[v0.23.2] PR #4803: fix(engine): feedback deadlock issues #4804
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR temporarily disables the engine’s feedback mechanism to avoid a deadlock when sending events back into the pipeline.
- Removes the
findingsimport. - Comments out the feedback conversion and send logic with a TODO explaining the deadlock.
Comments suppressed due to low confidence (2)
pkg/signatures/engine/engine.go:152
- There's a duplicated 'to' in this comment ("trying to to send"). Consider removing the extra 'to' for clarity.
// a new event to the feedbacking signature. This would cause a deadlock
pkg/signatures/engine/engine.go:150
- [nitpick] The term "feedbacking signature" is unclear; consider rephrasing to "feedback signature" or "signature receiving feedback" for clarity.
// when the engine was blocked on sending a new event to the feedbacking signature.
geyslan
approved these changes
Jun 23, 2025
NDStrahilevitz
force-pushed
the
backport_23_no_feedback
branch
from
c59f4c4 to
5c806a5
Compare
Feedback from findings back into the rules engine could cause a deadlock. This is because the engine would eventually block on trying to to send a new event to the feedbacking signature. This would cause a deadlock there - propagating back to the engine and pipeline in general. This does not occur in analyze mode - likely due to less stress in that mode. Introduce a mode field to the engine config to allow distinction between tracee-rules, single binary and analyze modes. The feedback logic which is implemented in the engine is only relevant for analyze mode. In single binary mode, we rely on the pipeline to handle the feedback. commit a86e656 (main), cherry-pick
Avoid deadlocks by writing first into a from file channel buffer, then into the engine. commit d71aff0 (main), cherry-pick
NDStrahilevitz
force-pushed
the
backport_23_no_feedback
branch
from
5c806a5 to
d298dfe
Compare
NDStrahilevitz
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1. Explain what the PR does
5fdc7f3 PR #4803: fix(engine):disable feedback
2. Explain how to test it
3. Other comments