Skip to content

server: fix a race in tenant creation#107666

Merged
craig[bot] merged 1 commit intocockroachdb:masterfrom
lidorcarmel:lidor_flaky_tenant_creation
Jul 27, 2023
Merged

server: fix a race in tenant creation#107666
craig[bot] merged 1 commit intocockroachdb:masterfrom
lidorcarmel:lidor_flaky_tenant_creation

Conversation

@lidorcarmel
Copy link
Copy Markdown
Contributor

@lidorcarmel lidorcarmel commented Jul 26, 2023
edited
Loading

Previously, scanTenantsForRunnableServices() was not holding the mutex when SELECTing for the existing tenant names, which means that the following may happen:

  • scanTenantsForRunnableServices() sees that only the system tenant exists
  • createServerEntryLocked() then adds another tenant while holding the mutex
  • scanTenantsForRunnableServices() takes the lock and stops the tenant that was just created because only the system tenant should be alive (which is wrong)

This patch changes scanTenantsForRunnableServices() to take the mutex before SELECTing for the existing tenants in order to avoid the race.

Epic: none
Fixes: #107434
Fixes: #107343
Fixes: #107154

Release note: None

server: fix a race in tenant creation
5ca5703 
Previously, scanTenantsForRunnableServices() was not holding the mutex when
SELECTing for the existing tenant names, which means that the following may
happen:
- scanTenantsForRunnableServices() sees that only the system tenant exists
- createServerEntryLocked() then adds another tenant while holding the mutex
- scanTenantsForRunnableServices() takes the lock and stops the tenant that
  was just created because only the system tenant should be alive (which
  is wrong)

This patch changes scanTenantsForRunnableServices() to take the mutex before
SELECTing for the existing tenants in order to avoid the race.

Epic: none
Fixes: cockroachdb#107434

Release note: None
@lidorcarmel lidorcarmel requested review from a team as code owners July 26, 2023 20:19
@blathers-crl
Copy link
Copy Markdown

blathers-crl bot commented Jul 26, 2023

It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR?

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@cockroach-teamcity
Copy link
Copy Markdown
Member

cockroach-teamcity commented Jul 26, 2023

This change is Reviewable

@lidorcarmel lidorcarmel requested a review from knz July 26, 2023 20:19
@lidorcarmel lidorcarmel added the backport-23.1.x PAST MAINTENANCE SUPPORT: 23.1 patch releases via ER request only label Jul 26, 2023
@stevendanna
Copy link
Copy Markdown
Collaborator

stevendanna commented Jul 27, 2023

Possibly also fixes:

#107343
#107154

knz
knz approved these changes Jul 27, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@knz knz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

@knz knz added the db-cy-23 label Jul 27, 2023
@knz
Copy link
Copy Markdown
Contributor

knz commented Jul 27, 2023

let's merge this - i need it in a different PR too!

bors r+

@craig
Copy link
Copy Markdown
Contributor

craig bot commented Jul 27, 2023

This PR was included in a batch that timed out, it will be automatically retried

@adityamaru
Copy link
Copy Markdown
Contributor

adityamaru commented Jul 27, 2023

Also fixes the following I think:
#107686
#107687

This was referenced Jul 27, 2023
Closed
Closed
@craig
Copy link
Copy Markdown
Contributor

craig bot commented Jul 27, 2023

Build failed (retrying...):

@craig
Copy link
Copy Markdown
Contributor

craig bot commented Jul 27, 2023

Build succeeded:

@craig craig bot merged commit 68e43c8 into cockroachdb:master Jul 27, 2023
@blathers-crl blathers-crl bot mentioned this pull request Jul 27, 2023
Merged
@knz knz mentioned this pull request Jul 28, 2023
Merged
craig bot pushed a commit that referenced this pull request Jul 28, 2023
@xinhaoz @knz
Merge #107820 #107824
c4232a1 
107820: db-console: delete unused vars and enforce eslint rule r=maryliag a=xinhaoz

This commit turns the eslint rule no-unused-vars to errors. It removes all unused vars in the db-console application.

Epic: none

Release note: None

107824: server: prevent deadlocks in server orchestration r=lidorcarmel,andrewbaptist a=knz

Fixes #107564.
Fixes #107791.
Supersedes #107666.

The previous fix in this
area (5ca5703) correctly identified the case where `createServerEntryLocked()` was called concurrently with `scanTenantsForRunnableServices()`, in which case we ran the risk of immediately tearing down the new server because it hadn't be picked up by `getExpectedRunningTenants()`.

However, the fix was incorrect: it was causing the controller mutex to be held through `getExpectedRunningTenants()`, which itself can hang. In that case, a cascading failure could result.

This patch changes the fix (and thus continues to solve the original problem) by ensuring we only look at entries to remove that existed prior to the call to `getExpectedRunningTenants()`. No mutex needs to be held here.

Release note: None
Epic: CRDB-28893

Co-authored-by: Xin Hao Zhang <xzhang@cockroachlabs.com>
Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net>
@blathers-crl blathers-crl bot mentioned this pull request Jul 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@knz knz knz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport-23.1.x PAST MAINTENANCE SUPPORT: 23.1 patch releases via ER request only db-cy-23

Projects

None yet

Milestone

No milestone

5 participants

@lidorcarmel @cockroach-teamcity @stevendanna @knz @adityamaru