Ruler: protect overrides map with mutex when accessing tenant configs #11601
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This doesn't need to be locked in a fine-grained way because this isn't on the hot path Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
|
Trivy scan found the following vulnerabilities:
|
chaudum
reviewed
Jan 8, 2024
Considered it but I don't really see the value in tracking these minor bugfixes? I can easily be convinced, though. |
IMO, any bugfix should get a changelog entry and should be backported. People who face this issue should be able to see that is been fixed in a certain release. |
Fair point about the backport, didn't consider that; that naturally requires the CHANGELOG entry |
dannykopping
added
type/bug
chaudum
approved these changes
Jan 8, 2024
Co-authored-by: Christian Haudum <christian.haudum@gmail.com>
grafanabot
pushed a commit
that referenced
this pull request
Jan 8, 2024
…#11601) **What this PR does / why we need it**: A ruler handling many hundreds of rules can provoke a situation where the WAL appender reads & modifies tenant configs concurrently in an unsafe way; this PR protects that with a mutex. **Which issue(s) this PR fixes**: Fixes #11569 (cherry picked from commit cd3cf62)
8 tasks
grafanabot
pushed a commit
that referenced
this pull request
Jan 8, 2024
…#11601) **What this PR does / why we need it**: A ruler handling many hundreds of rules can provoke a situation where the WAL appender reads & modifies tenant configs concurrently in an unsafe way; this PR protects that with a mutex. **Which issue(s) this PR fixes**: Fixes #11569 (cherry picked from commit cd3cf62)
8 tasks
dannykopping
pushed a commit
that referenced
this pull request
Jan 9, 2024
Expands on #11601 **What this PR does / why we need it**: Turns out the previous tests didn't expose all possible causes for data races (another one occurs at https://github.com/grafana/loki/blob/5a55158cc751465846383bc758aa0c169363b292/pkg/ruler/registry.go#L204). Moving the mutex to the calling function adds more safety. **Which issue(s) this PR fixes**: Fixes #11569 Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
grafanabot
pushed a commit
that referenced
this pull request
Jan 19, 2024
Expands on #11601 **What this PR does / why we need it**: Turns out the previous tests didn't expose all possible causes for data races (another one occurs at https://github.com/grafana/loki/blob/5a55158cc751465846383bc758aa0c169363b292/pkg/ruler/registry.go#L204). Moving the mutex to the calling function adds more safety. **Which issue(s) this PR fixes**: Fixes #11569 Signed-off-by: Danny Kopping <danny.kopping@grafana.com> (cherry picked from commit 61a4205)
grafanabot
pushed a commit
that referenced
this pull request
Jan 19, 2024
Expands on #11601 **What this PR does / why we need it**: Turns out the previous tests didn't expose all possible causes for data races (another one occurs at https://github.com/grafana/loki/blob/5a55158cc751465846383bc758aa0c169363b292/pkg/ruler/registry.go#L204). Moving the mutex to the calling function adds more safety. **Which issue(s) this PR fixes**: Fixes #11569 Signed-off-by: Danny Kopping <danny.kopping@grafana.com> (cherry picked from commit 61a4205)
dannykopping
pushed a commit
that referenced
this pull request
Jan 19, 2024
#11714) Backport 61a4205 from #11612 --- Expands on #11601 **What this PR does / why we need it**: Turns out the previous tests didn't expose all possible causes for data races (another one occurs at https://github.com/grafana/loki/blob/5a55158cc751465846383bc758aa0c169363b292/pkg/ruler/registry.go#L204). Moving the mutex to the calling function adds more safety. **Which issue(s) this PR fixes**: Fixes #11569 Co-authored-by: Danny Kopping <danny.kopping@grafana.com>
dannykopping
pushed a commit
that referenced
this pull request
Jan 19, 2024
#11715) Backport 61a4205 from #11612 --- Expands on #11601 **What this PR does / why we need it**: Turns out the previous tests didn't expose all possible causes for data races (another one occurs at https://github.com/grafana/loki/blob/5a55158cc751465846383bc758aa0c169363b292/pkg/ruler/registry.go#L204). Moving the mutex to the calling function adds more safety. **Which issue(s) this PR fixes**: Fixes #11569 Co-authored-by: Danny Kopping <danny.kopping@grafana.com>
rhnasc
pushed a commit
to inloco/loki
that referenced
this pull request
Apr 12, 2024
…grafana#11601) **What this PR does / why we need it**: A ruler handling many hundreds of rules can provoke a situation where the WAL appender reads & modifies tenant configs concurrently in an unsafe way; this PR protects that with a mutex. **Which issue(s) this PR fixes**: Fixes grafana#11569
rhnasc
pushed a commit
to inloco/loki
that referenced
this pull request
Apr 12, 2024
Expands on grafana#11601 **What this PR does / why we need it**: Turns out the previous tests didn't expose all possible causes for data races (another one occurs at https://github.com/grafana/loki/blob/5a55158cc751465846383bc758aa0c169363b292/pkg/ruler/registry.go#L204). Moving the mutex to the calling function adds more safety. **Which issue(s) this PR fixes**: Fixes grafana#11569 Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
A ruler handling many hundreds of rules can provoke a situation where the WAL appender reads & modifies tenant configs concurrently in an unsafe way; this PR protects that with a mutex.
Which issue(s) this PR fixes:
Fixes #11569
Special notes for your reviewer:
This doesn't need to be locked in a fine-grained way because this isn't on the hot path.
Checklist
CONTRIBUTING.mdguide (required)CHANGELOG.mdupdatedadd-to-release-noteslabeldocs/sources/setup/upgrade/_index.mdproduction/helm/loki/Chart.yamland updateproduction/helm/loki/CHANGELOG.mdandproduction/helm/loki/README.md. Example PRdeprecated-config.yamlanddeleted-config.yamlfiles respectively in thetools/deprecated-config-checkerdirectory. Example PR