Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1921413: pkg/start: Fix shutdown deadlock when die before getting a leader lock #521

Merged
merged 1 commit into from Feb 25, 2021
Merged

Bug 1921413: pkg/start: Fix shutdown deadlock when die before getting a leader lock #521

merged 1 commit into from Feb 25, 2021

Conversation

wking
Copy link
Member

@wking wking commented Feb 16, 2021

Backporting #519, which we need in 4.7 in addition to #508, which landed in master before 4.7 forked off.

@wking
pkg/start: Fix shutdown deadlock when die before getting a leader lock
4e20989 
a9e075a (pkg/cvo/cvo: Guard Operator.Run goroutine handling from
early cancels, 2021-01-28, openshift#508) made us more robust to situations
where we are canceled after acquiring the leader lock but before we
got into Operator.Run's UntilWithContext.  However, there was still a
bug from cc1921d (pkg/start: Release leader lease on graceful
shutdown, 2020-08-03, openshift#424) where we had not acquired the leader lock
[1].  postMainContext is used for metrics, informers, and the leader
election loop.  We used to only call postMainCancel after reaping the
main goroutine, and obviously that will only work if we've launched
the main goroutine.  This commit adds a new launchedMain to track
that.  If launchedMain is true, we get the old handling.  If
launchedMain is still false when runContext.Done, we now call
postMainCancel without waiting to reap a non-existent main goroutine.

There's also a new postMainCancel when the shutdown timer expires.  I
don't expect us to ever need that, but it protects us from future bugs
like this one.

I've added launchedMain without guarding it behind a lock, and it is
touched by both the main Options.run goroutine and the leader-election
callback.  So there's a racy chance of:

1. Options.run goroutine: runContext canceled, so runContext.Done() matches
2. Leader-election goroutine: Leader lock acquired
3. Options.run goroutine: !launchedMain, so we call postMainCancel()
4. Leader-election goroutine: launchedMain set true
5. Leader-election goroutine: launches the main goroutine via CVO.Run(runContext, ...)

I'm trusting Operator.Run to respect runContext there and not do
anything significant, so the fact that we are already tearing down all
the post-main stuff won't cause problems.  Previous fixes like
a9e075a will help with that.  But there could still be bugs in
Operator.Run.  A lock around launchedMain that avoided calling
Operator.Run when runContext was already done would protect against
that, but seems like overkill in an already complicated goroutine
tangle.  Without the lock, we just have to field and fix any future
Operator.Run runContext issues as we find them.

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1927944
@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1921413, which is invalid:

  • expected dependent Bugzilla bug 1927944 to be in one of the following states: MODIFIED, VERIFIED, but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1921413: pkg/start: Fix shutdown deadlock when die before getting a leader lock

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Feb 16, 2021
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2021
@wking
Copy link
Member Author

wking commented Feb 20, 2021

/bugzilla refresh
/retest

@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1921413, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.7.0) matches configured target release for branch (4.7.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1927944 is in the state VERIFIED, which is one of the valid states (MODIFIED, VERIFIED)
  • dependent Bugzilla bug 1927944 targets the "4.8.0" release, which is one of the valid target releases: 4.8.0
  • bug has dependents

In response to this:

/bugzilla refresh
/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Feb 20, 2021
@jottofar
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 22, 2021
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jottofar, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mrunalp mrunalp added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Feb 24, 2021
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit cf0e3d1 into openshift:release-4.7 Feb 25, 2021
@openshift-ci-robot
Copy link
Contributor

@wking: All pull requests linked via external trackers have merged:

Bugzilla bug 1921413 has been moved to the MODIFIED state.

In response to this:

Bug 1921413: pkg/start: Fix shutdown deadlock when die before getting a leader lock

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wking wking deleted the post-main-when-main-never-launched branch February 25, 2021 05:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhinavdahiya abhinavdahiya Awaiting requested review from abhinavdahiya

@LalatenduMohanty LalatenduMohanty Awaiting requested review from LalatenduMohanty

Assignees

@jottofar jottofar

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@wking @openshift-ci-robot @jottofar @openshift-bot @mrunalp @openshift-merge-robot