Fix(entryGroups): Prevent deadlock and improve robustness #415
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The service could previously enter a stalled state due to a deadlock in
the `entryGroups` struct, which manages Avahi mDNS registrations.
The deadlock occurred if `avahiServer.EntryGroupNew()` failed. In this
scenario, the `commit` function (called via `defer` in `handleContainer`)
would attempt to operate on a non-existent or nil entry group within
`e.groups[containerID]`. This would cause a panic inside the `commit`
function *before* `e.mutex.Unlock()` was called, leaving the mutex
permanently locked. Subsequent calls to `handleContainer` would then
block indefinitely on this mutex.
This commit addresses the issue by:
1. Making the `commit` function in `entryGroups.get` panic-safe:
* It now defers `e.mutex.Unlock()` to ensure the mutex is always
released when `commit` exits, regardless of internal errors or
panics.
* It checks a flag (set by `get`) indicating whether the Avahi group
was successfully retrieved or created. If not, it avoids operations
on the group, preventing the panic.
2. Ensuring that if `EntryGroupNew()` fails, the failed group is not
added to the internal map, and `get()` returns the error appropriately.
Additionally, this change includes:
- Enhanced debug logging for various Avahi operations in `entry_groups.go`,
`dns.go`, and `container.go` to aid in future diagnostics.
- Unit tests for `entryGroups.get` covering success, `EntryGroupNew`
failure, and different logic paths within the `commit` function.
The investigation into Avahi call timeouts revealed that while the
underlying `godbus` library supports contexts, `go-avahi` does not
currently expose this for per-call timeouts. This is noted for potential
future enhancement if Avahi calls themselves prove to be a source of
prolonged blocking.
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The service could previously enter a stalled state due to a deadlock in the
entryGroupsstruct, which manages Avahi mDNS registrations.The deadlock occurred if
avahiServer.EntryGroupNew()failed. In this scenario, thecommitfunction (called viadeferinhandleContainer) would attempt to operate on a non-existent or nil entry group withine.groups[containerID]. This would cause a panic inside thecommitfunction beforee.mutex.Unlock()was called, leaving the mutex permanently locked. Subsequent calls tohandleContainerwould then block indefinitely on this mutex.This commit addresses the issue by:
commitfunction inentryGroups.getpanic-safe:e.mutex.Unlock()to ensure the mutex is alwaysreleased when
commitexits, regardless of internal errors orpanics.
get) indicating whether the Avahi groupwas successfully retrieved or created. If not, it avoids operations
on the group, preventing the panic.
EntryGroupNew()fails, the failed group is notadded to the internal map, and
get()returns the error appropriately.Additionally, this change includes:
entry_groups.go,dns.go, andcontainer.goto aid in future diagnostics.entryGroups.getcovering success,EntryGroupNewfailure, and different logic paths within thecommitfunction.The investigation into Avahi call timeouts revealed that while the underlying
godbuslibrary supports contexts,go-avahidoes not currently expose this for per-call timeouts. This is noted for potential future enhancement if Avahi calls themselves prove to be a source of prolonged blocking.