sync from master. #4
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…2945) Will allow us to cleanly add a clang-cl build in CI Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com>
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
This PR incorporates the tests that i created for the envoy examples (originally here: https://github.com/phlax/envoy-examples) It also adds a test to ensure that example configs have been added to the examples `BUILD` config (ref: #12256 (comment)) Signed-off-by: Ryan Northey <ryan@synca.io>
Risk Level: Low Testing: Manual testing & bazel test //test/extensions/filters/http/ext_authz/... Signed-off-by: Martin Matusiak <numerodix@gmail.com>
Added PGV constraint to not allow \0\n\r in serverName.Currently, header doesn't allow \0\r\n. Risk Level: Low Testing: config_test Fixes #12709 Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>
When using ASLR, we need to calculate the offset before looking up symbols in order to get a correct stack trace. Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Covers membership criteria, role of xDS API shepherds and what the relationship with UDPA-WG is. Signed-off-by: Harvey Tuch <htuch@google.com>
In order to support TLS in a health check connection, a TransportSocket proto must be matched to build the proper TLS connection factory. These are matched by the repeated field transport_socket_matches in the cluster proto, which HDS is currently leaving blank when building this proto. As a result, there is not way to specify a TLS transport socket or any transport socket listed in the docs. This change adds the transport_socket_matches field to the HDS health check specifier, and adds it to the Cluster config generated by HDS, to support transport socket matches per-health check. Risk Level: Low Testing: HDS Unit tests and integration tests pass. Added unit test to test that the transport socket matcher receives the correct fields. Added two integration tests with a TLS configuration, one over HTTP and one over HTTP/2. Docs Changes: Added comments about the new transport_socket_maches field in the HDS specifier proto. Release Notes: Included Signed-off-by: Drew S. Ortega <drewortega@google.com>
Documented a common integration tests problem when the response content-length header does not match the actual body length. Signed-off-by: Yosry Ahmed yosryahmed@google.com Risk Level: N/A Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
) This fixes typos in Lua filter documentation and adds an example script. Applying recommendations from: #13010 (comment) Risk Level: Low, docs only. Testing: N/A Docs Changes: Fix typos in Lua filter documentation; added an example script showing how to access request/response information using specific headers. Release Notes: N/A Signed-off-by: Pauline <pauline.lallinec@gmail.com>
Update mirror used to fetch kafka dependency to a valid, working mirror. Resolves #13011 Risk Level: low Testing: covered by CI Signed-off-by: John Murray <murray@stripe.com>
Add a field to the current protobuf of ScopedRouteConfiguration to enable on demand scoped route table loading. The on demand scope route tables will be loaded lazily. The lazy loading feature of route table associated with scope is achieved by extending the current vhds on_demand filter to support lazy loading of RouteConfigurationscoped route discovery service.If a scoped route configuration is set to be loaded lazily, upon a http request using SRDS, when the corresponding route table of a scope is not found, post a callback to control plane, request the route table from the management server, after the route table has been initialized, continue the filter chain. https://docs.google.com/document/d/15GX30U5CH2bsWUyQRkiiQ_nbMCoklvgP_ObrDaSlkuc/edit?usp=sharing Risk Level: Low Testing: add unit tests and integration test to verifiy behavior changes Fixes #10641 Signed-off-by: chaoqinli <chaoqinli@google.com>
This will apply to all changes to external dependencies in future PRs. Part of #10471 Signed-off-by: Harvey Tuch <htuch@google.com>
Fixes #12962. Signed-off-by: Harvey Tuch <htuch@google.com>
Please see #12158 for more details about the issue. Risk level: Low Signed-off-by: Dmitri Dolguikh <ddolguik@redhat.com>
… a per thread limit. (#12897) Simplified Profile Action to have a per-process limit rather than a per thread limit which simplifies disk-filling concerns. We want to prevent the profiler from filling the disk, and using a per thread limit creates more complexity and profiles (i.e. for the "global" limit would be #threads * limit per thread vs limit per process. The former is harder to reason about. Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Flipping envoy.reloadable_features.new_tcp_connection_pool to true by default Risk Level: High (but has been successfully smoke tested in prod this time) Testing: extensive Docs Changes: n/a Release Notes: were there from last time Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: DongRyeol Cha <dr83.cha@samsung.com>
Risk Level: low (renames) Testing: tests renamed too Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Follow up to #12830 with another sparse log variant. The periodic version relies on a real world time source, which can be discussed separately here. Risk Level: Low Testing: Unit tests Signed-off-by: Otto van der Schaaf oschaaf@we-amp.com
As per http://lua-users.org/wiki/MetatableEvents the __pairs metamethod is not available until lua 5.2, luajit/moonjit build lua 5.1. This define was set on Linux/Mac but not Windows. Signed-off-by: Sunjay Bhatia <sunjayb@vmware.com> Co-authored-by: William A Rowe Jr <wrowe@vmware.com>
Signed-off-by: Erica Manno <erica.manno@gmail.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
The existing access for X509 extension values is unused in Envoy, but will be used in the near future for detection of certificates with the OCSP must-staple extension (see #12685). The existing implementation, however, assumes that all extension values can be safely decoded with ASN1_get_object, which is incorrect. Here we replace getX509ExtensionValue with a corrected implementation that produces different output (that is, the entire value octet string versus a partially decoded value). We remove (unused) access to extensions from Envoy::Ssl::Connection and rename the utility method to insure that downstream projects do not unintentionally consume the altered return value. Risk Level: low, not used in Envoy Testing: moved existing unit tests Docs Changes: n/a Release Notes: n/a Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Description: Taking advantage of the new feature introduced in [#12035](#12035), which introduced quick visibility for init managers to check unready targets, this pull request adds protobuf message for unready targets and enables admin to dump configs of unready targets. An example of config dump for listeners’ unready targets is given in this pull request. Introduce ```InitDumpHandler``` with ```handlerInitDump``` method to help dump information of unready targets. Add ```dumpUnreadyTargets``` function for ```init::manager```. Risk Level: Low Docs Changes: protodoc Release Notes: Added Signed-off-by: pingsun <pingsun@google.com>
Cleaning up an issue where if the TCP proxy session got a Connected event it was problematic. Risk Level: Low (minor refactor) Testing: new unit test Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Enable dynamic link test for coverage, to save storage / cache. Risk Level: Low (test only) Testing: CI Docs Changes: N/A Release Notes: N/A Also fixes #13020 Signed-off-by: Lizan Zhou <lizan@tetrate.io>
This imports searchtools.js from https://raw.githubusercontent.com/sphinx-doc/sphinx/3.x/sphinx/themes/basic/static/searchtools.js. #13005 (comment) Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
This patch introduces the xDS transport++ context parameter encoding algorithm. Risk level: Low Testing: Unit tests added. Part of #11264 Signed-off-by: Harvey Tuch <htuch@google.com>
Fix thrift request overflow crash. When requests overflow, the onPoolFailure will set host to null, and causes a crash. Risk Level: low Testing: added unit test Docs Changes: n/a Release Notes: added Signed-off-by: Guang Yang <pyrl247@gmail.com>
…3 imports (#12982) I've included CPE metadata as comments in bazel/repositories_extra.bzl. I thought this would be better for programmatic inclusion in docs/generate_external_dep_rst.py Risk Level: Low Testing: bazel --nohome_rc test //test/extensions/filters/network/kafka/... bazel --nohome_rc test //test/extensions/filters/network/thrift_proxy/... Signed-off-by: Michael Payne <michael@sooper.org>
Signed-off-by: Asra Ali <asraa@google.com>
The time at which responses are received is recorded, and stored with cached responses as response_time. When a response is served from cache, response_time and other headers are used to correctly calculate the age of the cached response. Risk Level: Low Testing: Unit tests. Docs Changes: N/A Release Notes: N/A Fixes #9859 Fixes #12140 Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
Additional Description: This PR necessitated decoupling SslHandshakerImpl from ContextConfig a bit. We now pass an int representing the index of the extended_info struct rather than the ContextConfig. This PR moves SslHandshakerImpl to its own build target, moves SslHandshaker construction into the ContextConfig, and adds a HandshakerFactoryContext and HandshakerFactory for modifying the ContextConfig's behavior when constructing a Handshaker. This PR also adds a control (requireCertificates) to turn off the release asserts that a context must have certificates. This PR builds off work in #12571 and refines work done (and abandoned) in #12075. For more discussion please see the comments section of #12075. Risk Level: Low. This PR does not modify existing handshaking behavior, it just adds an extension point for modifying it. Testing: A representative alternative implementation was added under :handshaker_test. Docs Changes: N/a Release Notes: N/a Signed-off-by: James Buckland <jbuckland@google.com>
wangfakang
pushed a commit
that referenced
this pull request
May 30, 2022
…yproxy#20170) * test: adding a multi-envoy test (envoyproxy#20016) Functionally this handles the multi-envoy signal handler crash skips instantiating a runtime singleton (off by default, must stay off until remove global runtime: rebase runtime features on ABSL_flags envoyproxy#19847 is closed) Multi-envoy does not correctly support runtime flags or deprecation stats due to envoyproxy#19847 being incomplete. It can still handle proxy traffic client - L1 - L2 - upstream as shown in test. Risk Level: low Testing: yes Docs Changes: n/a Release Notes: n/a Part of envoyproxy/envoy-mobile#2003 Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Add a congestionWindowInBytes method to Envoy::Network::Connection (envoyproxy#20105) Signed-off-by: Bin Wu <wub@google.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Update QUICHE from 50f15e7a5 to cf1588207 (envoyproxy#20154) https://github.com/google/quiche/compare/50f15e7a5..cf1588207 $ git log 50f15e7a5..cf1588207 --date=short --no-merges --format="%ad %al %s" 2022-02-28 wub Deprecate --gfe2_reloadable_flag_quic_crypto_noop_if_disconnected_after_process_chlo. 2022-02-27 vasilvv Remove QuicheMemSlice(QuicUniqueBufferPtr, size_t) constructor. 2022-02-26 fayang Use std::string instead of absl::string_view in CryptoBufferMap. 2022-02-25 bnc Ignore incoming HTTP/3 MAX_PUSH_ID frames. 2022-02-25 bnc Remove Http3DebugVisitor::OnMaxPushIdFrameSent(). 2022-02-25 bnc Remove QuicSpdySession::CanCreatePushStreamWithId(). 2022-02-25 fayang Deprecate gfe2_reloadable_flag_quic_single_ack_in_packet2. Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * build(deps): bump actions/stale from 4.1.0 to 5 (envoyproxy#20159) Bumps [actions/stale](https://github.com/actions/stale) from 4.1.0 to 5. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v4.1.0...v5) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * admin: improve test coverage and increase the coverage-percent threshold (envoyproxy#20025) Adds a missing test for recent lookups now that there are no more fake symbol tables. Adds tests for a variety of override methods defined in admin.h that were previously hard to hit. Adds a benchmark test to establish a baseline for the speedups in envoyproxy#19693 Signed-off-by: Joshua Marantz <jmarantz@google.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * test: removing a bunch of direct runtime singleton access (envoyproxy#19993) Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * build(deps): bump grpcio-tools in /examples/grpc-bridge/client (envoyproxy#20040) Bumps [grpcio-tools](https://github.com/grpc/grpc) from 1.43.0 to 1.44.0. - [Release notes](https://github.com/grpc/grpc/releases) - [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md) - [Commits](grpc/grpc@v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: grpcio-tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spell check dictionary Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * fixes spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds test coverage Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * updates doc Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * adds to spell check dictionary Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> fixes spellcheck Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> * fixes spell check Signed-off-by: Rex Chang <58710378+rexnp@users.noreply.github.com> Co-authored-by: alyssawilk <alyssar@chromium.org> Co-authored-by: Bin Wu <46450037+wu-bin@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joshua Marantz <jmarantz@google.com>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…roxy#22689) Commit Message: stream_idle_timer_ is armed to timeout the sending of the bufferred response payload in the quic stream send buffer after the end stream is buffered in the stream. But today this timer is armed even if the the encoding of the payload causes the stream to be closed, in which case the timer can never be cancelled till the stream destruction with ASSERT hit as below: [2022-08-12 22:23:38.843][12][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x50e8d0000000c [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x3480b28] [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7f94b072c200] [2022-08-12 22:23:38.872][12][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::Quic::EnvoyQuicStream::~EnvoyQuicStream() [0x2a2fe98] [2022-08-12 22:23:38.885][12][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a78058] [2022-08-12 22:23:38.899][12][critical][backtrace] [./source/server/backtrace.h:96] #4: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d30] [2022-08-12 22:23:38.912][12][critical][backtrace] [./source/server/backtrace.h:96] #5: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d69] This change check stream close in this case, so that the idle timer will not be armed for closed streams. Risk Level: low Testing: new unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Dan Zhang <danzh@google.com>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…voyproxy#22856) `//test/integration:tcp_proxy_odcds_integration_test` was observed to fail as follows: ``` ==================== Test output for //test/integration:tcp_proxy_odcds_integration_test: [==========] Running 24 tests from 1 test suite. [----------] Global test environment set-up. [----------] 24 tests from IpVersionsClientType/TcpProxyOdcdsIntegrationTest [ RUN ] IpVersionsClientType/TcpProxyOdcdsIntegrationTest.SingleTcpClient/0 [2022-08-25 20:22:46.750][3969][critical][assert] [test/integration/fake_upstream.cc:832] assert failure: !dispatcher_->isThreadSafe(). [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x6b00000f81 [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x4c46a78]->[0x2cf2a78] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1267 [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7ffbdaa79420]->[0x7ffbd8b25420] ??:0 [2022-08-25 20:22:46.802][3969][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::FakeUpstream::assertPendingConnectionsEmpty() [0x245bf0b]->[0x507f0b] ??:0 [2022-08-25 20:22:46.846][3969][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::(anonymous namespace)::TcpProxyOdcdsIntegrationTest_SingleTcpClient_Test::TestBody() [0x1f596cb]->[0x56cb] ??:0 [2022-08-25 20:22:46.877][3969][critical][backtrace] [./source/server/backtrace.h:96] #4: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588b61b]->[0x393761b] ??:0 [2022-08-25 20:22:46.924][3969][critical][backtrace] [./source/server/backtrace.h:96] #5: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587c2bd]->[0x39282bd] ??:0 [2022-08-25 20:22:46.966][3969][critical][backtrace] [./source/server/backtrace.h:96] #6: testing::Test::Run() [0x5864ba3]->[0x3910ba3] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:0 [2022-08-25 20:22:47.003][3969][critical][backtrace] [./source/server/backtrace.h:96] #7: testing::TestInfo::Run() [0x586576a]->[0x391176a] external/com_google_absl/absl/container/internal/raw_hash_set.h:1259 [2022-08-25 20:22:47.037][3969][critical][backtrace] [./source/server/backtrace.h:96] #8: testing::TestSuite::Run() [0x5865fbb]->[0x3911fbb] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_algo.h:1925 [2022-08-25 20:22:47.089][3969][critical][backtrace] [./source/server/backtrace.h:96] #9: testing::internal::UnitTestImpl::RunAllTests() [0x5874a28]->[0x3920a28] envoy/registry/registry.h:509 [2022-08-25 20:22:47.114][3969][critical][backtrace] [./source/server/backtrace.h:96] #10: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588ddbb]->[0x3939dbb] envoy/registry/registry.h:0 [2022-08-25 20:22:47.160][3969][critical][backtrace] [./source/server/backtrace.h:96] #11: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587e683]->[0x392a683] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/unique_ptr.h:154 [2022-08-25 20:22:47.191][3969][critical][backtrace] [./source/server/backtrace.h:96] #12: testing::UnitTest::Run() [0x5874568]->[0x3920568] envoy/registry/registry.h:508 [2022-08-25 20:22:47.237][3969][critical][backtrace] [./source/server/backtrace.h:96] #13: RUN_ALL_TESTS() [0x4878d51]->[0x2924d51] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1203 [2022-08-25 20:22:47.284][3969][critical][backtrace] [./source/server/backtrace.h:96] #14: Envoy::TestRunner::RunTests() [0x48783b1]->[0x29243b1] external/com_google_googletest/googlemock/include/gmock/gmock-actions.h:485 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #15: main [0x4874c3a]->[0x2920c3a] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1181 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #16: __libc_start_main [0x7ffbda897083]->[0x7ffbd8943083] ??:0 ================================================================================ ``` This is due to the race described by envoyproxy#22855. Making sure the dispatcher thread is running before starting the test avoids this problem. Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
hatappi
pushed a commit
to hatappi/envoy-go-extension
that referenced
this pull request
Nov 15, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
wangfakang#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
wangfakang#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
wangfakang#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
wangfakang#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
wangfakang#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
wangfakang#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
wangfakang#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
wangfakang#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
wangfakang#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
wangfakang#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
wangfakang#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
wangfakang#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
wangfakang#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
wangfakang#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
wangfakang#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
wangfakang#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]