cherrypick-1.1: util/log: don't panic #19287
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is |
Previously, log.outputLogEntry could panic while holding the log mutex. This would deadlock any goroutine that logged while recovering from the panic, which is approximately all of the recover routines. Most annoyingly, the crash reporter would deadlock, swallowing the cause of the panic. Avoid panicking while holding the log mutex and use l.exit instead, which exists for this very purpose. In the process, enforce the invariant that l.mu is held when l.exit is called. (The previous behavior was, in fact, incorrect, as l.flushAll should not be called without holding l.mu.) Also add a Tcl test to ensure this doesn't break in the future.
benesch
force-pushed
the
1.1-dont-panic
branch
from
b949856
to
f3101eb
Compare
|
Needed to apply the following patch to get tests to pass: diff --git a/pkg/cli/interactive_tests/test_missing_log_output.tcl b/pkg/cli/interactive_tests/test_missing_log_output.tcl
index 58e219737..f1c391c85 100644
--- a/pkg/cli/interactive_tests/test_missing_log_output.tcl
+++ b/pkg/cli/interactive_tests/test_missing_log_output.tcl
@@ -27,7 +27,7 @@ system "grep -F 'log: exiting because of error: write /dev/stderr: broken pipe'
end_test
start_test "Check that a broken log file prints a message to stderr."
-send "$argv start -s=path=/dev/null --insecure --logtostderr\r"
+send "$argv start -s=path=logs/db --log-dir=/dev/null --insecure --logtostderr\r"
eexpect "log: exiting because of error: log: cannot create log: open"
eexpect "not a directory"
eexpect ":/# "This is a more sensible test, anyway. I'll send that patch on master. |
|
Never mind; @andreimatei already made the equivalent fix on master. |
bdarnell
approved these changes
Oct 16, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of #17871. Fixes, most likely, #19202.
cc @cockroachdb/release
Previously, log.outputLogEntry could panic while holding the log mutex.
This would deadlock any goroutine that logged while recovering from the
panic, which is approximately all of the recover routines. Most
annoyingly, the crash reporter would deadlock, swallowing the cause of
the panic.
Avoid panicking while holding the log mutex and use l.exit instead,
which exists for this very purpose. In the process, enforce the
invariant that l.mu is held when l.exit is called. (The previous
behavior was, in fact, incorrect, as l.flushAll should not be called
without holding l.mu.)
Also add a Tcl test to ensure this doesn't break in the future.