net: possible race during I/O driver shutdown #2924
Comments
carllerche
added
C-bug
|
Is someone taking a look at that? Can I ? |
|
Please do! |
zaharidichev
added a commit
to zaharidichev/tokio
that referenced
this issue
Oct 17, 2020
zaharidichev
added a commit
to zaharidichev/tokio
that referenced
this issue
Oct 19, 2020
To avoid IO resources getting registered while the driver is shutting down,`state: AtomicUsize` is introduced. Fixes: tokio-rs#2924
|
I independently discovered this as part of work in #2903; there's also another related race where a readiness future can be created after notifications fire off (but before the |
|
@zaharidichev FYI |
bdonlan
pushed a commit
to bdonlan/tokio
that referenced
this issue
Oct 20, 2020
Previously, there was a race window in which an IO driver shutting down could fail to notify ScheduledIo instances of this state; in particular, notification of outstanding ScheduledIo registrations was driven by `Driver::drop`, but registrations bypass `Driver` and go directly to a `Weak<Inner>`. The `Driver` holds the `Arc<Inner>` keeping `Inner` alive, but it's possible that a new handle could be registered (or a new readiness future created for an existing handle) after the `Driver::drop` handler runs and prior to `Inner` being dropped. This change fixes this in two parts: First, notification of outstanding ScheduledIo handles is pushed down into the drop method of `Inner` instead, and, second, we add state to ScheduledIo to ensure that we remember that the IO driver we're bound to has shut down after the initial shutdown notification, so that subsequent readiness future registrations can immediately return (instead of potentially blocking indefinitely). Fixes: tokio-rs#2924
Merged
|
@bdonlan makes sense. I will close my PR in favor of yours then |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When shutting down the I/O driver, all existing I/O resources should be notified and all subsequent operations error. Any attempt to create a new I/O resource should fail.
There currently is some logic to handle this, but after a quick skim, I believe it may be racy. When polling an I/O resource, first the handle is checked to see if a strong reference to the I/O driver still exists. If one does not, the I/O resource assumes the I/O driver is gone. When the I/O driver shuts down, it wakes all associated I/O resources.
I wonder if an I/O resource is added during the shutdown process if it will get notified of the shutdown or if it will hang indefinitely. I also wonder if the Arc is correctly dropped before the I/O resources are notified.
Ref: https://github.com/tokio-rs/tokio/pull/2919/files#r501433182
The text was updated successfully, but these errors were encountered: