zrok icon indicating copy to clipboard operation
zrok copied to clipboard

Published 20 hours ago verified publisher icon openziti

Resource Limit Race Condition

Open michaelquigley opened this issue 1 year ago • 1 comments

When creating resources (shares or environments) quickly (programmatically, in a loop) the resource limits are not always correctly enforced.

Naively I would expect that we could fix this pretty simply by way of pessimistic locking (SELECT ... FOR UPDATE), but that isn't supported by SQLite.

So, we're going to need to figure out another locking mechanism that works across both database types.

michaelquigley avatar Apr 05 '23 15:04 michaelquigley

For v0.4, we can (and probably should) conditionally use a different storage implementation for PostgreSQL versus SQLite. The PostgreSQL version can do the SELECT ... FOR UPDATE, and the SQLite version can retain the current behavior. The race condition doesn't really hurt anything beyond allowing programmatic creation of resources beyond the configured limit.

Larger installations (that are more likely to be concerned with enforcing limits) can use PostgreSQL with the better behavior, closing the race condition hole.

michaelquigley avatar May 15 '24 18:05 michaelquigley