()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:495 +0x44
Previous read at 0x00c000dd8180 by goroutine 271:
reflect.maplen()
/usr/local/go/src/runtime/map.go:1411 +0x0
reflect.Value.lenNonSlice()
/usr/local/go/src/reflect/value.go:1720 +0x324
reflect.Value.Len()
/usr/local/go/src/reflect/value.go:1709 +0x158f
reflect.deepValueEqual()
/usr/local/go/src/reflect/deepequal.go:139 +0x1571
reflect.DeepEqual()
/usr/local/go/src/reflect/deepequal.go:237 +0x38b
github.com/stretchr/testify/assert.ObjectsAreEqual()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:65 +0x172
github.com/stretchr/testify/assert.Equal()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:414 +0x1f7
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:517 +0xb6f
testing.tRunner()
/usr/local/go/src/testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
/usr/local/go/src/testing/testing.go:1648 +0x44
Signed-off-by: Quan Tian <qtian@vmware.com>
tnqn
added
priority/critical-urgent
|
/test-all |
Dyanngg
approved these changes
Oct 16, 2023
antoninbas
approved these changes
Oct 16, 2023
Thanks for the advice. In production the function will only be called in abnormal case (previous packetin not handled succussfullly) so its impact should be trival for now. |
tnqn
added a commit
to luolanzone/antrea
that referenced
this pull request
Oct 17, 2023
ruleSyncTracker.Run() can update ruleSyncTracker.dirtyRules in-place,
while ruleSyncTracker.getDirtyRules() returns the pointer of the set
which could be read by other goroutines and leads to a data race like
below:
WARNING: DATA RACE
Write at 0x00c000dd8180 by goroutine 276:
runtime.mapdelete_faststr()
/usr/local/go/src/runtime/map_faststr.go:301 +0x0
k8s.io/apimachinery/pkg/util/sets.Set[go.shape.string].Delete()
/root/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/sets/set.go:62 +0x2ae
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*ruleSyncTracker).Run()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:570 +0x1d2
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*fqdnController).runRuleSyncTracker()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:584 +0x4a
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1.4()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:495 +0x44
Previous read at 0x00c000dd8180 by goroutine 271:
reflect.maplen()
/usr/local/go/src/runtime/map.go:1411 +0x0
reflect.Value.lenNonSlice()
/usr/local/go/src/reflect/value.go:1720 +0x324
reflect.Value.Len()
/usr/local/go/src/reflect/value.go:1709 +0x158f
reflect.deepValueEqual()
/usr/local/go/src/reflect/deepequal.go:139 +0x1571
reflect.DeepEqual()
/usr/local/go/src/reflect/deepequal.go:237 +0x38b
github.com/stretchr/testify/assert.ObjectsAreEqual()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:65 +0x172
github.com/stretchr/testify/assert.Equal()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:414 +0x1f7
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:517 +0xb6f
testing.tRunner()
/usr/local/go/src/testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
/usr/local/go/src/testing/testing.go:1648 +0x44
Signed-off-by: Quan Tian <qtian@vmware.com>
tnqn
added a commit
to luolanzone/antrea
that referenced
this pull request
Oct 17, 2023
ruleSyncTracker.Run() can update ruleSyncTracker.dirtyRules in-place,
while ruleSyncTracker.getDirtyRules() returns the pointer of the set
which could be read by other goroutines and leads to a data race like
below:
WARNING: DATA RACE
Write at 0x00c000dd8180 by goroutine 276:
runtime.mapdelete_faststr()
/usr/local/go/src/runtime/map_faststr.go:301 +0x0
k8s.io/apimachinery/pkg/util/sets.Set[go.shape.string].Delete()
/root/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/sets/set.go:62 +0x2ae
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*ruleSyncTracker).Run()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:570 +0x1d2
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*fqdnController).runRuleSyncTracker()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:584 +0x4a
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1.4()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:495 +0x44
Previous read at 0x00c000dd8180 by goroutine 271:
reflect.maplen()
/usr/local/go/src/runtime/map.go:1411 +0x0
reflect.Value.lenNonSlice()
/usr/local/go/src/reflect/value.go:1720 +0x324
reflect.Value.Len()
/usr/local/go/src/reflect/value.go:1709 +0x158f
reflect.deepValueEqual()
/usr/local/go/src/reflect/deepequal.go:139 +0x1571
reflect.DeepEqual()
/usr/local/go/src/reflect/deepequal.go:237 +0x38b
github.com/stretchr/testify/assert.ObjectsAreEqual()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:65 +0x172
github.com/stretchr/testify/assert.Equal()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:414 +0x1f7
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:517 +0xb6f
testing.tRunner()
/usr/local/go/src/testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
/usr/local/go/src/testing/testing.go:1648 +0x44
Signed-off-by: Quan Tian <qtian@vmware.com>
tnqn
added a commit
to luolanzone/antrea
that referenced
this pull request
Oct 17, 2023
ruleSyncTracker.Run() can update ruleSyncTracker.dirtyRules in-place,
while ruleSyncTracker.getDirtyRules() returns the pointer of the set
which could be read by other goroutines and leads to a data race like
below:
WARNING: DATA RACE
Write at 0x00c000dd8180 by goroutine 276:
runtime.mapdelete_faststr()
/usr/local/go/src/runtime/map_faststr.go:301 +0x0
k8s.io/apimachinery/pkg/util/sets.Set[go.shape.string].Delete()
/root/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/sets/set.go:62 +0x2ae
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*ruleSyncTracker).Run()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:570 +0x1d2
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*fqdnController).runRuleSyncTracker()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:584 +0x4a
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1.4()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:495 +0x44
Previous read at 0x00c000dd8180 by goroutine 271:
reflect.maplen()
/usr/local/go/src/runtime/map.go:1411 +0x0
reflect.Value.lenNonSlice()
/usr/local/go/src/reflect/value.go:1720 +0x324
reflect.Value.Len()
/usr/local/go/src/reflect/value.go:1709 +0x158f
reflect.deepValueEqual()
/usr/local/go/src/reflect/deepequal.go:139 +0x1571
reflect.DeepEqual()
/usr/local/go/src/reflect/deepequal.go:237 +0x38b
github.com/stretchr/testify/assert.ObjectsAreEqual()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:65 +0x172
github.com/stretchr/testify/assert.Equal()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:414 +0x1f7
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:517 +0xb6f
testing.tRunner()
/usr/local/go/src/testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
/usr/local/go/src/testing/testing.go:1648 +0x44
Signed-off-by: Quan Tian <qtian@vmware.com>
tnqn
added a commit
that referenced
this pull request
Oct 17, 2023
ruleSyncTracker.Run() can update ruleSyncTracker.dirtyRules in-place,
while ruleSyncTracker.getDirtyRules() returns the pointer of the set
which could be read by other goroutines and leads to a data race like
below:
WARNING: DATA RACE
Write at 0x00c000dd8180 by goroutine 276:
runtime.mapdelete_faststr()
/usr/local/go/src/runtime/map_faststr.go:301 +0x0
k8s.io/apimachinery/pkg/util/sets.Set[go.shape.string].Delete()
/root/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/sets/set.go:62 +0x2ae
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*ruleSyncTracker).Run()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:570 +0x1d2
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*fqdnController).runRuleSyncTracker()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:584 +0x4a
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1.4()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:495 +0x44
Previous read at 0x00c000dd8180 by goroutine 271:
reflect.maplen()
/usr/local/go/src/runtime/map.go:1411 +0x0
reflect.Value.lenNonSlice()
/usr/local/go/src/reflect/value.go:1720 +0x324
reflect.Value.Len()
/usr/local/go/src/reflect/value.go:1709 +0x158f
reflect.deepValueEqual()
/usr/local/go/src/reflect/deepequal.go:139 +0x1571
reflect.DeepEqual()
/usr/local/go/src/reflect/deepequal.go:237 +0x38b
github.com/stretchr/testify/assert.ObjectsAreEqual()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:65 +0x172
github.com/stretchr/testify/assert.Equal()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:414 +0x1f7
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:517 +0xb6f
testing.tRunner()
/usr/local/go/src/testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
/usr/local/go/src/testing/testing.go:1648 +0x44
Signed-off-by: Quan Tian <qtian@vmware.com>
tnqn
added a commit
that referenced
this pull request
Oct 17, 2023
ruleSyncTracker.Run() can update ruleSyncTracker.dirtyRules in-place,
while ruleSyncTracker.getDirtyRules() returns the pointer of the set
which could be read by other goroutines and leads to a data race like
below:
WARNING: DATA RACE
Write at 0x00c000dd8180 by goroutine 276:
runtime.mapdelete_faststr()
/usr/local/go/src/runtime/map_faststr.go:301 +0x0
k8s.io/apimachinery/pkg/util/sets.Set[go.shape.string].Delete()
/root/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/sets/set.go:62 +0x2ae
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*ruleSyncTracker).Run()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:570 +0x1d2
antrea.io/antrea/pkg/agent/controller/networkpolicy.(*fqdnController).runRuleSyncTracker()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn.go:584 +0x4a
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1.4()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:495 +0x44
Previous read at 0x00c000dd8180 by goroutine 271:
reflect.maplen()
/usr/local/go/src/runtime/map.go:1411 +0x0
reflect.Value.lenNonSlice()
/usr/local/go/src/reflect/value.go:1720 +0x324
reflect.Value.Len()
/usr/local/go/src/reflect/value.go:1709 +0x158f
reflect.deepValueEqual()
/usr/local/go/src/reflect/deepequal.go:139 +0x1571
reflect.DeepEqual()
/usr/local/go/src/reflect/deepequal.go:237 +0x38b
github.com/stretchr/testify/assert.ObjectsAreEqual()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:65 +0x172
github.com/stretchr/testify/assert.Equal()
/root/go/pkg/mod/github.com/stretchr/testify@v1.8.4/assert/assertions.go:414 +0x1f7
antrea.io/antrea/pkg/agent/controller/networkpolicy.TestSyncDirtyRules.func1()
/root/antrea/pkg/agent/controller/networkpolicy/fqdn_test.go:517 +0xb6f
testing.tRunner()
/usr/local/go/src/testing/testing.go:1595 +0x238
testing.(*T).Run.func1()
/usr/local/go/src/testing/testing.go:1648 +0x44
Signed-off-by: Quan Tian <qtian@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ruleSyncTracker.Run()can updateruleSyncTracker.dirtyRulesin-place, whileruleSyncTracker.getDirtyRules()returns the pointer of the set which could be read by other goroutines and leads to a data race like below:The data race was introduced by #5566 so is not present in releases yet. The patch needs to be backported together with #5566.