Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent mutations by entry cache callers (spiffe#3215)
Recently, we introduced a change wherein the agents supply an output mask to the server (spiffe#3123) to reduce bandwidth usage. This exposed a bug in the interactions between the SVID API handler and the entry cache. The cache currently returns its owned copy of the entry to callers. This was done for performance reasons.... making a copy of each entry increases memory pressure in one of the hottest codepaths in the server. Due to this behavior however, the SVID handler, when applying the mask to remove fields from the entries before including them in the response, was inadvertently stripping off fields from entries within the cache. This was not only resulting in temporary data loss (e.g. dns names) on the entries (next cache refresh would restore the fields) but could easily become a data race, wherein entries could get mutated by multiple entities at once (since the fields are mutated concurrently without any sort of lock protection). This change updates the cache to clone the entries before returning them to the caller. Although this results in some increase in memory pressure, it is the cleanest, and most robust approach. If the increase in memory pressure turns out to be too much, we can explore other options, though those may come with a large cost in code complexity (e.g. on-demand cloning of shared data structure). Even if we did something cute, the GetAuthorizedEntries RPC is by far the most called RPC in the agent and would need to clone anyway to apply the mask. Fixes: spiffe#3184 Signed-off-by: Andrew Harding <aharding@vmware.com>
- Loading branch information