Fix data race and deadlock in file_integrity module #8027
Conversation
adriansr
force-pushed
the
fix/ab/8009
branch
2 times, most recently
from
9064961
to
e9a75e8
Compare
adriansr
added
in progress
|
|
Auditbeat's file_integrity module had a data race in its recursive watcher implementation for Linux. Was caused by file watches being installed from different goroutines. This patch fixes the problem by moving watch installation to the same goroutine that processes inotify's events, guaranteeing that watches are installed in order, which is necessary for consistence. Fixes elastic#8009
adriansr
added
review
and removed
in progress
| // Launch a separate goroutine to fetch all events that happen while | ||
| // watches are being installed. | ||
| go func() { | ||
| queueC <- r.enqueueEvents(queueDone) |
There was a problem hiding this comment.
When the writer is done with queueC it should be closed.
| defer close(done) | ||
|
|
||
| // Generate a lot of events in parallel to Start() so there is a chance of | ||
| // events arriving before all watched dirs are Add()-ed |
A deadlock is possible in auditbeat's file_integrity module under Windows: When enough events arrive while watches are being installed, the event channel can fill causing the installation of a watch to block. This patch makes sure that events are received while watches are being installed, and at the same time ensures that no event is lost.
|
Regarding the deadlock fix: I wonder if it would be possible to do the watch installation in a goroutine to prevent the deadlock? Something like this in My thinking is that that way, I might be missing something. |
|
@cwurm, that's how I implemented it at first. However, it introduces an inconsistency that will trigger failures in tests, as the test may be performing an action right after |
|
@adriansr Ah, shame. LGTM then. Quick question on the concurrent map write: Would synchronizing read/write methods of |
|
Yes @cwurm, that would have fixed the problem too. I felt it made more sense to confine all the accesses in the same place. |
…y module (#8169) * Install watches in single goroutine (#8009) Auditbeat's file_integrity module had a data race in its recursive watcher implementation for Linux. Was caused by file watches being installed from different goroutines. This patch fixes the problem by moving watch installation to the same goroutine that processes inotify's events, guaranteeing that watches are installed in order, which is necessary for consistence. Fixes #8009 (cherry picked from commit 698cf9c) * Fix deadlock when file integrity monitor is started A deadlock is possible in auditbeat's file_integrity module under Windows: When enough events arrive while watches are being installed, the event channel can fill causing the installation of a watch to block. This patch makes sure that events are received while watches are being installed, and at the same time ensures that no event is lost. (cherry picked from commit 51267b4)
This PR fixes two issues with auditbeat's file_integrity module:
Concurrent map write in [Auditbeat] TestIncludedExcludedFiles fails with race condition #8009
Auditbeat's file_integrity module had a data race in its recursive watcher implementation for Linux. Was caused by file watches being installed from different goroutines.
This patch fixes the problem by moving watch installation to the same goroutine that processes inotify's events, guaranteeing that watches are installed in order, which is necessary for consistence.
deadlock when file integrity monitor is started
A deadlock is possible in auditbeat's file_integrity module under Windows: When enough events arrive while watches are being installed, the event channel can fill causing the installation of a watch to block. This patch makes sure that events are received while watches are being installed, and at the same time ensures that no event is lost.