-
Notifications
You must be signed in to change notification settings - Fork 455
fix(storage): enforce mutual exclusion between Close() and Finalize() in async writers #16211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -115,6 +115,16 @@ class AsyncWriterConnectionBufferedState | |
| future<StatusOr<google::storage::v2::Object>> Finalize( | ||
| storage::WritePayload const& p) { | ||
| std::unique_lock<std::mutex> lk(mu_); | ||
| if (!finalized_future_.valid()) { | ||
| return make_ready_future(StatusOr<google::storage::v2::Object>( | ||
| internal::FailedPreconditionError("Finalize() already called", | ||
| GCP_ERROR_INFO()))); | ||
| } | ||
| if (!closed_future_.valid()) { | ||
| return make_ready_future(StatusOr<google::storage::v2::Object>( | ||
| internal::FailedPreconditionError( | ||
| "Finalize() cannot be called after Close()", GCP_ERROR_INFO()))); | ||
| } | ||
| resend_buffer_.Append(WritePayloadImpl::GetImpl(p)); | ||
| finalize_ = true; | ||
| HandleNewData(std::move(lk), true); | ||
|
|
@@ -124,10 +134,14 @@ class AsyncWriterConnectionBufferedState | |
|
|
||
| future<Status> Close(storage::WritePayload const& p) { | ||
| std::unique_lock<std::mutex> lk(mu_); | ||
| if (close_ || closed_promise_completed_) { | ||
| if (!closed_future_.valid()) { | ||
| return make_ready_future(internal::FailedPreconditionError( | ||
| "Close() already called", GCP_ERROR_INFO())); | ||
| } | ||
| if (!finalized_future_.valid()) { | ||
| return make_ready_future(internal::FailedPreconditionError( | ||
| "Close() cannot be called after Finalize()", GCP_ERROR_INFO())); | ||
| } | ||
|
Comment on lines
+137
to
+144
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There is a race condition here. Using the existing if (close_) {
return make_ready_future(internal::FailedPreconditionError(
"Close() already called", GCP_ERROR_INFO()));
}
if (finalize_) {
return make_ready_future(internal::FailedPreconditionError(
"Close() cannot be called after Finalize()", GCP_ERROR_INFO()));
} |
||
| resend_buffer_.Append(WritePayloadImpl::GetImpl(p)); | ||
| close_ = true; | ||
| // Force flush to drain the buffer first. | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -125,6 +125,16 @@ class AsyncWriterConnectionResumedState | |
| future<StatusOr<google::storage::v2::Object>> Finalize( | ||
| storage::WritePayload const& p) { | ||
| std::unique_lock<std::mutex> lk(mu_); | ||
| if (!finalized_future_.valid()) { | ||
| return make_ready_future(StatusOr<google::storage::v2::Object>( | ||
| internal::FailedPreconditionError("Finalize() already called", | ||
| GCP_ERROR_INFO()))); | ||
| } | ||
| if (!closed_future_.valid()) { | ||
| return make_ready_future(StatusOr<google::storage::v2::Object>( | ||
| internal::FailedPreconditionError( | ||
| "Finalize() cannot be called after Close()", GCP_ERROR_INFO()))); | ||
| } | ||
|
Comment on lines
+128
to
+137
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There is a race condition here. Using the existing if (finalize_) {
return make_ready_future(StatusOr<google::storage::v2::Object>(
internal::FailedPreconditionError("Finalize() already called",
GCP_ERROR_INFO())));
}
if (close_) {
return make_ready_future(StatusOr<google::storage::v2::Object>(
internal::FailedPreconditionError(
"Finalize() cannot be called after Close()", GCP_ERROR_INFO())));
} |
||
| resend_buffer_.Append(WritePayloadImpl::GetImpl(p)); | ||
| finalize_ = true; | ||
| HandleNewData(std::move(lk)); | ||
|
|
@@ -148,10 +158,14 @@ class AsyncWriterConnectionResumedState | |
|
|
||
| future<Status> Close(storage::WritePayload const& p) { | ||
| std::unique_lock<std::mutex> lk(mu_); | ||
| if (close_ || closed_promise_completed_) { | ||
| if (!closed_future_.valid()) { | ||
| return make_ready_future(internal::FailedPreconditionError( | ||
| "Close() already called", GCP_ERROR_INFO())); | ||
| } | ||
| if (!finalized_future_.valid()) { | ||
| return make_ready_future(internal::FailedPreconditionError( | ||
| "Close() cannot be called after Finalize()", GCP_ERROR_INFO())); | ||
| } | ||
|
Comment on lines
+161
to
+168
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There is a race condition here. Using the existing if (close_) {
return make_ready_future(internal::FailedPreconditionError(
"Close() already called", GCP_ERROR_INFO()));
}
if (finalize_) {
return make_ready_future(internal::FailedPreconditionError(
"Close() cannot be called after Finalize()", GCP_ERROR_INFO()));
} |
||
| resend_buffer_.Append(WritePayloadImpl::GetImpl(p)); | ||
| close_ = true; | ||
| // Force flush to drain the buffer first. | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a race condition here.
finalized_future_is only moved out at the very end ofFinalize(). However,HandleNewData()releases the lockmu_before the function returns. If another thread callsFinalize()orClose()concurrently after the lock is released but before the function returns,finalized_future_.valid()will still betrue, allowing the check to be bypassed. This can lead to duplicate execution and returning an invalid/moved-from future.Using the existing
finalize_andclose_boolean flags (which are checked and set under the lock) completely avoids this race condition and is much safer.