fix(spanner): early unlock of session pool lock during dumping the tracked session handles to avoid deadlock #5777
Conversation
product-auto-label
bot
added
size: xs
…acked session handles to avoid deadlock
rahul2393
changed the title
spanner/session.go
Outdated
| defer p.mu.Unlock() | ||
| element := p.trackedSessionHandles.Front() | ||
| // NOTE: No need to keep the sessionPool lock since we don't modify it, | ||
| // this will return the snapshot of current elements when error getting sessions |
There was a problem hiding this comment.
trackedSessionHandles could be being modified in different places like here. https://github.com/googleapis/google-cloud-go/blob/spanner/v1.30.0/spanner/session.go#L83
How do we guarantee that we will dump a consistent snapshot of trackedSessionHandles without locking p.mu?
There was a problem hiding this comment.
I think getTrackedSessionHandleStacksLocked is only called when the client gets errGetSessionTimeout, so even if trackedSessionHandles later gets updated as a customer I want to know what happen when errGetSessionTimeout was thrown and not the current snapshot, so I think we should release the lock as soon as we read trackedSessionHandles.Front()
There was a problem hiding this comment.
@codyoss can you please help review this.
There was a problem hiding this comment.
@rahul2393 If I understand correctly, this could print invalid state as stack traces.
Let's say there are the following session handle chains in trackedSessionHandles when the client gets errGetSessionTimeout. And same time, let's say shA was recycled by other goroutine.
shA -> shB -> shC
Then valid state would be either shA -> shB -> shC or shB -> shC depending on timinig.
But if we allow other goroutine to get shA removed from trackedSessionHandles, then the returned value from p.trackedSessionHandles.Front() would loose next pointer as Go's list.List.Remove removes the next pointer from the element. So the stack trace would be just shA for this case.
There was a problem hiding this comment.
you are right, I updated the PR @yfuruyama can you check if its ok
spanner/session.go
Outdated
| @@ -72,7 +72,9 @@ func (sh *sessionHandle) recycle() { | |||
| } | |||
| p := sh.session.pool | |||
| tracked := sh.trackedSessionHandle | |||
| sh.mu.Unlock() | |||
| sh.session.recycle() | |||
There was a problem hiding this comment.
I might be wrong, but is there any possibility that sessionHandle.destory() is called during sh.session.recycle() is being called?
There was a problem hiding this comment.
No, as per my understanding destroy is only called when isSessionNotFoundError is returned from server.
There was a problem hiding this comment.
Do you find any issue with it?
There was a problem hiding this comment.
No, I was just wondering if it's ok to release a lock during sh.session.recycle() call. It looks good to me.
There was a problem hiding this comment.
I think it would be safer and clearer if you would just store sh.session in a local variable s while the lock is still taken, and then after (original) line 80, call s.recycle(). So you get something like:
p := sh.session.pool
tracked := sh.trackedSessionHandle
s := sh.session
sh.session = nil
sh.trackedSessionHandle = nil
sh.checkoutTime = time.Time{}
sh.stack = nil
sh.mu.Unlock()
s.recycle()
rahul2393
added
the
kokoro:force-run
kokoro-team
removed
the
kokoro:force-run
rahul2393
added
the
kokoro:force-run
kokoro-team
removed
the
kokoro:force-run
Fixes #5710.