Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fqdn proxy: fix data race by using separate sessionUDPFactories #28163

Merged
merged 4 commits into from Sep 18, 2023
Merged

fqdn proxy: fix data race by using separate sessionUDPFactories #28163

merged 4 commits into from Sep 18, 2023

Conversation

mhofstetter
Copy link
Member

@mhofstetter mhofstetter commented Sep 14, 2023
edited

PR #25309 introduced a data race by sharing the sessionUDPFactory between the DNS server instances for the different IP families (IPv4 & IPv6). This has been detected by #27979.

This commit fixes the data race by using dedicated instances of the sessionUDPFactory.

In addition the global response UDP connections (IPv4 & IPv6) variables have been replaced with fields in the SessionUDPFactory. This way the connections can already be setup during construction of the factory and the sync.Onces (global vars) can be removed.

Fixes: #28156

@mhofstetter mhofstetter added kind/bug This is a bug in the Cilium logic. area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. release-note/bug This PR fixes an issue in a previous release of Cilium. labels Sep 14, 2023
@mhofstetter
Copy link
Member Author

/test

@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-fqdnproxy-data-race branch from f2ea482 to c222929 Compare September 14, 2023 15:40
@mhofstetter
Copy link
Member Author

/test

@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-fqdnproxy-data-race branch 4 times, most recently from 26642d8 to b4f42da Compare September 15, 2023 09:58
@mhofstetter mhofstetter added the needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch label Sep 15, 2023
@mhofstetter
Copy link
Member Author

/test

@mhofstetter mhofstetter marked this pull request as ready for review September 15, 2023 12:00
@mhofstetter mhofstetter requested review from a team as code owners September 15, 2023 12:00
jrajahalme
jrajahalme reviewed Sep 15, 2023
View reviewed changes
Copy link
Member

@jrajahalme jrajahalme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could simplify a bit by keeping only one conn pointer in the factory.

pkg/fqdn/dnsproxy/udp.go Outdated Show resolved Hide resolved
@mhofstetter
fqdn proxy: fix data race by using separate sessionUDPFactories
e4f7d2d 
PR cilium#25309 introduced a data race by sharing the sessionUDPFactory between the
DNS server instances for the different IP families (IPv4 & IPv6). This has been detected
by cilium#27979.

This commit fixes the data race by using dedicated instances of the sessionUDPFactory.

Fixes: cilium#28156

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter
fqdn proxy: replace global response conn with field in SessionUDPFactory
9fcf541 
This commit replaces the global response UDP connections (IPv4 & IPv6)
variables with fields in the SessionUDPFactory. This way the connections
can already be setup during construction of the factory and the `sync.Once`s
(global vars) can be removed.

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-fqdnproxy-data-race branch from b4f42da to e906486 Compare September 15, 2023 14:09
@mhofstetter
fqdn proxy: binding socketUDPFactory to specific IP family
63f632b 
Historically, the `socketUDPFactory` and the lilsten configuration
supported IPv4 and IPv6 on the same socket.

Since the change to bind the DNS servers to localhost, a server
and socket is created per ip family.

Therefore this commit removes the support for multiple ipfamilies
on the same socket (SocketUDPFactory & listen configuration). This
improves readability quite a lot.

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-fqdnproxy-data-race branch 2 times, most recently from 4eb30a8 to 761ef40 Compare September 15, 2023 14:15
jrajahalme
jrajahalme approved these changes Sep 15, 2023
View reviewed changes
Copy link
Member

@jrajahalme jrajahalme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit I hope you address.

pkg/fqdn/proxy/ipfamily/ipfamily.go Outdated Show resolved Hide resolved
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-fqdnproxy-data-race branch from 761ef40 to 0770a29 Compare September 15, 2023 14:28
@mhofstetter
Copy link
Member Author

/test

pippolo84
pippolo84 reviewed Sep 18, 2023
View reviewed changes
Copy link
Member

@pippolo84 pippolo84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a minor thing related to an error string, apart from that LGTM!

pkg/fqdn/dnsproxy/udp.go Outdated Show resolved Hide resolved
pkg/fqdn/dnsproxy/udp.go Outdated Show resolved Hide resolved
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 18, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 18, 2023
@mhofstetter
fqdn proxy: add transparent socket options to IPFamily struct
cd014c8 
This commit adds the transparent socket options to the IPFamily
struct. This way it can be used in the respective functions.

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-fqdnproxy-data-race branch from 0770a29 to cd014c8 Compare September 18, 2023 12:18
@mhofstetter
Copy link
Member Author

Just a minor thing related to an error string, apart from that LGTM!

Thanks, i adapted the error messages

@mhofstetter mhofstetter removed ready-to-merge This PR has passed all tests and received consensus from code owners to merge. dont-merge/needs-cleanup labels Sep 18, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.14.3 Sep 18, 2023
@mhofstetter
Copy link
Member Author

/test

pippolo84
pippolo84 approved these changes Sep 18, 2023
View reviewed changes
Copy link
Member

@pippolo84 pippolo84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Sep 18, 2023
@aanm aanm merged commit 7c32923 into cilium:main Sep 18, 2023
61 checks passed
@mhofstetter mhofstetter deleted the pr/mhofstetter/fix-fqdnproxy-data-race branch September 18, 2023 14:45
@giorio94 giorio94 mentioned this pull request Sep 26, 2023
Merged
22 tasks
@giorio94 giorio94 added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels Sep 26, 2023
@aanm aanm added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Sep 29, 2023
@jrajahalme jrajahalme moved this from Needs backport from main to Backport done to v1.14 in 1.14.3 Oct 18, 2023
@jrajahalme jrajahalme mentioned this pull request Oct 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pippolo84 pippolo84 pippolo84 approved these changes

@jrajahalme jrajahalme jrajahalme approved these changes

Assignees
No one assigned
Labels
area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.14.3
Backport done to v1.14
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

DATARACE: dns.(*sessionUDPFactory).InitPool()
5 participants
@mhofstetter @pippolo84 @jrajahalme @aanm @giorio94