-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refs 14322 Refactor SecurityManager synchronization <master> #2682
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Javier Santiago <javiersantiago@eprosima.com>
* Refs #14285: Fixed typo. Updated working directory to be in line with master branch to prevent fuzzhash mismatches due to path changes. Signed-off-by: Javier Santiago <javiersantiago@eprosima.com> * Refs #14285: Adjusted generated file path Signed-off-by: Javier Santiago <javiersantiago@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
…train workaround Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Company <MiguelCompany@eprosima.com>
Signed-off-by: Miguel Company <MiguelCompany@eprosima.com>
MiguelBarro
changed the title
Test/deadlock/securitymanager
Refs 14322 Refactor SecurityManager synchronization
May 18, 2022
MiguelBarro
changed the title
Refs 14322 Refactor SecurityManager synchronization
Refs 14322 Refactor SecurityManager synchronization <master>
May 19, 2022
…ature/tsan/fixes> (#2600) * Refs #14285: Trigger workflow * Refs #14354: Trigger workflows Signed-off-by: Javier Santiago <javiersantiago@eprosima.com> * Refs #14069: Trigger workflow Signed-off-by: Javier Santiago <javiersantiago@eprosima.com> * Refs 14237. Prevent false-positive TSan deadlock report. Signed-off-by: Miguel Barro <miguelbarro@eprosima.com> * Refs #14069: Workflow trigger Signed-off-by: Javier Santiago <javiersantiago@eprosima.com> * Refs #14069: fixing 4134 duplication to trim the table. Signed-off-by: Miguel Barro <miguelbarro@eprosima.com> * Refs 14237. Enforcing BuiltinProtocols proper none discovery handling. Signed-off-by: Miguel Barro <miguelbarro@eprosima.com> Co-authored-by: Javier Santiago <javiersantiago@eprosima.com>
Signed-off-by: Javier Santiago <javiersantiago@eprosima.com>
Signed-off-by: Javier Santiago <javiersantiago@eprosima.com>
Signed-off-by: Javier Santiago <javiersantiago@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguel.barro@live.com> Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
MiguelBarro
force-pushed
the
test/deadlock/securitymanager
branch
from
June 2, 2022 12:31
52fe3cb
to
53ee5b3
Compare
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
@richiprosima Please test mac |
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
Signed-off-by: Miguel Barro <miguelbarro@eprosima.com>
@richiprosima Please test this |
jsan-rt
approved these changes
Jun 6, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
first-to-merge
no-aarch
Skip build & test for aarch64
no-test
Skip CI tests if PR marked with this label
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
For sanitizer CI see #2628
Refactor Guidelines:
What to do with const-use of members and references to the plugins?
init()
which is called from participant constructor.destroy()
which is called from ~SecurityManager() from the participant destructor.discovered_participant
andon_process_handshake
are called from transport threads and leads to a myriad of member calls. The issue here is that destroy is called concurrently with those transport calls and leads to a race.The initial approach was to promote them to smart pointers able to guarantee unique getters and setters see
but this 2014 proposal of an atomic<unique_ptr> had no success. Though on 2017 the standard admitted
__cpp_lib_atomic_shared_ptr (c++20) -> atomic<shared_ptr<T>>
Finally a sentry based approach was favoured. The sentry requirements are:
nullptr
checking.SecurityManager::destroy()
method should wait till all the transport driven calls are done.Note that all methods call from
destroy()
must be sentry free to allow their execution.Note also that the
destroy()
must always called from a sentry free stack.Collections must follow C++ const conventions. For example:
in C++ philosophy this implies that the collection elements are like members and cannot be modified from
SecurityManager
const methods. This obviously doesn't fit in the actual use of them. Enconding/decoding operations should be const for the SecurityManager because it doesn't change its state but these members state. I'm going to promote them to:Promote current mutex to
shared_mutex
. The write lock to protect changes on members (like collections update) and references (new
/delete
).Collection members update must resort to their own sync methods. This was the premise before seeing how
DiscoveredParticipantInfo
guarantees atomical update of itsAuthenticationInfo
members by usingunique_ptr<>
inthe getters and setters (though the getters and setters must use another sync mechanism).
Note that the previous mutex was recursive. Now care must be taken to avoid reentrancy.
After testing these changes it was detected that the sentry approach cannot prevent data removal due to discovery callbacks.
That is when a participant or endpoint was removed nothing prevent its encoding keys from being removed while other threads were using them to encode/decode a message.
In order to prevent this a new handle strategy was enforced:
Contributor Checklist
versions.md
file (if applicable).Reviewer Checklist