Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

server: set and advertise max frame size of 16KB #3018

Merged
merged 2 commits into from
Sep 11, 2019
Merged

Conversation

dfawley
Copy link
Member

@dfawley dfawley commented Sep 10, 2019

Special thanks to Michael Fink, Shiva Chetan Goudar, and Aaron Beitch at Arista Networks who discovered this issue and brought it to our attention.

@dfawley dfawley added the Type: Security A bug or other problem affecting security label Sep 10, 2019
@dfawley dfawley added this to the 1.24 Release milestone Sep 10, 2019
@dfawley dfawley requested a review from menghanl September 10, 2019 20:09
@aaronbee
Copy link

Any chance we could get this in v1.21 as well? I understand the policy is to support the last two releases, but the last set of security fixes made it into v1.21 and without this change I wouldn't consider v1.21 secure.

@menghanl
Copy link
Contributor

@aaronbee 1.21.4 was released: https://github.com/grpc/grpc-go/releases/tag/v1.21.4

thaJeztah added a commit to thaJeztah/containerd that referenced this pull request Oct 21, 2019
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah added a commit to thaJeztah/docker that referenced this pull request Oct 21, 2019
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-jenkins pushed a commit to docker-archive/docker-ce that referenced this pull request Dec 13, 2019
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 39ad39d22020a06f25b06ca45d252f7d822485e8
Component: engine
thaJeztah added a commit to thaJeztah/cli that referenced this pull request Jan 7, 2020
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-jenkins pushed a commit to docker-archive/docker-ce that referenced this pull request Jan 9, 2020
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 013151ff786b0391ecbf5a6b0fbe68d3d0b0ded1
Component: cli
thaJeztah added a commit to thaJeztah/containerd that referenced this pull request Jan 31, 2020
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 885232b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah added a commit to thaJeztah/docker that referenced this pull request Feb 22, 2020
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 39ad39d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
tiborvass pushed a commit to tiborvass/cli that referenced this pull request Mar 3, 2020
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 013151f)
Signed-off-by: Tibor Vass <tibor@docker.com>
docker-jenkins pushed a commit to docker-archive/docker-ce that referenced this pull request Mar 3, 2020
full diff: grpc/grpc-go@v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 013151ff786b0391ecbf5a6b0fbe68d3d0b0ded1)
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 0e40b91921fe721f70afdaf89f55d8ab52684714
Component: cli
@lock lock bot locked as resolved and limited conversation to collaborators Mar 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Type: Security A bug or other problem affecting security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants