Fix IDP deadlock due to recursive locking #553
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
While using the IDP server for integration tests, I've experienced a
deadlock after issuing many concurrent requests to the following
endpoints:
- PUT /services/:id
- GET /sso
Apparently, the issue is that the IDP code attempts to acquires locks on
the Server.idpConfigMu recursively:
1. The /sso HTTP handler calls Server.idpConfigMu.RLock()
2. Before releasing the above lock, this same handler eventually calls
s.GetServiceProvider, which in turn attempts to acquire the same lock
by calling Server.idpConfigMu.RLock()
3. Concurrent requests to `PUT /services/:id` acquire a write lock by
calling Server.idpConfigMu.Lock()
Step (2) is a recursive lock, which won't work, as stated by the
documentation of sync.RWLock[1]:
If a goroutine holds a RWMutex for reading and another goroutine
might call Lock, no goroutine should expect to be able to acquire a
read lock until the initial read lock is released. In particular,
this prohibits recursive read locking. This is to ensure that the
lock eventually becomes available; a blocked Lock call excludes new
readers from acquiring the lock.
This patch fixes the issue by removing the unnecessary lock acquired in
step (1). This was redundant since GetServiceProvider() already takes
care of serializing access to the s.serviceProviders map, which is the
resource in question.
[1] https://golang.org/pkg/sync/#RWMutex
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
While using the IDP server for integration tests, I've experienced a deadlock after issuing many concurrent requests to the following endpoints:
PUT /services/:idGET /ssoApparently, the issue is that the IDP code attempts to acquires locks on the Server.idpConfigMu recursively:
Server.idpConfigMu.RLock()s.GetServiceProvider(), which in turn attempts to acquire the same lock by callingServer.idpConfigMu.RLock()PUT /services/:idacquire a write lock by callingServer.idpConfigMu.Lock()Step (2) is a recursive lock, which won't work, as stated by the documentation of sync.RWLock[1]:
This patch fixes the issue by removing the unnecessary lock acquired in step (1). This was redundant since
GetServiceProvider()already takes care of serializing access to thes.serviceProvidersmap, which is the resource in question.[1] https://golang.org/pkg/sync/#RWMutex