APF: fix data race in unit tests

[tkashem]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

In support of #114189.

If we wire per handler read/write timeout, then this data race manifests.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[tkashem]

/test pull-kubernetes-e2e-kind

[tkashem]

/test pull-kubernetes-linter-hints

[tkashem]

/test pull-kubernetes-e2e-kind

[tkashem]

Please take a look, this PR is a pre-requisite for #114189
/cc @wojtek-t @sttts

[tkashem]

This is the data race

WARNING: DATA RACE
Read at 0x00c0006fb68f by goroutine 5397:
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter.func2()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness_test.go:796 +0x424
  testing.tRunner()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/testing/testing.go:1595 +0x238
  testing.(*T).Run.func1()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/testing/testing.go:1648 +0x44

Previous write at 0x00c0006fb68f by goroutine 5566:
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter.func2.1()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness_test.go:765 +0x9c
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.(*priorityAndFairnessHandler).Handle.func9()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go:286 +0x141
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol.(*configController).Handle.func2()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go:197 +0x398
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset.(*request).Finish.func1()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go:401 +0x87
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset.(*request).Finish()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go:402 +0x4a
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol.(*configController).Handle()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go:184 +0xcae
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.(*priorityAndFairnessHandler).Handle()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go:289 +0x1441
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.(*priorityAndFairnessHandler).Handle-fm()
      <autogenerated>:1 +0x51
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.newHandlerChain.func1()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness_test.go:1233 +0x349
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP.func1()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/timeout.go:115 +0xcf

Goroutine 5397 (running) created at:
  testing.(*T).Run()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/testing/testing.go:1648 +0x82a
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness_test.go:746 +0x86
  testing.tRunner()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/testing/testing.go:1595 +0x238
  testing.(*T).Run.func1()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/testing/testing.go:1648 +0x44

Goroutine 5566 (running) created at:
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/timeout.go:101 +0x31c
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.newHandlerChain.WithRequestDeadline.withRequestDeadline.func7()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_deadline.go:142 +0x36a
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.newHandlerChain.WithRequestInfo.func4()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/endpoints/filters/requestinfo.go:39 +0x167
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.newHandlerChain.WithPanicRecovery.withPanicRecovery.func8()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters/wrap.go:74 +0x130
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/filters.newHandlerChain.WithAuditInit.withAuditInit.func9()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit_init.go:63 +0x147
  net/http.HandlerFunc.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2136 +0x47
  net/http.serverHandler.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:2938 +0x2a1
  net/http.initALPNRequest.ServeHTTP()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/server.go:3546 +0x35e
  net/http.(*initALPNRequest).ServeHTTP()
      <autogenerated>:1 +0x7b
  net/http.Handler.ServeHTTP-fm()
      <autogenerated>:1 +0x67
  net/http.(*http2serverConn).runHandler()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/h2_bundle.go:6131 +0xe1
  net/http.(*http2serverConn).processHeaders.func2()
      /home/prow/go/src/k8s.io/kubernetes/_output/local/.gimme/versions/go1.21.1.linux.amd64/src/net/http/h2_bundle.go:5845 +0x5d
==================

from https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/114189/pull-kubernetes-unit/1705271966702768128

[wojtek-t]

Hmm - if we had a race before [so something was writing it at the same time when something else was reading], won't this now effectively become flaky [sometimes it will be 1, sometimes something else]?

[tkashem]

we expect the server to write first, and the test to read later (using the client and server timeout). client waits long enough for the server to respond, server timeout = 5s, client timeout = 10s

I have replaced the use of atomic with channel to establish a happens-before relationship, but i guess, in theory the flake still exists - for example, the server is so overloaded that it fails to execute the request handler in time.

[wojtek-t]

I guess my point was slightly different - if we have long-enough time between the timeouts, then why the rate here was happening in the original version?

Either there is enough time in between (and then the original version should work), or there isn't enough time and then with the new code you could be racy too, no?

[tkashem]

here is my observation so far:

• the data race does not manifest with the race detector on, i have tried with stress, no luck so far

$ go test -race k8s.io/apiserver/pkg/server/filters -c
$ stress -p=32 ./filters.test -test.run=TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter
5s: 0 runs so far, 0 failures
10s: 32 runs so far, 0 failures
...
15m30s: 4482 runs so far, 0 failures
15m35s: 4505 runs so far, 0 failures

• with set per handler read/write deadline #114189, when read/write deadline is enabled, this data race manifests.

I wrote a much simpler, but equivalent test with the race present, executed variable being written to by the server filter goroutine, and read by the test goroutine, and if I run this test the data race is detected, but for some reason the same race is not detected in the TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter test.

func TestDataRaceWithServerHandler(t *testing.T) {
	handlerDoneCh, clientDoneCh := make(chan struct{}), make(chan struct{})
	var executed bool
	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		defer close(handlerDoneCh)
		executed = true

		<-clientDoneCh
	})

	server := httptest.NewUnstartedServer(handler)
	defer server.Close()
	server.EnableHTTP2 = true
	server.StartTLS()

	client := server.Client()
	client.Timeout = 5 * time.Second

	func() {
		defer close(clientDoneCh)
		client.Get(server.URL + "/foo")
	}()

	if !executed {
		t.Errorf("expected handler to be executed")
	}
}

due to #114189, net/http will spin up a new goroutine for each request on the server side, which directly returns a stream reset error to the caller. So it brings in two new changes:

• a new goroutne in play (but it does not directly read from or write to the memory)
• it helps the client Get call to complete sooner (before, the response would come to the caller via the timeout filter)

in summary, the writer (test goroutine) writes to the memory location sooner with #114189, but I am not sure why this reduced gap in read-write would manifest the data race.

This PR does two things:

• move both read and write in the same goroutine (move t.Errorf inside the server filter, as it is safe to do so now)
• use channel instead of atomic, this minimizes the chance of a flake.

[cici37]

/triage accepted

[tkashem]

ran a stress test:

$ stress -p=32 ./filters.test -test.run=TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter
5s: 0 runs so far, 0 failures
10s: 32 runs so far, 0 failures
15s: 48 runs so far, 0 failures
...
10m25s: 3010 runs so far, 0 failures
10m30s: 3028 runs so far, 0 failures
10m35s: 3056 runs so far, 0 failures
10m40s: 3079 runs so far, 0 failures

[tkashem]

instead of splitting the read and write into two separate go routines, do the verification inside the handler - t.Errorf is safe to be invoked in separate goroutines

[wojtek-t]

OK - thanks for explanations - that makes sense to me.

/lgtm
/approve

Thanks!

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 5ea50fcd1d880e79669d69eab83eb374615432e8

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tkashem, wojtek-t

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• staging/src/k8s.io/apiserver/OWNERS [wojtek-t]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment