Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent memory leak in headers. #252

Merged
merged 3 commits into from
Jun 23, 2021
Merged

Prevent memory leak in headers. #252

merged 3 commits into from
Jun 23, 2021

Conversation

distortedsignal
Copy link
Contributor

Signed-off-by: Tom Kelley distortedsignal@gmail.com

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area outputs

What this PR does / why we need it:

Somebody made a PR that contained a memory leak for most of the outputs in the Falcosidekick. Since the header list was never reset and the output objects are long-lived (they're not recreated for each POST), headers would populate across request boundaries. For most outputs, this would be a major problem. For the Kubeless output, this is a critical problem since an event-id is generated for each event/POST request.

Which issue(s) this PR fixes:

N/A

Special notes for your reviewer:

I'm sorry that this happened, and I'll try not to let it happen again.

@distortedsignal
Prevent memory leak in headers.
28e523b 
Signed-off-by: Tom Kelley <distortedsignal@gmail.com>
@poiana poiana requested review from Issif and leogr June 23, 2021 15:34
@poiana poiana added the size/S label Jun 23, 2021
distortedsignal
distortedsignal commented Jun 23, 2021
View reviewed changes
Makefile Outdated Show resolved Hide resolved
@distortedsignal
Change docker repo back to falcosecurity.
1609720 
Signed-off-by: Tom Kelley <distortedsignal@gmail.com>
@distortedsignal
Make sure that key works the way I want it to.
c45d337 
Signed-off-by: Tom Kelley <distortedsignal@gmail.com>
@Issif Issif added this to In progress in 2.x via automation Jun 23, 2021
@Issif Issif added this to the 2.23.1 milestone Jun 23, 2021
@Issif
Copy link
Member

Issif commented Jun 23, 2021

This a a major issue, I'll review it tonight and release 2.23.1 with your fix if it's OK.

Issif
Issif reviewed Jun 23, 2021
View reviewed changes
Copy link
Member

@Issif Issif left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I quickly red your fix, and I think we should call BasicAuth() function at client init, and not in Post() and that will avoid to add authentication Headers at each Post, wdyt?

@Issif
Copy link
Member

Issif commented Jun 23, 2021
edited

Something like:

	if config.Elasticsearch.HostPort != "" {
		var err error
		elasticsearchClient, err = outputs.NewClient("Elasticsearch", config.Elasticsearch.HostPort+"/"+config.Elasticsearch.Index+"/"+config.Elasticsearch.Type, config.Elasticsearch.MutualTLS, config.Elasticsearch.CheckCert, config, stats, promStats, statsdClient, dogstatsdClient)
		if err != nil {
			config.Elasticsearch.HostPort = ""
		} else {
		    if config.Elasticsearch.Username != "" && config.Elasticsearch.Password != "" {
	      	  elasticsearchClientc.BasicAuth(config.Elasticsearch.Username, config.Elasticsearch.Password)
	        }
			outputs.EnabledOutputs = append(outputs.EnabledOutputs, "Elasticsearch")
		}
	}

@distortedsignal
Copy link
Contributor Author

distortedsignal commented Jun 23, 2021
edited

I quickly red your fix, and I think we should call BasicAuth() function at client init, and not in Post() and that will avoid to add authentication Headers at each Post, wdyt?

I'm not sure that will work. The reason that the old system worked (and didn't leak memory) is that every time there was a POST, the headers object was recreated. This worked because we were adding all the headers in the client.go Post function. Because we are now adding headers to a list and then persisting that list across POST requests, there are some headers that need to be set on a per-request basis. Not resetting that list will leak memory across Post calls. As I said, this is a moderate problem for most outputs, but this is REALLY a problem for the Kubeless output. Because it sets a new event-id for each issue/POST, these will accumulate across request boundaries. So these headers will have to be cleared after each request.

@Issif
Copy link
Member

Issif commented Jun 23, 2021

I quickly red your fix, and I think we should call BasicAuth() function at client init, and not in Post() and that will avoid to add authentication Headers at each Post, wdyt?

I'm not sure that will work. The reason that the old system worked (and didn't leak memory) is that every time there was a POST, the headers object was recreated. This worked because we were adding all the headers in the client.go Post function. Because we are now adding headers to a list and then persisting that list across POST requests, there are some headers that need to be set on a per-request basis. Not resetting that list will leak memory across Post calls. As I said, this is a moderate problem for most outputs, but this is REALLY a problem for the Kubeless output. Because it sets a new event-id for each issue/POST, these will accumulate across request boundaries. So these headers will have to be cleared after each request.

Ok I see, your fix seems the simplest way to do so and without changing too much things

@poiana poiana added the lgtm label Jun 23, 2021
@poiana
Copy link

poiana commented Jun 23, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: distortedsignal, Issif

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link

poiana commented Jun 23, 2021

LGTM label has been added.

Git tree hash: 88e69613d493c0d06ec0a2a78b70db22c959402b

@poiana poiana merged commit 3ea42b1 into falcosecurity:master Jun 23, 2021
2.x automation moved this from In progress to Done Jun 23, 2021
@Issif Issif mentioned this pull request Jun 23, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Issif Issif Issif approved these changes

@leogr leogr Awaiting requested review from leogr

Assignees

@Issif Issif

Labels
approved area/outputs dco-signoff: yes kind/bug Something isn't working lgtm size/S
Projects
Falcosidekick 2.x
Status: Done
2.x
Done
Milestone
2.23.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@distortedsignal @Issif @poiana