-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rados: Make "operation" code comply to pointer passing rules #597
Conversation
1973cc7
to
141421d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My only real specific request is to choose a name that's clear for the current "Poke."
I also wonder if we're going to make a direct call to pointer guard from library code if we should have a bit of "soak time" by merging it after we release rather than immediately before release.
Most everything else seems ok to me.
internal/cutil/ptrguard.go
Outdated
// Poke stores the pinned Go pointer in C memory at cPtr | ||
func (v *PtrGuard) Poke(cPtr CPtr) *PtrGuard { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Poke stores the pinned Go pointer in C memory at cPtr | |
func (v *PtrGuard) Poke(cPtr CPtr) *PtrGuard { | |
// Store the pinned Go pointer into the C memory located at cPtr. | |
func (v *PtrGuard) Store(cPtr CPtr) *PtrGuard { |
I think the above naming would be clearer. I'm not sure if Poke is meant to be a reference to Peek/Poke - but even that seems kind of obscure to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that was the idea (Peek/Poke). But Store
is also fine for me.
rados/write_step.go
Outdated
return &writeStep{ | ||
b: b, | ||
cBuffer: (*C.char)(unsafe.Pointer(&b[0])), | ||
pg: cutil.NewPtrGuard(bufPtr), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this our first hard dependency on ptrgourd? I think that all previous cases were wrapped so that they either copied data or used ptrguard, right?
If so, I'm ok with it in theory but I'm just a tad hesitant to merge it right before we release. Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes you are right, I forgot about our ptrguard tag. I mean, we test it, but it's true, that it's not used in the "field" (that is, CSI) yet. Let's not merge then for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just noticed this comment. Does that mean PRs that would depend on this fix (e.g. #581) are blocked until after December's release?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, the PRs can be merged prior to release. We simply need to discuss our options, some of the work can possibly be split up, for example. In fact I'd prefer to merge as much as possible sooner rather than later Unfortunately, things have been slow due to illnesses and time off. Please continue to ping us on these items so that we don't forget to work on them!
141421d
to
4162b0a
Compare
Following up on this: do you prefer to: Note: I don't think these all need to be done in this pr, just looking for a general idea where you'd like to go with this. I have a preference but I'm not going to tell you (yet). :-) |
@phlogistonjohn Ok, how about this: we switch to ptrguard by default and wait one release cycle, if someone complains. This PR I will split up so that without ptrguard tag the old ("insecure") code is used. I'm not in the mood to build another "safe" shim layer that we will remove after one release again. ;-) |
That sounds OK to me, but I'm a bit unclear on "wait one release cycle, if someone complains". If we enable prtguard by default (soonish) we'll have the remaining october/november period of pre-release "soak time" before the next release in Dec. [1] - what we do if we get reports is contingent on the severity of the report and how many releases it's been enabled IMO |
Sorry, I wasn't clear enough. What I meant was: for the next release we will switch to ptrguard by default, but keep the other code. If until the following release no one complains, we can remove the non-ptrguard code. |
Actually, now that I know a lot more about that whole topic, and given that the pinning API has been accepted, I would address the whole thing differently now: we can assume, that the pinning API will land before the GC becomes "moving". So before the API is there, ptrguard doesn't have to do anything. And as soon as the API is there, it can use it. The only use-case for the current implementation would be, that older versions of go-ceph would still work with some future version of go that might have a moving GC. |
Sure, I agree that it wouldn't make a lot of sense to worry about moving gc a lot given the above. To make things more "actionable" what should we do over the next couple of weeks? Break this PR up into parts, one for the ptrguard stuff and one for the other changes? I also want to unblock PR #581. |
4162b0a
to
ab60ced
Compare
I removed the PtrGuard related changes and just added a TODO comment for later reference. |
Signed-off-by: Sven Anderson <[email protected]>
Signed-off-by: Sven Anderson <[email protected]>
ab60ced
to
8d9865e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM Thanks.
For a little extra context: we discussed this PR earlier today and decided that it would not be the place and time to create a hard dependency on ptrguard given that Go's GC is not a moving GC today.
In #581 we discovered, that we are actually violating the pointer passing rules in some places. For the write buffer of the
writeStep
s this change uses aPtrGuard
, while the return parameters ofGetOmapStep
s are allocated in C memory.Related: #584