fix: thread shutdown leaks

Signed-off-by: Alexandre Rulleau <[email protected]>

Author: Leiyks

datadog-ipc/tarpc/src/trace.rs

@@ -22,10 +22,14 @@ use rand::Rng;
 use std::{
     fmt::{self, Formatter},
     num::{NonZeroU128, NonZeroU64},
+    sync::atomic::{AtomicU64, Ordering},
 };
 #[cfg(feature = "opentelemetry")]
 use tracing_opentelemetry::OpenTelemetrySpanExt;
 
+/// Global atomic counter for generating unique span IDs
+static SPAN_ID_COUNTER: AtomicU64 = AtomicU64::new(1);
+
 /// A context for tracing the execution of processes, distributed or otherwise.
 ///
 /// Consists of a span identifying an event, an optional parent span identifying a causal event
@@ -80,9 +84,11 @@ pub enum SamplingDecision {
 impl Context {
     /// Constructs a new context with the trace ID and sampling decision inherited from the parent.
     pub(crate) fn new_child(&self) -> Self {
+        // Use atomic counter instead of rand to avoid TLS allocation
+        let span_id_value = SPAN_ID_COUNTER.fetch_add(1, Ordering::Relaxed);
         Self {
             trace_id: self.trace_id,
-            span_id: SpanId::random(&mut rand::thread_rng()),
+            span_id: SpanId(span_id_value),
             sampling_decision: self.sampling_decision,
         }
     }

datadog-sidecar-ffi/src/lib.rs

@@ -33,7 +33,8 @@ use datadog_sidecar::service::{get_telemetry_action_sender, InternalTelemetryAct
 use datadog_sidecar::shm_remote_config::{path_for_remote_config, RemoteConfigReader};
 #[cfg(unix)]
 use datadog_sidecar::{
-    connect_worker_unix, shutdown_master_listener_unix, start_master_listener_unix,
+    clear_inherited_listener_unix, connect_worker_unix, shutdown_master_listener_unix,
+    start_master_listener_unix,
 };
 #[cfg(windows)]
 use datadog_sidecar::{
@@ -359,6 +360,19 @@ pub extern "C" fn ddog_sidecar_shutdown_master_listener() -> MaybeError {
     MaybeError::None
 }
 
+#[no_mangle]
+pub extern "C" fn ddog_sidecar_clear_inherited_listener() -> MaybeError {
+    #[cfg(unix)]
+    {
+        try_c!(clear_inherited_listener_unix());
+    }
+    #[cfg(windows)]
+    {
+        // Windows doesn't use fork, so no inherited state to clear
+    }
+    MaybeError::None
+}
+
 #[no_mangle]
 pub extern "C" fn ddog_sidecar_ping(transport: &mut Box<SidecarTransport>) -> MaybeError {
     try_c!(blocking::ping(transport));

datadog-sidecar/src/entry.rs

@@ -129,10 +129,12 @@ where
     // Shutdown final sender so the receiver can complete
     drop(shutdown_complete_tx);
 
-    // Await everything else to completion
-    _ = telemetry_handle.await;
+    // Await everything else to completion with timeouts to ensure we don't hang
+    let shutdown_timeout = Duration::from_millis(500);
+
+    _ = tokio::time::timeout(shutdown_timeout, telemetry_handle).await;
     server.shutdown();
-    _ = server.trace_flusher.join().await;
+    _ = tokio::time::timeout(shutdown_timeout, server.trace_flusher.join()).await;
 
     Ok(())
 }
@@ -153,14 +155,9 @@ where
 
     let (listener, cancel) = acquire_listener()?;
 
-    let result = runtime
+    runtime
         .block_on(main_loop(listener, Arc::new(cancel)))
-        .map_err(|e| e.into());
-
-    // Wait 1 second to shut down properly
-    runtime.shutdown_timeout(std::time::Duration::from_secs(1));
-
-    result
+        .map_err(|e| e.into())
 }
 
 pub fn daemonize(listener: IpcServer, mut cfg: Config) -> anyhow::Result<()> {

datadog-sidecar/src/service/queue_id.rs

@@ -1,8 +1,8 @@
 // Copyright 2021-Present Datadog, Inc. https://www.datadoghq.com/
 // SPDX-License-Identifier: Apache-2.0
 
-use rand::Rng;
 use serde::{Deserialize, Serialize};
+use std::sync::atomic::{AtomicU64, Ordering};
 
 /// `QueueId` is a struct that represents a unique identifier for a queue.
 /// It contains a single field, `inner`, which is a 64-bit unsigned integer.
@@ -12,11 +12,15 @@ pub struct QueueId {
     pub(crate) inner: u64,
 }
 
+/// Global atomic counter for generating unique queue IDs
+static QUEUE_ID_COUNTER: AtomicU64 = AtomicU64::new(1);
+
 impl QueueId {
     /// Generates a new unique `QueueId`.
     ///
-    /// This method generates a random 64-bit unsigned integer between 1 (inclusive) and `u64::MAX`
-    /// (exclusive) and uses it as the `inner` value of the new `QueueId`.
+    /// This method uses an atomic counter to generate monotonically increasing
+    /// unique IDs. The counter starts at 1 and increments with each call.
+    /// This approach avoids TLS allocations from random number generators.
     ///
     /// # Examples
     ///
@@ -27,7 +31,7 @@ impl QueueId {
     /// ```
     pub fn new_unique() -> Self {
         Self {
-            inner: rand::thread_rng().gen_range(1u64..u64::MAX),
+            inner: QUEUE_ID_COUNTER.fetch_add(1, Ordering::Relaxed),
         }
     }
 }

datadog-sidecar/src/setup/unix.rs

@@ -1,7 +1,10 @@
 // Copyright 2021-Present Datadog, Inc. https://www.datadoghq.com/
 // SPDX-License-Identifier: Apache-2.0
 
-use std::sync::LazyLock;
+use std::sync::{
+    atomic::{AtomicU16, Ordering},
+    LazyLock,
+};
 use std::{
     env, fs, io,
     os::unix::{
@@ -83,7 +86,10 @@ impl Liaison for SharedDirLiaison {
     }
 
     fn ipc_per_process() -> Self {
-        static PROCESS_RANDOM_ID: LazyLock<u16> = LazyLock::new(rand::random);
+        // Use atomic counter instead of rand::random to avoid TLS allocation
+        static PROCESS_ID_COUNTER: AtomicU16 = AtomicU16::new(1);
+        static PROCESS_RANDOM_ID: LazyLock<u16> =
+            LazyLock::new(|| PROCESS_ID_COUNTER.fetch_add(1, Ordering::Relaxed));
 
         let pid = std::process::id();
         let liason_path = env::temp_dir().join(format!("libdatadog.{}.{pid}", *PROCESS_RANDOM_ID));

datadog-sidecar/src/unix.rs

@@ -51,20 +51,89 @@ pub fn start_master_listener_unix(master_pid: i32) -> io::Result<()> {
     let handle = thread::Builder::new()
         .name("dd-sidecar".into())
         .spawn(move || {
-            let acquire_listener = move || -> io::Result<_> {
-                std_listener.set_nonblocking(true)?;
-                let listener = UnixListener::from_std(std_listener.try_clone()?)?;
-                let cancel = {
-                    let fd = listener.as_raw_fd();
-                    move || stop_listening(fd)
-                };
-                Ok((move |handler| accept_socket_loop(listener, handler), cancel))
+            // Use blocking I/O - no shared tokio Runtime needed
+            // This makes the code fork-safe
+            use crate::service::sidecar_server::SidecarServer;
+            let runtime = match tokio::runtime::Builder::new_current_thread()
+                .enable_all()
+                .build()
+            {
+                Ok(rt) => rt,
+                Err(e) => {
+                    error!("Failed to create runtime for server initialization: {}", e);
+                    return;
+                }
             };
 
-            let _ = enter_listener_loop(acquire_listener).map_err(|e| {
-                error!("enter_listener_loop failed: {}", e);
-                e
-            });
+            let server = runtime.block_on(async { SidecarServer::default() });
+
+            loop {
+                match std_listener.accept() {
+                    Ok((stream, _addr)) => {
+                        let server = server.clone();
+                        // Spawn a detached thread for each connection
+                        // Threads are not joined during shutdown to avoid blocking on active connections
+                        // Each thread will exit naturally when its connection closes
+                        if let Err(e) = thread::Builder::new().name("dd-conn-handler".into()).spawn(
+                            move || {
+                                // Create a minimal single-threaded runtime for this connection only
+                                // This runtime will be dropped when the connection closes
+                                let runtime = match tokio::runtime::Builder::new_current_thread()
+                                    .enable_all()
+                                    .build()
+                                {
+                                    Ok(rt) => rt,
+                                    Err(e) => {
+                                        error!("Failed to create runtime for connection: {}", e);
+                                        return;
+                                    }
+                                };
+
+                                runtime.block_on(async move {
+                                    // Convert std UnixStream to tokio UnixStream
+                                    if let Err(e) = stream.set_nonblocking(true) {
+                                        error!("Failed to set nonblocking: {}", e);
+                                        return;
+                                    }
+
+                                    let tokio_stream = match UnixStream::from_std(stream) {
+                                        Ok(s) => s,
+                                        Err(e) => {
+                                            error!("Failed to convert stream: {}", e);
+                                            return;
+                                        }
+                                    };
+
+                                    // Handle the connection using existing async infrastructure
+                                    use datadog_ipc::platform::AsyncChannel;
+
+                                    // Use the cloned shared server
+                                    server
+                                        .accept_connection(AsyncChannel::from(tokio_stream))
+                                        .await;
+                                });
+                            },
+                        ) {
+                            error!("Failed to spawn handler thread: {}", e);
+                        }
+                    }
+                    Err(e) => {
+                        match e.kind() {
+                            io::ErrorKind::Interrupted => continue,
+                            io::ErrorKind::InvalidInput => break, // Socket shut down
+                            _ => {
+                                error!("Accept error: {}", e);
+                                thread::sleep(Duration::from_millis(100));
+                            }
+                        }
+                    }
+                }
+            }
+
+            info!("Master listener stopped accepting connections");
+
+            // Shutdown the server - connection threads will finish naturally
+            server.shutdown();
         })
         .map_err(io::Error::other)?;
 
@@ -95,6 +164,7 @@ pub fn connect_worker_unix(master_pid: i32) -> io::Result<SidecarTransport> {
         }
     }
 
+    error!("Worker failed to connect after 10 attempts");
     Err(last_error.unwrap_or_else(|| io::Error::other("Connection failed")))
 }
 
@@ -112,28 +182,35 @@ pub fn shutdown_master_listener_unix() -> io::Result<()> {
 
     if let Some((handle, fd)) = listener_data {
         stop_listening(fd);
+        let _ = handle.join();
+    }
 
-        // Try to join with a timeout to avoid hanging the shutdown
-        // We spawn a helper thread to do the join so we can implement a timeout
-        let (tx, rx) = std::sync::mpsc::channel();
-        std::thread::spawn(move || {
-            let result = handle.join();
-            let _ = tx.send(result);
-        });
-
-        // Wait up to 2 seconds for clean shutdown (including time for tokio runtime shutdown)
-        match rx.recv_timeout(Duration::from_millis(2000)) {
-            Ok(Ok(())) => {
-                // Clean shutdown
-            }
-            Ok(Err(_)) => {
-                error!("Listener thread panicked during shutdown");
-            }
-            Err(_) => {
-                // Timeout - thread didn't exit in time
-                // This is acceptable as the OS will clean up when the process exits
+    Ok(())
+}
+
+/// Clears inherited resources in child processes after fork().
+/// With the new blocking I/O approach, we only need to forget the listener thread handle.
+/// Each connection creates its own short-lived runtime, so there's no global runtime to inherit.
+pub fn clear_inherited_listener_unix() -> io::Result<()> {
+    info!("Child process clearing inherited listener state");
+    match MASTER_LISTENER.lock() {
+        Ok(mut guard) => {
+            if let Some((handle, _fd)) = guard.take() {
+                info!("Child forgetting inherited listener thread handle");
+                // Forget the handle without joining - parent owns the thread
+                std::mem::forget(handle);
+                info!("Child successfully forgot listener handle");
+            } else {
+                info!("Child found no listener to clear");
             }
         }
+        Err(e) => {
+            error!(
+                "Failed to acquire lock for clearing inherited listener: {}",
+                e
+            );
+            return Err(io::Error::other("Mutex poisoned"));
+        }
     }
 
     Ok(())

datadog-sidecar/src/windows.rs

@@ -147,9 +147,7 @@ async fn accept_pipe_loop(
         .ok_or_else(|| io::Error::from(io::ErrorKind::InvalidInput))?;
 
     let raw_handle = pipe_listener.as_raw_handle();
-    let mut pipe = unsafe {
-        NamedPipeServer::from_raw_handle(raw_handle)
-    }?;
+    let mut pipe = unsafe { NamedPipeServer::from_raw_handle(raw_handle) }?;
 
     loop {
         match pipe.connect().await {
@@ -287,21 +285,26 @@ pub fn shutdown_master_listener_windows() -> io::Result<()> {
         stop_listening_on_handle(raw);
 
         let (tx, rx) = std::sync::mpsc::channel();
-        std::thread::spawn(move || {
+        let helper_handle = std::thread::spawn(move || {
             let result = handle.join();
             let _ = tx.send(result);
         });
 
         // Wait up to 500ms for proper shutdown
         match rx.recv_timeout(Duration::from_millis(500)) {
-            Ok(Ok(())) => { }
+            Ok(Ok(())) => {}
             Ok(Err(_)) => {
                 error!("Listener thread panicked during shutdown");
             }
             Err(err) => {
                 error!("Timeout waiting for listener thread to shut down: {}", err);
             }
         }
+
+        // Join the helper thread to clean up its TLS
+        if let Err(_) = helper_handle.join() {
+            error!("Helper thread panicked");
+        }
     }
 
     Ok(())