Fix regression notifying workloads when entry removed #3923
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PR spiffe#2305 fixed spurious notifications of workloads when nothing had changed but unfortunately introduced a regression wherein a workload is no longer notified by the cache when an entry for that workload is removed. The bug is caused by false sharing of the selRem temporary selector set. Previously selRem was used to build the selectors for entries being removed and the the contents of selRem were merged into the single notification. When multiple notification sets were introduced, selRem was added as a notification set. Unfortunately, selRem is cleared while processing entries, causing the notification set to be empty. Existing unit-tests did not catch this because the update that removes the existing entry did not have additional entries to be processed (that would cause selRem to be cleared). This PR fixes the bug by allocating a new selector set to be appended to the notification set instead of using selRem. It also cleans up some selector set usage and adds some additional logic to the unit-test so this condition can be caught in the future. Fixes: spiffe#3922 Signed-off-by: Andrew Harding <[email protected]>
azdagron
requested review from
evan2645,
amartinezfayo,
MarcosDY and
rturner3
as code owners
amartinezfayo
approved these changes
Feb 27, 2023
stevend-uber
pushed a commit
to stevend-uber/spire
that referenced
this pull request
Oct 16, 2023
PR spiffe#2305 fixed spurious notifications of workloads when nothing had changed but unfortunately introduced a regression wherein a workload is no longer notified by the cache when an entry for that workload is removed. The bug is caused by false sharing of the selRem temporary selector set. Previously selRem was used to build the selectors for entries being removed and the the contents of selRem were merged into the single notification. When multiple notification sets were introduced, selRem was added as a notification set. Unfortunately, selRem is cleared while processing entries, causing the notification set to be empty. Existing unit-tests did not catch this because the update that removes the existing entry did not have additional entries to be processed (that would cause selRem to be cleared). This PR fixes the bug by allocating a new selector set to be appended to the notification set instead of using selRem. It also cleans up some selector set usage and adds some additional logic to the unit-test so this condition can be caught in the future. Fixes: spiffe#3922 Signed-off-by: Andrew Harding <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR #2305 fixed spurious notifications of workloads when nothing had changed but unfortunately introduced a regression wherein a workload is no longer notified by the cache when an entry for that workload is removed.
The bug is caused by false sharing of the selRem temporary selector set. Previously selRem was used to build the selectors for entries being removed and the the contents of selRem were merged into the single notification. When multiple notification sets were introduced, selRem was added as a notification set. Unfortunately, selRem is cleared while processing entries, causing the notification set to be empty.
Existing unit-tests did not catch this because the update that removes the existing entry did not have additional entries to be processed (that would cause selRem to be cleared).
This PR fixes the bug by allocating a new selector set to be appended to the notification set instead of using selRem. It also cleans up some selector set usage and adds some additional logic to the unit-test so this condition can be caught in the future.
Fixes: #3922