Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backports/v1.0: redaction: fix crash related to redaction filters + improve performance #2324

Merged
merged 1 commit into from
Apr 11, 2024
Merged

backports/v1.0: redaction: fix crash related to redaction filters + improve performance #2324

merged 1 commit into from
Apr 11, 2024

Conversation

willfindlay
Copy link
Contributor

[upstream commit: 91012a8]

The previous redaction filters implementation was unsound, as it made modifications to the process object within an event message, but this object was already being shared in the event cache. This caused a data race that in turn resulted in a frequent crash when applying redaction filters on a modest workload. Moreover, the prior implementation was not very performant, since it relied on iterating over all fields in an event message to redact strings. In practice, we only really care about arguments in the majority of use cases.

To address the above issues, we make a small breaking change in how the redaction filters work to focus ONLY on arguments and apply them much earlier in the pipeline. This both fixes the crash and significantly reduces performance impact, while solving the primary use case.

Change the behaviour of redaction filters to fix a critical bug and improve performance.

@willfindlay willfindlay added release-note/breaking-changes release-note/bug This PR fixes an issue in a previous release of Tetragon. labels Apr 11, 2024
@willfindlay willfindlay requested review from a team and mtardy as code owners April 11, 2024 13:24
@willfindlay
redaction: fix crash related to redaction filters + improve performance
692d42a 
[upstream commit: 91012a8]

The previous redaction filters implementation was unsound, as it made modifications to the
process object within an event message, but this object was already being shared in the
event cache. This caused a data race that in turn resulted in a frequent crash when
applying redaction filters on a modest workload. Moreover, the prior implementation was
not very performant, since it relied on iterating over all fields in an event message to
redact strings. In practice, we only really care about arguments in the majority of use
cases.

To address the above issues, we make a small breaking change in how the redaction filters
work to focus ONLY on arguments and apply them much earlier in the pipeline. This both
fixes the crash and significantly reduces performance impact, while solving the primary
use case.

Signed-off-by: William Findlay <[email protected]>
jrfastab
jrfastab approved these changes Apr 11, 2024
View reviewed changes
Copy link
Contributor

@jrfastab jrfastab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

..

@willfindlay willfindlay merged commit 7b9b305 into v1.0 Apr 11, 2024
29 of 30 checks passed
@willfindlay willfindlay deleted the backports/willfindlay/2322 branch April 11, 2024 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrfastab jrfastab jrfastab approved these changes

@mtardy mtardy Awaiting requested review from mtardy mtardy is a code owner

Assignees
No one assigned
Labels
release-note/bug This PR fixes an issue in a previous release of Tetragon.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@willfindlay @jrfastab