resolver timeout fixes

control/control.go

@@ -238,6 +238,8 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 	atomic.AddInt64(&c.buildCount, 1)
 	defer atomic.AddInt64(&c.buildCount, -1)
 
+	// This method registers job ID in solver.Solve. Make sure there are no blocking calls before that might delay this.
+
 	if err := translateLegacySolveRequest(req); err != nil {
 		return nil, err
 	}

solver/jobs.go

@@ -455,7 +455,7 @@ func (jl *Solver) NewJob(id string) (*Job, error) {
 }
 
 func (jl *Solver) Get(id string) (*Job, error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 6*time.Second)
 	defer cancel()
 
 	go func() {

util/resolver/authorizer.go

@@ -25,11 +25,12 @@ import (
 type authHandlerNS struct {
 	counter int64 // needs to be 64bit aligned for 32bit systems
 
-	mu       sync.Mutex
-	handlers map[string]*authHandler
-	hosts    map[string][]docker.RegistryHost
-	sm       *session.Manager
-	g        flightcontrol.Group
+	handlers   map[string]*authHandler
+	muHandlers sync.Mutex
+	hosts      map[string][]docker.RegistryHost
+	muHosts    sync.Mutex
+	sm         *session.Manager
+	g          flightcontrol.Group
 }
 
 func newAuthHandlerNS(sm *session.Manager) *authHandlerNS {
@@ -118,8 +119,8 @@ func newDockerAuthorizer(client *http.Client, handlers *authHandlerNS, sm *sessi
 
 // Authorize handles auth request.
 func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) error {
-	a.handlers.mu.Lock()
-	defer a.handlers.mu.Unlock()
+	a.handlers.muHandlers.Lock()
+	defer a.handlers.muHandlers.Unlock()
 
 	// skip if there is no auth handler
 	ah := a.handlers.get(ctx, req.URL.Host, a.sm, a.session)
@@ -141,8 +142,8 @@ func (a *dockerAuthorizer) getCredentials(host string) (sessionID, username, sec
 }
 
 func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.Response) error {
-	a.handlers.mu.Lock()
-	defer a.handlers.mu.Unlock()
+	a.handlers.muHandlers.Lock()
+	defer a.handlers.muHandlers.Unlock()
 
 	last := responses[len(responses)-1]
 	host := last.Request.URL.Host

util/resolver/pool.go

@@ -40,7 +40,7 @@ func (p *Pool) gc() {
 	defer p.mu.Unlock()
 
 	for k, ns := range p.m {
-		ns.mu.Lock()
+		ns.muHandlers.Lock()
 		for key, h := range ns.handlers {
 			if time.Since(h.lastUsed) < 10*time.Minute {
 				continue
@@ -58,7 +58,7 @@ func (p *Pool) gc() {
 		if len(ns.handlers) == 0 {
 			delete(p.m, k)
 		}
-		ns.mu.Unlock()
+		ns.muHandlers.Unlock()
 	}
 
 	time.AfterFunc(5*time.Minute, p.gc)
@@ -128,28 +128,31 @@ func (r *Resolver) HostsFunc(host string) ([]docker.RegistryHost, error) {
 	return func(domain string) ([]docker.RegistryHost, error) {
 		v, err := r.handler.g.Do(context.TODO(), domain, func(ctx context.Context) (interface{}, error) {
 			// long lock not needed because flightcontrol.Do
-			r.handler.mu.Lock()
+			r.handler.muHosts.Lock()
 			v, ok := r.handler.hosts[domain]
-			r.handler.mu.Unlock()
+			r.handler.muHosts.Unlock()
 			if ok {
 				return v, nil
 			}
 			res, err := r.hosts(domain)
 			if err != nil {
 				return nil, err
 			}
-			r.handler.mu.Lock()
+			r.handler.muHosts.Lock()
 			r.handler.hosts[domain] = res
-			r.handler.mu.Unlock()
+			r.handler.muHosts.Unlock()
 			return res, nil
 		})
 		if err != nil || v == nil {
 			return nil, err
 		}
-		res := v.([]docker.RegistryHost)
-		if len(res) == 0 {
+		vv := v.([]docker.RegistryHost)
+		if len(vv) == 0 {
 			return nil, nil
 		}
+		// make a copy so authorizer is set on unique instance
+		res := make([]docker.RegistryHost, len(vv))
+		copy(res, vv)
 		auth := newDockerAuthorizer(res[0].Client, r.handler, r.sm, r.g)
 		for i := range res {
 			res[i].Authorizer = auth