Introduce new lock to safeguard concurrent hostagent code

The cache used to store snat policy labels is being accessed by multiple routines, so a new lock is introduced to safely read and write from the map Also, delete two conf files added by mistake in an earlier commit (3c3b56a)
noironetworks · Aug 14, 2021 · 1c2c9c6 · 1c2c9c6
1 parent da289d8
commit 1c2c9c6
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 64 deletions.
diff --git a/pkg/hostagent/01-base.conf b/pkg/hostagent/01-base.conf
diff --git a/pkg/hostagent/10-renderer.conf b/pkg/hostagent/10-renderer.conf
diff --git a/pkg/hostagent/agent.go b/pkg/hostagent/agent.go
@@ -47,6 +47,7 @@ type HostAgent struct {
 
 	indexMutex sync.Mutex
 	ipamMutex  sync.Mutex
+	snatMutex  sync.RWMutex
 
 	opflexEps             map[string][]*opflexEndpoint
 	opflexServices        map[string]*opflexService
@@ -231,6 +232,47 @@ func addPodRoute(ipn types.IPNet, dev string, src string) error {
 	return netlink.RouteAdd(&route)
 }
 
+func (agent *HostAgent) ReadSnatPolicyLabel(key string) (map[string]ResourceType, bool) {
+	agent.snatMutex.RLock()
+	defer agent.snatMutex.RUnlock()
+	value, ok := agent.snatPolicyLabels[key]
+	return value, ok
+}
+
+func (agent *HostAgent) WriteSnatPolicyLabel(key string, policy string, res ResourceType) {
+	agent.snatMutex.Lock()
+	defer agent.snatMutex.Unlock()
+	agent.snatPolicyLabels[key][policy] = res
+}
+
+func (agent *HostAgent) WriteNewSnatPolicyLabel(key string) {
+	agent.snatMutex.Lock()
+	defer agent.snatMutex.Unlock()
+	agent.snatPolicyLabels[key] = make(map[string]ResourceType)
+}
+
+func (agent *HostAgent) DeleteSnatPolicyLabelEntry(key string, policy string) {
+	agent.snatMutex.Lock()
+	defer agent.snatMutex.Unlock()
+	delete(agent.snatPolicyLabels[key], policy)
+}
+
+func (agent *HostAgent) DeleteSnatPolicyLabel(key string) {
+	agent.snatMutex.Lock()
+	defer agent.snatMutex.Unlock()
+	delete(agent.snatPolicyLabels, key)
+}
+
+func (agent *HostAgent) DeleteMatchingSnatPolicyLabel(policy string) {
+	agent.snatMutex.Lock()
+	defer agent.snatMutex.Unlock()
+	for key, v := range agent.snatPolicyLabels {
+		if _, ok := v[policy]; ok {
+			delete(agent.snatPolicyLabels[key], policy)
+		}
+	}
+}
+
 func (agent *HostAgent) Init() {
 	agent.log.Debug("Initializing endpoint CNI metadata")
 	err := md.LoadMetadata(agent.config.CniMetadataDir,

diff --git a/pkg/hostagent/snats.go b/pkg/hostagent/snats.go
@@ -332,9 +332,9 @@ func (agent *HostAgent) handleSnatUpdate(policy *snatpolicy.SnatPolicy) {
 			poduids = append(poduids, uids...)
 			key, err := cache.MetaNamespaceKeyFunc(service)
 			if err == nil {
-				_, ok := agent.snatPolicyLabels[key]
+				_, ok := agent.ReadSnatPolicyLabel(key)
 				if ok && len(policy.Spec.Selector.Labels) > 0 {
-					agent.snatPolicyLabels[key][policy.ObjectMeta.Name] = SERVICE
+					agent.WriteSnatPolicyLabel(key, policy.ObjectMeta.Name, SERVICE)
 				}
 			}
 		}
@@ -374,8 +374,8 @@ func (agent *HostAgent) updateSnatPolicyLabels(obj interface{}, policyname strin
 	uids, res := agent.getPodsMatchingObjet(obj, policyname)
 	if len(uids) > 0 {
 		key, _ := cache.MetaNamespaceKeyFunc(obj)
-		if _, ok := agent.snatPolicyLabels[key]; ok {
-			agent.snatPolicyLabels[key][policyname] = res
+		if _, ok := agent.ReadSnatPolicyLabel(key); ok {
+			agent.WriteSnatPolicyLabel(key, policyname, res)
 		}
 	}
 	return uids
@@ -488,11 +488,7 @@ func (agent *HostAgent) deletePolicy(policy *snatpolicy.SnatPolicy) {
 	delete(agent.snatPods, policy.GetName())
 	agent.log.Info("SnatPolicy deleted update Nodeinfo: ", policy.GetName())
 	agent.scheduleSyncNodeInfo()
-	for key, v := range agent.snatPolicyLabels {
-		if _, ok := v[policy.GetName()]; ok {
-			delete(agent.snatPolicyLabels[key], policy.GetName())
-		}
-	}
+	agent.DeleteMatchingSnatPolicyLabel(policy.GetName())
 	return
 }
 
@@ -1051,9 +1047,9 @@ func (agent *HostAgent) handleObjectUpdateForSnat(obj interface{}) {
 	if err != nil {
 		return
 	}
-	plcynames, ok := agent.snatPolicyLabels[objKey]
+	plcynames, ok := agent.ReadSnatPolicyLabel(objKey)
 	if !ok {
-		agent.snatPolicyLabels[objKey] = make(map[string]ResourceType)
+		agent.WriteNewSnatPolicyLabel(objKey)
 	}
 	sync := false
 	if len(plcynames) == 0 {
@@ -1065,7 +1061,7 @@ func (agent *HostAgent) handleObjectUpdateForSnat(obj interface{}) {
 					agent.applyPolicy(poduids, res, name)
 				} else {
 					agent.applyPolicy(poduids, res, name)
-					agent.snatPolicyLabels[objKey][name] = res
+					agent.WriteSnatPolicyLabel(objKey, name, res)
 				}
 				if len(poduids) > 0 {
 					sync = true
@@ -1085,7 +1081,7 @@ func (agent *HostAgent) handleObjectUpdateForSnat(obj interface{}) {
 					agent.deleteSnatLocalInfo(uid, res, name)
 				}
 				delpodlist = append(delpodlist, poduids...)
-				delete(agent.snatPolicyLabels[objKey], name)
+				agent.DeleteSnatPolicyLabelEntry(objKey, name)
 			}
 			seen[name] = true
 		}
@@ -1100,7 +1096,7 @@ func (agent *HostAgent) handleObjectUpdateForSnat(obj interface{}) {
 			for _, res := range resources {
 				poduids, _ := agent.getPodsMatchingObjet(obj, name)
 				agent.applyPolicy(poduids, res, name)
-				agent.snatPolicyLabels[objKey][name] = res
+				agent.WriteSnatPolicyLabel(objKey, name, res)
 				sync = true
 			}
 		}
@@ -1135,7 +1131,7 @@ func (agent *HostAgent) handleObjectDeleteForSnat(obj interface{}) {
 		podidlist = append(podidlist, poduids...)
 		sync = true
 	}
-	delete(agent.snatPolicyLabels, objKey)
+	agent.DeleteSnatPolicyLabel(objKey)
 	// Delete any Policy entries present for POD
 	if getResourceType(obj) == POD {
 		uid := string(obj.(*v1.Pod).ObjectMeta.UID)