Use shared_ptr for SSL context objects#3754
Conversation
|
@lizan @PiotrSikora Could you help to review it? Thanks. |
|
I thought we discussed changing the context directly with appropriate locking? Why do we need this? Will that not work? |
|
Thanks for pointing that out, will try. Close this for now |
|
@mattklein123 Please look at the comments at #3765. Due to that, I re-open this PR |
|
@qiwzhang yup agreed this is a cleaner approach. We can review this one. |
|
@PiotrSikora @lizan please disregard the mac test failure. This PR is ready for review. |
include/envoy/ssl/context_manager.h
Outdated
There was a problem hiding this comment.
why do you need this in the interface?
There was a problem hiding this comment.
Removed it. Please see my other comment
There was a problem hiding this comment.
update the comment above about rename if we do the rename.
There was a problem hiding this comment.
Reverted it. Please see my other comment
source/common/ssl/ssl_socket.cc
Outdated
There was a problem hiding this comment.
in ~ContextImpl it already calls removeContext, isn't this removing twice? since remove doesn't raise exceptions when there is nothing to remove, you may want to add an ASSERT in removeContext.
There was a problem hiding this comment.
Good point. It was added in the final PR with secret update code to fix some integration test failures. I reverted the changes for now.
|
@mattklein123 @lizan @PiotrSikora This PR is ready for review. PTAL. Thanks |
There was a problem hiding this comment.
nit: make_shared (throughout all news)
source/common/ssl/ssl_socket.cc
Outdated
There was a problem hiding this comment.
Is it possible to make ctx_ as std::shared_ptr<Ssl::ContextImpl> and use std::dynamic_pointer_cast? It will eliminates dynamic_casts below.
There was a problem hiding this comment.
since now contexts are shared_ptr, shouldn't contexts_ be a list of weak_ptr?
There was a problem hiding this comment.
There is not easy way to remove the item in the list after its weak_ptr ref_count is 0. Then there will be weak_ptr leak.
There was a problem hiding this comment.
weak_ptr wouldn't be leaked, actually with a list of weak_ptr we can eliminates the releaseContext logic and erase the weak_ptrs when the weak_ptrs are expired when iterating over them. With dynamic secret there will be more inefficient erase call of list which is O(n), so that might be more efficient. I'm OK to make that as a follow up PR later.
There was a problem hiding this comment.
Done. releaseContext is removed.
test/mocks/ssl/mocks.h
Outdated
There was a problem hiding this comment.
I don't think you need createSslClientContext_ any more because shared_ptr is copyable. You can use MOCK_METHOD2 directly.
lizan
left a comment
lizan
left a comment
There was a problem hiding this comment.
can you take a look on CI failure?
There was a problem hiding this comment.
There was a problem hiding this comment.
since iterateContexts is not const method, consider remove empty context here.
|
@qiwzhang can you merge master and fix tests? |
There was a problem hiding this comment.
I prefer calling removeEmptyContexts instead of inline remove. It will iterate twice but cleaner code.
There was a problem hiding this comment.
Sorry I'm taking back my previous comment, let's not do this since we're removing in each create. shared_lock above is not enough to perform this.
|
@mattklein123 @PiotrSikora Could you help to review this PR? Thanks |
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
LGTM, thanks. 1 question.
There was a problem hiding this comment.
Is this lock needed anymore? I'm pretty sure all operations happen on the main thread now...
There was a problem hiding this comment.
I don't think this PR changed the thread models calling this, no? To minimize risks, I'll defer removing this mutex to #3700.
There was a problem hiding this comment.
I think it did change the thread model. Previously, the lock was only required because IIRC the context was indirectly owned by ClusterInfo, which can be released on any thread. With this change I'm pretty sure that all of the interactions with the context list/map only happen on the main thread, thus the lock is no longer necessary (which is a really nice improvement IMO). If that's the case, I would remove the lock as part of this change as IMO it's a logical part of this change and we can deploy/test it discretely.
There was a problem hiding this comment.
Ah you're right, now when the context is released we're not immediately removing it from contexts_ but wait until next create, which happens in main thread. So we do not need a lock for contexts_ any more. @qiwzhang can you remove this mutex and lock?
|
@qiwzhang please merge master for flake fixes. |
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
4 participants
Description: This is one of PR to support dynamic secret for SDS. The master design is in this PR #3748.
This PR only changes Ssl context to use shared_ptr.
With shared_ptr, existing sockets still work since they are holding ref_count to the old ctx so it will not be deleted.
Risk Level: Low
Testing: all unit tests passed.
Docs Changes: None
Release Notes: None
[Optional Fixes #Issue]
[Optional Deprecated:]