Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wireguard: Fix timeout in unit test #16001

Merged
merged 1 commit into from May 6, 2021
Merged

wireguard: Fix timeout in unit test #16001

merged 1 commit into from May 6, 2021

Conversation

gandro
Copy link
Member

@gandro gandro commented May 4, 2021
edited

This commit fixes a deadlock in a unit test which ironically tests for
deadlocks. The unit test in question ensures that the wireguard.Agent
UpdatePeer method does not create a deadlock if a concurrent IPCache
update is performed.

The previous version of this test wanted to ensure this by taking a
read-lock on the IPCache, which would ensure that only UpdatePeer
would make progress (as it also just takes an RLock). However, that
approach could lead to a timeout when ipCache.Upsert was invoked
before wgAgent.UpdatePeer, as due to the FIFO nature of underlying
mutex implementation, UpdatePeer will never obtain an RLock if there
is a waiting writer.

This commit addresses this by taking the wgAgent lock instead. This
means that UpdatePeer will lock the IPCache and then wait for the
wgAgent lock to become available. Any concurrent IPCache updates will
also be blocked until UpdatePeer has finished as before.

This commit also introduces some additional checks to ensure the spawned
go routines have actually been scheduled. This is still best effort, as
there is easy way to ensure that a certain method is blocked on a
particular mutex.

Fixes: #15937

@gandro gandro added area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. release-note/misc This PR makes changes that have no direct user impact. needs-backport/1.10 labels May 4, 2021
@gandro gandro requested a review from a team as a code owner May 4, 2021 12:35
@gandro gandro requested a review from brb May 4, 2021 12:35
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.10.0-rc2 May 4, 2021
@gandro
Copy link
Member Author

gandro commented May 4, 2021

As this PR only touches unit test code, I will not run the full CI, just the Travis and runtime tests.

@gandro gandro force-pushed the pr/gandro/fix-wireguard-tests branch from 7e797e8 to cc4f15c Compare May 4, 2021 12:50
@gandro gandro added kind/bug/CI This is a bug in the testing code. release-note/ci This PR makes changes to the CI. and removed release-note/misc This PR makes changes that have no direct user impact. labels May 4, 2021
@gandro
Copy link
Member Author

gandro commented May 4, 2021

test-runtime

brb
brb approved these changes May 5, 2021
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Just small nit.

pkg/wireguard/agent/agent_test.go Outdated Show resolved Hide resolved
@gandro
wireguard: Fix timeout in unit test
fc3a3a0 
This commit fixes a deadlock in a unit test which ironically tests for
deadlocks. The unit test in question ensures that the `wireguard.Agent`
`UpdatePeer` method does not create a deadlock if a concurrent IPCache
update is performed.

The previous version of this test wanted to ensure this by taking a
read-lock on the IPCache, which would ensure that only `UpdatePeer`
would make progress (as it also just takes an RLock). However, that
approach could lead to a timeout when `ipCache.Upsert` was invoked
before `wgAgent.UpdatePeer`, as due to the FIFO nature of underlying
mutex implementation, `UpdatePeer` will never obtain an `RLock` if there
is a waiting writer.

This commit addresses this by taking the `wgAgent` lock instead. This
means that `UpdatePeer` will lock the IPCache and then wait for the
`wgAgent` lock to become available. Any concurrent IPCache updates will
also be blocked until `UpdatePeer` has finished as before.

This commit also introduces some additional checks to ensure the spawned
go routines have actually been scheduled. This is still best effort, as
there is easy way to ensure that a certain method is blocked on a
particular mutex.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro force-pushed the pr/gandro/fix-wireguard-tests branch from cc4f15c to fc3a3a0 Compare May 5, 2021 10:37
@gandro
Copy link
Member Author

gandro commented May 5, 2021

Travis is green, I'm marking this ready to merge. As mentioned above, this commit only changes unit tests ran by Travis, no impact on Jenkins/GithubActions CI or the Cilium code itself.

@gandro gandro added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 5, 2021
@jrajahalme jrajahalme merged commit 53a9450 into cilium:master May 6, 2021
@brb brb mentioned this pull request May 7, 2021
Merged
@aanm aanm moved this from Needs backport from master to Backport done to v1.10 in 1.10.0-rc2 May 17, 2021
@aanm aanm mentioned this pull request May 17, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

Assignees
No one assigned
Labels
area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. kind/bug/CI This is a bug in the testing code. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/ci This PR makes changes to the CI.
Projects
No open projects
1.10.0-rc2
Backport done to v1.10
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CI: Travis: pkg/wireguard/agent/agent_test.go: TestAgent_PeerConfig
4 participants
@gandro @brb @joestringer @jrajahalme