Skip to content

[cinder-csi-plugin] Protect OsInstances global map with mutex#3123

Open
hemna wants to merge 1 commit into
kubernetes:masterfrom
hemna:fix/os-instances-race-condition
Open

[cinder-csi-plugin] Protect OsInstances global map with mutex#3123
hemna wants to merge 1 commit into
kubernetes:masterfrom
hemna:fix/os-instances-race-condition

Conversation

@hemna
Copy link
Copy Markdown
Contributor

@hemna hemna commented Jun 5, 2026

What this PR does / why we need it:

The OsInstances map is accessed from both CreateOpenStackProvider (write) and GetOpenStackProvider (read) without synchronization. Although current usage is single-threaded at startup, this is a latent data race that would cause a runtime panic (concurrent map read and map write) if the driver is ever accessed concurrently.

This adds a sync.Mutex to guard read and write access to the OsInstances map.

Which issue this PR fixes(if applicable):
fixes #

Special notes for reviewers:
The mutex is intentionally a simple sync.Mutex rather than sync.RWMutex since write contention is negligible (only at startup). The lock is held for the minimum scope needed around map access, not around the full CreateOpenStackProvider call to avoid holding the lock during network I/O.

Release note:

[cinder-csi-plugin] Add mutex protection to OsInstances global map to prevent potential concurrent access panics.

@hemna
[cinder-csi-plugin] Protect OsInstances global map with mutex
8f549c4 
The OsInstances map is accessed from both CreateOpenStackProvider
(write) and GetOpenStackProvider (read) without synchronization.
Although current usage is single-threaded at startup, this is a
latent data race if the driver is ever accessed concurrently.

Add a sync.Mutex to guard read and write access to the OsInstances
map, preventing potential concurrent map access panics.

Signed-off-by: Walter Boring <waboring@hemna.com>
@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Jun 5, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Jun 5, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kayrus for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested review from stephenfin and zetaab June 5, 2026 13:57
@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 5, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Jun 5, 2026

Hi @hemna. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jun 5, 2026
@kayrus
Copy link
Copy Markdown
Contributor

kayrus commented Jun 5, 2026

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenfin stephenfin Awaiting requested review from stephenfin

@zetaab zetaab Awaiting requested review from zetaab

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hemna @k8s-ci-robot @kayrus