backport-2.1: pgwire: cancel authentication work when the network connection is closed #36231
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is |
|
Do you mind commenting on where this backport was clean and where you had to make changes? This will need more scrutiny than #36177. |
|
It was not a clean cherry-pick because 2.1 didn't have the kerberos auth method and all the refactorings that happened when that went in. But it wasn't too terrible. |
nvanbenschoten
approved these changes
Apr 4, 2019
There was a problem hiding this comment.
Reviewed 8 of 8 files at r1.
Reviewable status:complete! 1 of 0 LGTMs obtained
andreimatei
force-pushed
the
backport2.1-35776
branch
3 times, most recently
from
85d5cf9
to
897e0f3
Compare
Before this patch we would not react to a pgwire connection closing while we were in the process of authenticating the connection's user. That's bad particularly when authentication is blocked forever because of data unavailability. Before this patch, goroutines blocked on authentication would just leak if the client closed the corresponding connection, leading to OOMs for folks. Generally, we react to connection cancelation: a dedicated goroutine is constantly responsible for reading from the network and canceling the command processor's context if the connection drops. However, authentication was special in that it happened before the connection entered this reader/processor-goroutine mode. Authentication did it's own reading and writing from the net conn. This patch extends authentication to fit into the 2-goroutine model. The conn goroutine takes responsibility for reading all the password information and passing it to an authenticator which runs on the command processing goroutine. As in all other cases, if the connection is dropped, the authenticator's ctx will be canceled. This required abstracting the conn's interaction with the authenticator through an interface. The authenticator's interactions with the connection were already abstracted through an interface for GSS API reasons. That interface is adapted. A "pipe" metaphor is used to model the interactions between the conn and the authenticator. Release note: bug fix: memory and goroutines used for authenticating connections opened while the cluster is unavailable (e.g. network partition) no longer leak when the client closes said connections.
andreimatei
force-pushed
the
backport2.1-35776
branch
from
897e0f3
to
4668e1f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
backport of #35776 and #36221
cc @cockroachdb/release
Before this patch we would not react to a pgwire connection closing
while we were in the process of authenticating the connection's user.
That's bad particularly when authentication is blocked forever because
of data unavailability. Before this patch, goroutines blocked on
authentication would just leak if the client closed the corresponding
connection, leading to OOMs for folks.
Generally, we react to connection cancelation: a dedicated goroutine is
constantly responsible for reading from the network and canceling the
command processor's context if the connection drops. However,
authentication was special in that it happened before the connection
entered this reader/processor-goroutine mode. Authentication did it's
own reading and writing from the net conn.
This patch extends authentication to fit into the 2-goroutine model. The
conn goroutine takes responsibility for reading all the password
information and passing it to an authenticator which runs on the command
processing goroutine. As in all other cases, if the connection is
dropped, the authenticator's ctx will be canceled.
This required abstracting the conn's interaction with the authenticator
through an interface. The authenticator's interactions with the
connection were already abstracted through an interface for GSS API
reasons. That interface is adapted. A "pipe" metaphor is used to model
the interactions between the conn and the authenticator.
Release note: bug fix: memory and goroutines used for authenticating
connections opened while the cluster is unavailable (e.g. network
partition) no longer leak when the client closes said connections.