Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a race condition in mount lookups #28767

Merged
merged 1 commit into from
Oct 24, 2024
Merged

Fix a race condition in mount lookups #28767

merged 1 commit into from
Oct 24, 2024

Conversation

stevendpclark
Copy link
Contributor

Description

When adding the new method MatchingMountAndEntry within #28752, no locks were being acquired which lead to some race conditions on mount creations. This has not made it into any released versions of Vault.

WARNING: DATA RACE
Write at 0x00c000b493f8 by goroutine 4501:
  github.com/armon/go-radix.(*node).addEdge()
      /home/runner/go/pkg/mod/github.com/armon/go-radix@v1.0.0/radix.go:43 +0x3ce
  github.com/armon/go-radix.(*Tree).Insert()
      /home/runner/go/pkg/mod/github.com/armon/go-radix@v1.0.0/radix.go:184 +0x2fd
  github.com/hashicorp/vault/vault.(*Router).Mount()
      /home/runner/work/vault/vault/vault/router.go:239 +0x8b4
  github.com/hashicorp/vault/vault.(*Core).enableCredentialInternal()
      /home/runner/work/vault/vault/vault/auth.go:220 +0x1e26
  github.com/hashicorp/vault/vault.(*Core).enableCredential()
      /home/runner/work/vault/vault/vault/auth.go:69 +0x24cb
  github.com/hashicorp/vault/vault.(*SystemBackend).handleEnableAuth()
      /home/runner/work/vault/vault/vault/logical_system.go:3384 +0x2491
  github.com/hashicorp/vault/vault.(*SystemBackend).handleEnableAuth-fm()

...

Previous read at 0x00c000b493f8 by goroutine 4691:
  github.com/armon/go-radix.(*node).getEdge()
      /home/runner/go/pkg/mod/github.com/armon/go-radix@v1.0.0/radix.go:60 +0x3c
  github.com/armon/go-radix.(*Tree).LongestPrefix()
      /home/runner/go/pkg/mod/github.com/armon/go-radix@v1.0.0/radix.go:395 +0xd5
  github.com/hashicorp/vault/vault.(*Router).matchingMountInternal()
      /home/runner/work/vault/vault/vault/router.go:393 +0xe6
  github.com/hashicorp/vault/vault.(*Router).MatchingMountAndEntry()
      /home/runner/work/vault/vault/vault/router.go:383 +0x131
  github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest()
      /home/runner/work/vault/vault/vault/request_handling.go:632 +0x72

TODO only if you're a HashiCorp employee

  • Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
    to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
    • If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.

@stevendpclark stevendpclark added this to the 1.18.1 milestone Oct 24, 2024
@stevendpclark stevendpclark requested a review from a team October 24, 2024 20:58
@stevendpclark stevendpclark self-assigned this Oct 24, 2024
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Oct 24, 2024
@stevendpclark stevendpclark enabled auto-merge (squash) October 24, 2024 21:00
@github-actions GitHub Actions
Copy link

CI Results:
All Go tests succeeded! ✅

@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@stevendpclark stevendpclark merged commit b4c3326 into main Oct 24, 2024
103 checks passed
@stevendpclark stevendpclark deleted the stevendpclark/fix-race-on-mount-lookup branch October 24, 2024 21:18
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

Assignees

@stevendpclark stevendpclark

Labels
backport/1.18.x hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed pr/no-changelog
Projects
None yet
Milestone
1.18.1
Development

Successfully merging this pull request may close these issues.
2 participants
@stevendpclark @sgmiller