Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2011

Request-side sidecars cannot be safely destroyed on timeout

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Type: Bug
    • Status: Reopened
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: rpc
    • Labels:


      If a timeout occurs while sending a request-side sidecar (see KUDU-1866), the RPC callback may be invoked before the outbound transfer has been completely written.

      This is the last notification from the RPC layer that the caller will get, so you might expect them to delete the sidecar payload at that point, but it's not safe to do so. In fact, with a slow sender there is no way for the caller to know when it's safe to delete the payload. There's no problem for the protobuf message data, as it's serialized during the blocking part of an async call, and that memory is tied to the lifetime of the outbound call, which is managed by the RPC layer.

      Ownership of the sidecar payloads should be shared between caller and the RPC layer, so really it's the new RpcSidecar::FromSlice API that causes the problems because ownership is not shared with the RpcSidecar which does have the correct lifetime. I propose removing FromSlice and having a FromFaststring(shared_ptr<faststring>) variant.


        Issue Links



            • Assignee:
              kwho Michael Ho
              henryr Henry Robinson


              • Created:

                Issue deployment