Race condition in bundle plugin #6849
Assignees
Labels
Comments
This was referenced Jul 4, 2024
|
One option would be to use the config mutex in places where the config is accessed. |
|
@ashutosh-narkar that is possible but will be brittle given the number of code sites and entry points, we might worsen the situation by introducing deadlocks. We could change it to a RW Lock which would make it easier to control. Wdyt? |
|
Sure. That should be fine. |
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 8, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugins occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 8, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugins occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 8, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugin occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 8, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugin occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 13, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugin occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 13, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugin occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Aug 13, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugin occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: open-policy-agent#6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar
added a commit
that referenced
this issue
Aug 14, 2024
This change attempts to fix a race condition that could occur when a reconfiguration on the bundle plugin occurs in parallel with the activation of a downloaded bundle. One scenario where this could occur is when the discovery plugin attempts to reconfigure the bundle plugin and concurrently a bundle gets downloaded and needs to be activated. A reconfig operation will perform a write on the plugin's config. During a bundle activation, the plugin's config is read. Currently we hold a lock when the config is being updated. This change locks the config while reading thereby avoiding the race. Fixes: #6849 Co-authored-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de> Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Short description
We are using OPA v0.65.0 as a library and encountered below race condition while using listeners on bundle plugin status. It seems there is a race between writes from
reconfiguremethod and reads atpersistbundlemethods on bundle plugin configuration.Error trace:
cc: @mjungsbluth
The text was updated successfully, but these errors were encountered: