@@ -25,60 +25,61 @@ type FileAcquirer interface {
2525
2626// New returns a file cache that will fetch files from a database
2727func New (registerer prometheus.Registerer ,authz rbac.Authorizer )* Cache {
28- return (& Cache {
29- lock : sync.Mutex {},
30- data :make (map [uuid.UUID ]* cacheEntry ),
31- authz :authz ,
32- }).registerMetrics (registerer )
28+ return & Cache {
29+ lock : sync.Mutex {},
30+ data :make (map [uuid.UUID ]* cacheEntry ),
31+ authz :authz ,
32+ cacheMetrics :newCacheMetrics (registerer ),
33+ }
3334}
3435
35- func ( c * Cache ) registerMetrics ( registerer prometheus.Registerer )* Cache {
36+ func newCacheMetrics ( registerer prometheus.Registerer )cacheMetrics {
3637subsystem := "file_cache"
3738f := promauto .With (registerer )
3839
39- c . currentCacheSize = f . NewGauge (prometheus. GaugeOpts {
40- Namespace : "coderd" ,
41- Subsystem : subsystem ,
42- Name : "open_files_size_bytes_current" ,
43- Help :"The current amount of memory of all files currently open in the file cache. " ,
44- })
45-
46- c . totalCacheSize = f . NewCounter (prometheus. CounterOpts {
47- Namespace : "coderd" ,
48- Subsystem : subsystem ,
49- Name : "open_files_size_bytes_total" ,
50- Help :"The total amount of memory ever opened in the file cache. This number never decrements. " ,
51- })
52-
53- c . currentOpenFiles = f . NewGauge (prometheus. GaugeOpts {
54- Namespace : "coderd" ,
55- Subsystem : subsystem ,
56- Name : "open_files_current" ,
57- Help :"The count of unique files currently open in the file cache. " ,
58- })
59-
60- c . totalOpenedFiles = f . NewCounter (prometheus. CounterOpts {
61- Namespace : "coderd" ,
62- Subsystem : subsystem ,
63- Name : "open_files_total" ,
64- Help :"The total count of unique files ever opened in the file cache. " ,
65- })
66-
67- c . currentOpenFileReferences = f . NewGauge (prometheus. GaugeOpts {
68- Namespace : "coderd" ,
69- Subsystem : subsystem ,
70- Name : "open_file_refs_current" ,
71- Help :"The count of file references currently open in the file cache. Multiple references can be held for the same file. " ,
72- })
73-
74- c . totalOpenFileReferences = f . NewCounterVec (prometheus. CounterOpts {
75- Namespace : "coderd" ,
76- Subsystem : subsystem ,
77- Name : "open_file_refs_total" ,
78- Help :"The total number of file references ever opened in the file cache. The 'hit' label indicates if the file was loaded from the cache. " ,
79- }, [] string { " hit" })
80-
81- return c
40+ return cacheMetrics {
41+ currentCacheSize : f . NewGauge (prometheus. GaugeOpts {
42+ Namespace : "coderd" ,
43+ Subsystem : subsystem ,
44+ Name :"open_files_size_bytes_current " ,
45+ Help : "The current amount of memory of all files currently open in the file cache." ,
46+ }),
47+
48+ totalCacheSize : f . NewCounter (prometheus. CounterOpts {
49+ Namespace : "coderd" ,
50+ Subsystem : subsystem ,
51+ Name :"open_files_size_bytes_total " ,
52+ Help : "The total amount of memory ever opened in the file cache. This number never decrements." ,
53+ }),
54+
55+ currentOpenFiles : f . NewGauge (prometheus. GaugeOpts {
56+ Namespace : "coderd" ,
57+ Subsystem : subsystem ,
58+ Name :"open_files_current " ,
59+ Help : "The count of unique files currently open in the file cache." ,
60+ }),
61+
62+ totalOpenedFiles : f . NewCounter (prometheus. CounterOpts {
63+ Namespace : "coderd" ,
64+ Subsystem : subsystem ,
65+ Name :"open_files_total " ,
66+ Help : "The total count of unique files ever opened in the file cache." ,
67+ }),
68+
69+ currentOpenFileReferences : f . NewGauge (prometheus. GaugeOpts {
70+ Namespace : "coderd" ,
71+ Subsystem : subsystem ,
72+ Name :"open_file_refs_current " ,
73+ Help : "The count of file references currently open in the file cache. Multiple references can be held for the same file." ,
74+ }),
75+
76+ totalOpenFileReferences : f . NewCounterVec (prometheus. CounterOpts {
77+ Namespace : "coderd" ,
78+ Subsystem : subsystem ,
79+ Name :"open_file_refs_total " ,
80+ Help : "The total number of file references ever opened in the file cache. The ' hit' label indicates if the file was loaded from the cache." ,
81+ }, [] string { "hit" }),
82+ }
8283}
8384
8485// Cache persists the files for template versions, and is used by dynamic
@@ -106,18 +107,21 @@ type cacheMetrics struct {
106107totalCacheSize prometheus.Counter
107108}
108109
110+ type cacheEntry struct {
111+ // refCount must only be accessed while the cacheEntry lock is held.
112+ lock sync.Mutex
113+ refCount int
114+ value * lazy.ValueWithError [CacheEntryValue ]
115+
116+ close func ()
117+ }
118+
109119type CacheEntryValue struct {
110120fs.FS
111121Object rbac.Object
112122Size int64
113123}
114124
115- type cacheEntry struct {
116- // refCount must only be accessed while the Cache lock is held.
117- refCount int
118- value * lazy.ValueWithError [CacheEntryValue ]
119- }
120-
121125var _ fs.FS = (* CloseFS )(nil )
122126
123127// CloseFS is a wrapper around fs.FS that implements io.Closer. The Close()
@@ -142,93 +146,116 @@ func (c *Cache) Acquire(ctx context.Context, db database.Store, fileID uuid.UUID
142146// mutex has been released, or we would continue to hold the lock until the
143147// entire file has been fetched, which may be slow, and would prevent other
144148// files from being fetched in parallel.
145- it ,err := c .prepare (ctx ,db ,fileID ).Load ()
149+ e := c .prepare (ctx ,db ,fileID )
150+ ev ,err := e .value .Load ()
146151if err != nil {
147- c .release (fileID )
152+ c .purge (fileID )
153+ return nil ,err
154+ }
155+
156+ // We always run the fetch under a system context and actor, so we need to check the caller's
157+ // context manually before returning.
158+
159+ // Check if the caller's context was canceled
160+ if err := ctx .Err ();err != nil {
148161return nil ,err
149162}
150163
164+ // Check that the caller is authorized to access the file
151165subject ,ok := dbauthz .ActorFromContext (ctx )
152166if ! ok {
153167return nil ,dbauthz .ErrNoActor
154168}
155- // Always check the caller can actually read the file.
156- if err := c .authz .Authorize (ctx ,subject ,policy .ActionRead ,it .Object );err != nil {
157- c .release (fileID )
169+ if err := c .authz .Authorize (ctx ,subject ,policy .ActionRead ,ev .Object );err != nil {
170+ e .close ()
158171return nil ,err
159172}
160173
161- var once sync.Once
174+ var closeOnce sync.Once
162175return & CloseFS {
163- FS :it .FS ,
176+ FS :ev .FS ,
164177close :func () {
165178// sync.Once makes the Close() idempotent, so we can call it
166179// multiple times without worrying about double-releasing.
167- once .Do (func () {c .release (fileID ) })
180+ closeOnce .Do (func () {
181+ e .close ()
182+ })
168183},
169184},nil
170185}
171186
172- func (c * Cache )prepare (ctx context.Context ,db database.Store ,fileID uuid.UUID )* lazy. ValueWithError [ CacheEntryValue ] {
187+ func (c * Cache )prepare (ctx context.Context ,db database.Store ,fileID uuid.UUID )* cacheEntry {
173188c .lock .Lock ()
174189defer c .lock .Unlock ()
175190
176191hitLabel := "true"
177192entry ,ok := c .data [fileID ]
178193if ! ok {
179- value := lazy .NewWithError (func () (CacheEntryValue ,error ) {
180- val ,err := fetch (ctx ,db ,fileID )
194+ hitLabel = "false"
181195
182- // Always add to the cache size the bytes of the file loaded.
183- if err == nil {
196+ var releaseOnce sync.Once
197+ entry = & cacheEntry {
198+ refCount :0 ,
199+ value :lazy .NewWithError (func () (CacheEntryValue ,error ) {
200+ val ,err := fetch (db ,fileID )
201+ if err != nil {
202+ // Force future calls to Acquire to trigger a new fetch as soon as
203+ // a fetch has failed, even if references are still held.
204+ delete (c .data ,fileID )
205+ return val ,err
206+ }
207+
208+ // Add the size of the file to the cache size metrics.
184209c .currentCacheSize .Add (float64 (val .Size ))
185210c .totalCacheSize .Add (float64 (val .Size ))
186- }
187211
188- return val ,err
189- })
212+ return val ,err
213+ }),
190214
191- entry = & cacheEntry {
192- value :value ,
193- refCount :0 ,
215+ close :func () {
216+ entry .lock .Lock ()
217+ defer entry .lock .Unlock ()
218+
219+ entry .refCount --
220+ c .currentOpenFileReferences .Dec ()
221+
222+ if entry .refCount == 0 {
223+ releaseOnce .Do (func () {
224+ c .purge (fileID )
225+ })
226+ }
227+ },
194228}
195229c .data [fileID ]= entry
230+
196231c .currentOpenFiles .Inc ()
197232c .totalOpenedFiles .Inc ()
198- hitLabel = "false"
199233}
200234
235+ entry .lock .Lock ()
236+ defer entry .lock .Unlock ()
201237c .currentOpenFileReferences .Inc ()
202238c .totalOpenFileReferences .WithLabelValues (hitLabel ).Inc ()
203239entry .refCount ++
204- return entry . value
240+ return entry
205241}
206242
207- // release decrements the reference count for the given fileID, and frees the
208- // backing data if there are no further references being held.
209- //
210- // release should only be called after a successful call to Acquire using the Release()
211- // method on the returned *CloseFS.
212- func (c * Cache )release (fileID uuid.UUID ) {
243+ // purge immediately removes an entry from the cache. It should be called
244+ func (c * Cache )purge (fileID uuid.UUID ) {
213245c .lock .Lock ()
214246defer c .lock .Unlock ()
215247
216248entry ,ok := c .data [fileID ]
217249if ! ok {
218- // If we land here, it's almost certainly because a bug already happened,
219- // and we're freeing something that's already been freed, or we're calling
220- // this function with an incorrect ID. Should this function return an error?
221- return
222- }
223-
224- c .currentOpenFileReferences .Dec ()
225- entry .refCount --
226- if entry .refCount > 0 {
250+ // If we land here, it's probably because of a fetch attempt that
251+ // resulted in an error, and got purged already. It may also be an
252+ // erroneous extra close, but we can't really distinguish between those
253+ // two cases currently.
227254return
228255}
229256
257+ // Purge the file from the cache.
230258c .currentOpenFiles .Dec ()
231-
232259ev ,err := entry .value .Load ()
233260if err == nil {
234261c .currentCacheSize .Add (- 1 * float64 (ev .Size ))
@@ -246,11 +273,18 @@ func (c *Cache) Count() int {
246273return len (c .data )
247274}
248275
249- func fetch (ctx context.Context ,store database.Store ,fileID uuid.UUID ) (CacheEntryValue ,error ) {
250- // Make sure the read does not fail due to authorization issues.
251- // Authz is checked on the Acquire call, so this is safe.
276+ func fetch (store database.Store ,fileID uuid.UUID ) (CacheEntryValue ,error ) {
277+ // Because many callers can be waiting on the same file fetch concurrently, we
278+ // want to prevent any failures that would cause them all to receive errors
279+ // because the caller who initiated the fetch would fail.
280+ // - We always run the fetch with an uncancelable context, and then check
281+ // context cancellation for each acquirer afterwards.
282+ // - We always run the fetch as a system user, and then check authorization
283+ // for each acquirer afterwards.
284+ // This prevents a canceled context or an unauthorized user from "holding up
285+ // the queue".
252286//nolint:gocritic
253- file ,err := store .GetFileByID (dbauthz .AsFileReader (ctx ),fileID )
287+ file ,err := store .GetFileByID (dbauthz .AsFileReader (context . Background () ),fileID )
254288if err != nil {
255289return CacheEntryValue {},xerrors .Errorf ("failed to read file from database: %w" ,err )
256290}