fix: add mutex lock to snapshot cache OnStreamResponse/OnStreamDeltaResponse#8277
Merged
jukie merged 3 commits intoenvoyproxy:mainfrom Feb 19, 2026
Merged
Conversation
…esponse OnStreamResponse and OnStreamDeltaResponse read from s.streamIDNodeInfo without holding the mutex, while other callbacks write to this map under the lock. This is a data race that can crash the control plane with "fatal error: concurrent map read and map write". Fixes envoyproxy#8276 Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca>
✅ Deploy Preview for cerulean-figolla-1f9435 canceled.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8277 +/- ##
==========================================
+ Coverage 73.58% 73.66% +0.07%
==========================================
Files 242 242
Lines 37003 37007 +4
==========================================
+ Hits 27228 27260 +32
+ Misses 7856 7826 -30
- Partials 1919 1921 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
jukie
reviewed
Feb 16, 2026
|
|
||
| func (s *snapshotCache) OnStreamResponse(_ context.Context, streamID int64, _ *discoveryv3.DiscoveryRequest, _ *discoveryv3.DiscoveryResponse) { | ||
| // No mutex lock required here because no writing to the cache. | ||
| s.mu.Lock() |
Contributor
There was a problem hiding this comment.
Could you elaborate more on why this is necessary?
Contributor
Author
There was a problem hiding this comment.
OnStreamOpen, OnStreamClosed, OnStreamRequest, OnDeltaStreamOpen, and OnDeltaStreamClosed all write to s.streamIDNodeInfo while holding s.mu. But OnStreamResponse and OnStreamDeltaResponse were reading from the same map without any lock.
Adds tests that exercise OnStreamResponse and OnStreamDeltaResponse concurrently with OnStreamOpen/OnDeltaStreamOpen to verify the mutex fix prevents data races on the streamIDNodeInfo map. Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca>
6290ce9 to
3797393
Compare
jukie
approved these changes
Feb 19, 2026
cnvergence
approved these changes
Feb 19, 2026
Contributor
|
/retest |
Inode1
pushed a commit
to Inode1/gateway
that referenced
this pull request
Feb 23, 2026
…esponse (envoyproxy#8277) * fix: add mutex lock to snapshot cache OnStreamResponse/OnStreamDeltaResponse OnStreamResponse and OnStreamDeltaResponse read from s.streamIDNodeInfo without holding the mutex, while other callbacks write to this map under the lock. This is a data race that can crash the control plane with "fatal error: concurrent map read and map write". Fixes envoyproxy#8276 Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca> * test: add concurrent access tests for snapshot cache callbacks Adds tests that exercise OnStreamResponse and OnStreamDeltaResponse concurrently with OnStreamOpen/OnDeltaStreamOpen to verify the mutex fix prevents data races on the streamIDNodeInfo map. Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca> --------- Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca> Co-authored-by: jaffar <keikei.jaffar@mail.utoronto.ca> Co-authored-by: Isaac Wilson <isaac.wilson514@gmail.com>
antonio-mazzini
pushed a commit
to antonio-mazzini/gateway
that referenced
this pull request
Mar 5, 2026
…esponse (envoyproxy#8277) * fix: add mutex lock to snapshot cache OnStreamResponse/OnStreamDeltaResponse OnStreamResponse and OnStreamDeltaResponse read from s.streamIDNodeInfo without holding the mutex, while other callbacks write to this map under the lock. This is a data race that can crash the control plane with "fatal error: concurrent map read and map write". Fixes envoyproxy#8276 Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca> * test: add concurrent access tests for snapshot cache callbacks Adds tests that exercise OnStreamResponse and OnStreamDeltaResponse concurrently with OnStreamOpen/OnDeltaStreamOpen to verify the mutex fix prevents data races on the streamIDNodeInfo map. Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca> --------- Signed-off-by: jaffar <keikei.jaffar@mail.utoronto.ca> Co-authored-by: jaffar <keikei.jaffar@mail.utoronto.ca> Co-authored-by: Isaac Wilson <isaac.wilson514@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OnStreamResponseandOnStreamDeltaResponseread froms.streamIDNodeInfowithout the mutex, causing a data race with concurrent writes fromOnStreamOpen/OnStreamClosed/etc. This can crash the control plane under concurrent xDS traffic.Adds
s.mu.Lock()/s.mu.Unlock()to both functions.Fixes #8276