Backport of VAULT-4240 time.After() in a select statement can lead to memory...

Backport of VAULT-4240 time.After() in a select statement can lead to memory leak into release/1.9.x (#14824) * backport of commit 4ca1742f10b702265268a936942249f373a544a6 * backport of commit b7067500f381fca0d58af8203eb278050affe552 Co-authored-by: hamid ghaf <hamid@hashicorp.com>

Backport of VAULT-4240 time.After() in a select statement can lead to memory...
Backport of VAULT-4240 time.After() in a select statement can lead to memory leak into release/1.9.x (#14824) * backport of commit 4ca1742f10b702265268a936942249f373a544a6 * backport of commit b7067500f381fca0d58af8203eb278050affe552 Co-authored-by: hamid ghaf <hamid@hashicorp.com>
689e51e0 · hc-github-team-secure-vault-core · GitHub · cbb26e37 · 689e51e0 · 689e51e0
Unverified Commit 689e51e0 authored 3 years ago by hc-github-team-secure-vault-core Committed by GitHub 3 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 21 additions and 3 deletions
+21 -3
--- a/changelog/14814.txt
+++ b/changelog/14814.txt
+```release-note:bug
+core: time.After() used in a select statement can lead to memory leak
+```
--- a/helper/fairshare/jobmanager.go
+++ b/helper/fairshare/jobmanager.go
@@ -265,6 +265,10 @@ func (j *JobManager) assignWork() {
 	j.wg.Add(1)

 	go func() {
+		// ticker is used to prevent memory leak of using time.After in
+		// for - select pattern.
+		ticker := time.NewTicker(50 * time.Millisecond)
+		defer ticker.Stop()
 		for {
 			for {
 				// assign work while there are jobs to distribute
@@ -291,13 +295,14 @@ func (j *JobManager) assignWork() {
 				}
 			}

+			ticker.Reset(50 * time.Millisecond)
 			select {
 			case <-j.quit:
 				j.wg.Done()
 				return
 			case <-j.newWork:
 				// listen for wake-up when an empty job manager has been given work
-			case <-time.After(50 * time.Millisecond):
+			case <-ticker.C:
 				// periodically check if new workers can be assigned. with the
 				// fairsharing worker distribution it can be the case that there
 				// is work waiting, but no queues are eligible for another worker

--- a/physical/raft/raft.go
+++ b/physical/raft/raft.go
@@ -864,11 +864,16 @@ func (b *RaftBackend) SetupCluster(ctx context.Context, opts SetupOpts) error {
 	// StartAsLeader is only set during init, recovery mode, storage migration,
 	// and tests.
 	if opts.StartAsLeader {
+		// ticker is used to prevent memory leak of using time.After in
+		// for - select pattern.
+		ticker := time.NewTicker(10 * time.Millisecond)
+		defer ticker.Stop()
 		for {
 			if raftObj.State() == raft.Leader {
 				break
 			}

+			ticker.Reset(10 * time.Millisecond)
 			select {
 			case <-ctx.Done():
 				future := raftObj.Shutdown()
@@ -877,7 +882,7 @@ func (b *RaftBackend) SetupCluster(ctx context.Context, opts SetupOpts) error {
 				}

 				return errors.New("shutdown while waiting for leadership")
-			case <-time.After(10 * time.Millisecond):
+			case <-ticker.C:
 			}
 		}
 	}

--- a/vault/raft.go
+++ b/vault/raft.go
@@ -481,6 +481,10 @@ func (c *Core) raftTLSRotatePhased(ctx context.Context, logger hclog.Logger, raf
 		defer keyCheckInterval.Stop()

 		var backoff bool
+		// ticker is used to prevent memory leak of using time.After in
+		// for - select pattern.
+		ticker := time.NewTicker(time.Until(nextRotationTime))
+		defer ticker.Stop()
 		for {
 			// If we encountered and error we should try to create the key
 			// again.
@@ -489,13 +493,14 @@ func (c *Core) raftTLSRotatePhased(ctx context.Context, logger hclog.Logger, raf
 				backoff = false
 			}

+			ticker.Reset(time.Until(nextRotationTime))
 			select {
 			case <-keyCheckInterval.C:
 				err := checkCommitted()
 				if err != nil {
 					logger.Error("failed to activate TLS key", "error", err)
 				}
-			case <-time.After(time.Until(nextRotationTime)):
+			case <-ticker.C:
 				// It's time to rotate the keys
 				next, err := rotateKeyring()
 				if err != nil {