incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devdeep Singh <>
Subject Limits set for a resource can be exceeded
Date Wed, 11 Jul 2012 09:50:47 GMT

I observed this issue while looking into how resource limiting works. When a request is placed
to create a resource (instance, volume etc.) the check for resource limits and incrementing
the resource count is done in the following order

1. Check the limits will not be exceeded by the addition of another resource. Raise an exception
if so.
2. Create a db entry for the resource.
3. Increment the resource count.

The check and increment of a resource are not synchronized to be atomic. This can lead to
scenarios where two different requests can successfully check the limits for the same resource
and increment the count beyond the limits on boundary conditions. 

For example: Suppose domain limits for a vm instance is set to 5 and there are already 4 instances
created for the domain. Two requests are placed by two different users of the domain to create
an instance. 
1. User 1 request checks the limit. Verifies that domain limit of 5 will not be exceeded.
2. Similarly User 2 request checks the limit and verifies the domain limit of 5 will not be
exceeded. This is because the first request still hasn't incremented the resource count.
3. Both the requests go ahead and increment the count (to 6) and exceed the limit.

I have observed this issue with instance creation. It may be present at other places too (volumes,
public ips etc.). Before I go ahead and file a bug, I wanted to check if it is a valid concern
or am I missing something.


View raw message