diff options
| author |  Jan Tattermusch <jtattermusch@users.noreply.github.com> | 2016-05-10 08:28:28 -0700 |
|---|---|---|
| committer | Jan Tattermusch <jtattermusch@users.noreply.github.com> | 2016-05-10 08:28:28 -0700 |
| commit | cfbe02075ac360e03042c4fe7d87369cee036fc5 (patch) | |
| tree | be833ff2fff38f60e1774a3e29bcf6a4f3821323 /src/core/ext | |
| parent | 5e743b2accb8003a44e9ab1fdccc549ba7f9a859 (diff) | |
| parent | 067cce56d4158031ea40f2f91a2e3839ebe2bbec (diff) | |
Merge pull request #6320 from markdroth/limit_metadata_size
Add support for max metadata size.
Diffstat (limited to 'src/core/ext')
6 files changed, 171 insertions, 63 deletions
diff --git a/src/core/ext/transport/chttp2/transport/chttp2_transport.c b/src/core/ext/transport/chttp2/transport/chttp2_transport.c index 53633227ac..b6886a2201 100644 --- a/src/core/ext/transport/chttp2/transport/chttp2_transport.c +++ b/src/core/ext/transport/chttp2/transport/chttp2_transport.c @@ -56,6 +56,8 @@ #define DEFAULT_CONNECTION_WINDOW_TARGET (1024 * 1024) #define MAX_WINDOW 0x7fffffffu +#define DEFAULT_MAX_HEADER_LIST_SIZE (16 * 1024) + #define MAX_CLIENT_STREAM_ID 0x7fffffffu int grpc_http_trace = 0; @@ -65,8 +67,8 @@ int grpc_flowctl_trace = 0; ((grpc_chttp2_transport *)((char *)(tw)-offsetof(grpc_chttp2_transport, \ writing))) -#define TRANSPORT_FROM_PARSING(tw) \ - ((grpc_chttp2_transport *)((char *)(tw)-offsetof(grpc_chttp2_transport, \ +#define TRANSPORT_FROM_PARSING(tp) \ + ((grpc_chttp2_transport *)((char *)(tp)-offsetof(grpc_chttp2_transport, \ parsing))) #define TRANSPORT_FROM_GLOBAL(tg) \ @@ -311,6 +313,8 @@ static void init_transport(grpc_exec_ctx *exec_ctx, grpc_chttp2_transport *t, push_setting(t, GRPC_CHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 0); } push_setting(t, GRPC_CHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, DEFAULT_WINDOW); + push_setting(t, GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE, + DEFAULT_MAX_HEADER_LIST_SIZE); if (channel_args) { for (i = 0; i < channel_args->num_args; i++) { @@ -378,6 +382,18 @@ static void init_transport(grpc_exec_ctx *exec_ctx, grpc_chttp2_transport *t, &t->writing.hpack_compressor, (uint32_t)channel_args->args[i].value.integer); } + } else if (0 == strcmp(channel_args->args[i].key, + GRPC_ARG_MAX_METADATA_SIZE)) { + if (channel_args->args[i].type != GRPC_ARG_INTEGER) { + gpr_log(GPR_ERROR, "%s: must be an integer", + GRPC_ARG_MAX_METADATA_SIZE); + } else if (channel_args->args[i].value.integer < 0) { + gpr_log(GPR_ERROR, "%s: must be non-negative", + GRPC_ARG_MAX_METADATA_SIZE); + } else { + push_setting(t, GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE, + (uint32_t)channel_args->args[i].value.integer); + } } } } @@ -510,7 +526,7 @@ static int init_stream(grpc_exec_ctx *exec_ctx, grpc_transport *gt, [GRPC_CHTTP2_SETTINGS_INITIAL_WINDOW_SIZE]; *t->accepting_stream = s; grpc_chttp2_stream_map_add(&t->parsing_stream_map, s->global.id, s); - s->global.in_stream_map = 1; + s->global.in_stream_map = true; } grpc_chttp2_run_with_global_lock(exec_ctx, t, s, finish_init_stream_locked, @@ -834,7 +850,7 @@ static void maybe_start_some_streams( grpc_chttp2_stream_map_add( &TRANSPORT_FROM_GLOBAL(transport_global)->new_stream_map, stream_global->id, STREAM_FROM_GLOBAL(stream_global)); - stream_global->in_stream_map = 1; + stream_global->in_stream_map = true; transport_global->concurrent_stream_count++; grpc_chttp2_become_writable(transport_global, stream_global); } @@ -933,24 +949,38 @@ static void perform_stream_op_locked(grpc_exec_ctx *exec_ctx, stream_global->send_initial_metadata_finished = add_closure_barrier(on_complete); stream_global->send_initial_metadata = op->send_initial_metadata; - if (contains_non_ok_status(transport_global, op->send_initial_metadata)) { - stream_global->seen_error = 1; - grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); - } - if (!stream_global->write_closed) { - if (transport_global->is_client) { - GPR_ASSERT(stream_global->id == 0); - grpc_chttp2_list_add_waiting_for_concurrency(transport_global, - stream_global); - maybe_start_some_streams(exec_ctx, transport_global); + const size_t metadata_size = + grpc_metadata_batch_size(op->send_initial_metadata); + const size_t metadata_peer_limit = + transport_global->settings[GRPC_PEER_SETTINGS] + [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]; + if (metadata_size > metadata_peer_limit) { + gpr_log(GPR_DEBUG, + "to-be-sent initial metadata size exceeds peer limit " + "(%lu vs. %lu)", + metadata_size, metadata_peer_limit); + cancel_from_api(exec_ctx, transport_global, stream_global, + GRPC_STATUS_RESOURCE_EXHAUSTED); + } else { + if (contains_non_ok_status(transport_global, op->send_initial_metadata)) { + stream_global->seen_error = true; + grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); + } + if (!stream_global->write_closed) { + if (transport_global->is_client) { + GPR_ASSERT(stream_global->id == 0); + grpc_chttp2_list_add_waiting_for_concurrency(transport_global, + stream_global); + maybe_start_some_streams(exec_ctx, transport_global); + } else { + GPR_ASSERT(stream_global->id != 0); + grpc_chttp2_become_writable(transport_global, stream_global); + } } else { - GPR_ASSERT(stream_global->id != 0); - grpc_chttp2_become_writable(transport_global, stream_global); + grpc_chttp2_complete_closure_step( + exec_ctx, stream_global, + &stream_global->send_initial_metadata_finished, 0); } - } else { - grpc_chttp2_complete_closure_step( - exec_ctx, stream_global, - &stream_global->send_initial_metadata_finished, 0); } } @@ -974,19 +1004,34 @@ static void perform_stream_op_locked(grpc_exec_ctx *exec_ctx, stream_global->send_trailing_metadata_finished = add_closure_barrier(on_complete); stream_global->send_trailing_metadata = op->send_trailing_metadata; - if (contains_non_ok_status(transport_global, op->send_trailing_metadata)) { - stream_global->seen_error = 1; - grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); - } - if (stream_global->write_closed) { - grpc_chttp2_complete_closure_step( - exec_ctx, stream_global, - &stream_global->send_trailing_metadata_finished, - grpc_metadata_batch_is_empty(op->send_trailing_metadata)); - } else if (stream_global->id != 0) { - /* TODO(ctiller): check if there's flow control for any outstanding - bytes before going writable */ - grpc_chttp2_become_writable(transport_global, stream_global); + const size_t metadata_size = + grpc_metadata_batch_size(op->send_trailing_metadata); + const size_t metadata_peer_limit = + transport_global->settings[GRPC_PEER_SETTINGS] + [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]; + if (metadata_size > metadata_peer_limit) { + gpr_log(GPR_DEBUG, + "to-be-sent trailing metadata size exceeds peer limit " + "(%lu vs. %lu)", + metadata_size, metadata_peer_limit); + cancel_from_api(exec_ctx, transport_global, stream_global, + GRPC_STATUS_RESOURCE_EXHAUSTED); + } else { + if (contains_non_ok_status(transport_global, + op->send_trailing_metadata)) { + stream_global->seen_error = true; + grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); + } + if (stream_global->write_closed) { + grpc_chttp2_complete_closure_step( + exec_ctx, stream_global, + &stream_global->send_trailing_metadata_finished, + grpc_metadata_batch_is_empty(op->send_trailing_metadata)); + } else if (stream_global->id != 0) { + /* TODO(ctiller): check if there's flow control for any outstanding + bytes before going writable */ + grpc_chttp2_become_writable(transport_global, stream_global); + } } } @@ -1149,6 +1194,16 @@ static void check_read_ops(grpc_exec_ctx *exec_ctx, grpc_chttp2_list_pop_check_read_ops(transport_global, &stream_global)) { if (stream_global->recv_initial_metadata_ready != NULL && stream_global->published_initial_metadata) { + if (stream_global->seen_error) { + while ((bs = grpc_chttp2_incoming_frame_queue_pop( + &stream_global->incoming_frames)) != NULL) { + incoming_byte_stream_destroy_locked(exec_ctx, NULL, NULL, bs); + } + if (stream_global->exceeded_metadata_size) { + cancel_from_api(exec_ctx, transport_global, stream_global, + GRPC_STATUS_RESOURCE_EXHAUSTED); + } + } grpc_chttp2_incoming_metadata_buffer_publish( &stream_global->received_initial_metadata, stream_global->recv_initial_metadata); @@ -1178,10 +1233,15 @@ static void check_read_ops(grpc_exec_ctx *exec_ctx, } if (stream_global->recv_trailing_metadata_finished != NULL && stream_global->read_closed && stream_global->write_closed) { - while (stream_global->seen_error && - (bs = grpc_chttp2_incoming_frame_queue_pop( - &stream_global->incoming_frames)) != NULL) { - incoming_byte_stream_destroy_locked(exec_ctx, NULL, NULL, bs); + if (stream_global->seen_error) { + while ((bs = grpc_chttp2_incoming_frame_queue_pop( + &stream_global->incoming_frames)) != NULL) { + incoming_byte_stream_destroy_locked(exec_ctx, NULL, NULL, bs); + } + if (stream_global->exceeded_metadata_size) { + cancel_from_api(exec_ctx, transport_global, stream_global, + GRPC_STATUS_RESOURCE_EXHAUSTED); + } } if (stream_global->all_incoming_byte_streams_finished) { grpc_chttp2_incoming_metadata_buffer_publish( @@ -1213,7 +1273,7 @@ static void remove_stream(grpc_exec_ctx *exec_ctx, grpc_chttp2_transport *t, s = grpc_chttp2_stream_map_delete(&t->new_stream_map, id); } GPR_ASSERT(s); - s->global.in_stream_map = 0; + s->global.in_stream_map = false; if (t->parsing.incoming_stream == &s->parsing) { t->parsing.incoming_stream = NULL; grpc_chttp2_parsing_become_skip_parser(exec_ctx, &t->parsing); @@ -1257,7 +1317,7 @@ static void cancel_from_api(grpc_exec_ctx *exec_ctx, NULL); } if (status != GRPC_STATUS_OK && !stream_global->seen_error) { - stream_global->seen_error = 1; + stream_global->seen_error = true; grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); } grpc_chttp2_mark_stream_closed(exec_ctx, transport_global, stream_global, 1, @@ -1269,7 +1329,7 @@ void grpc_chttp2_fake_status(grpc_exec_ctx *exec_ctx, grpc_chttp2_stream_global *stream_global, grpc_status_code status, gpr_slice *slice) { if (status != GRPC_STATUS_OK) { - stream_global->seen_error = 1; + stream_global->seen_error = true; grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); } /* stream_global->recv_trailing_metadata_finished gives us a @@ -1293,7 +1353,7 @@ void grpc_chttp2_fake_status(grpc_exec_ctx *exec_ctx, GRPC_MDSTR_GRPC_MESSAGE, grpc_mdstr_from_slice(gpr_slice_ref(*slice)))); } - stream_global->published_trailing_metadata = 1; + stream_global->published_trailing_metadata = true; grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); } if (slice) { @@ -1323,13 +1383,13 @@ void grpc_chttp2_mark_stream_closed( } grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); if (close_reads && !stream_global->read_closed) { - stream_global->read_closed = 1; - stream_global->published_initial_metadata = 1; - stream_global->published_trailing_metadata = 1; + stream_global->read_closed = true; + stream_global->published_initial_metadata = true; + stream_global->published_trailing_metadata = true; decrement_active_streams_locked(exec_ctx, transport_global, stream_global); } if (close_writes && !stream_global->write_closed) { - stream_global->write_closed = 1; + stream_global->write_closed = true; if (TRANSPORT_FROM_GLOBAL(transport_global)->executor.writing_active) { GRPC_CHTTP2_STREAM_REF(stream_global, "finish_writes"); grpc_chttp2_list_add_closed_waiting_for_writing(transport_global, diff --git a/src/core/ext/transport/chttp2/transport/frame_rst_stream.c b/src/core/ext/transport/chttp2/transport/frame_rst_stream.c index 22467e9ddd..7f01105e3e 100644 --- a/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +++ b/src/core/ext/transport/chttp2/transport/frame_rst_stream.c @@ -45,15 +45,20 @@ gpr_slice grpc_chttp2_rst_stream_create(uint32_t id, uint32_t code, stats->framing_bytes += frame_size; uint8_t *p = GPR_SLICE_START_PTR(slice); + // Frame size. *p++ = 0; *p++ = 0; *p++ = 4; + // Frame type. *p++ = GRPC_CHTTP2_FRAME_RST_STREAM; + // Flags. *p++ = 0; + // Stream ID. *p++ = (uint8_t)(id >> 24); *p++ = (uint8_t)(id >> 16); *p++ = (uint8_t)(id >> 8); *p++ = (uint8_t)(id); + // Error code. *p++ = (uint8_t)(code >> 24); *p++ = (uint8_t)(code >> 16); *p++ = (uint8_t)(code >> 8); diff --git a/src/core/ext/transport/chttp2/transport/incoming_metadata.c b/src/core/ext/transport/chttp2/transport/incoming_metadata.c index db21744f0c..3e463a7995 100644 --- a/src/core/ext/transport/chttp2/transport/incoming_metadata.c +++ b/src/core/ext/transport/chttp2/transport/incoming_metadata.c @@ -65,6 +65,7 @@ void grpc_chttp2_incoming_metadata_buffer_add( gpr_realloc(buffer->elems, sizeof(*buffer->elems) * buffer->capacity); } buffer->elems[buffer->count++].md = elem; + buffer->size += GRPC_MDELEM_LENGTH(elem); } void grpc_chttp2_incoming_metadata_buffer_set_deadline( diff --git a/src/core/ext/transport/chttp2/transport/incoming_metadata.h b/src/core/ext/transport/chttp2/transport/incoming_metadata.h index 17ecf8e181..df4343b93e 100644 --- a/src/core/ext/transport/chttp2/transport/incoming_metadata.h +++ b/src/core/ext/transport/chttp2/transport/incoming_metadata.h @@ -42,6 +42,7 @@ typedef struct { size_t capacity; gpr_timespec deadline; int published; + size_t size; // total size of metadata } grpc_chttp2_incoming_metadata_buffer; /** assumes everything initially zeroed */ diff --git a/src/core/ext/transport/chttp2/transport/internal.h b/src/core/ext/transport/chttp2/transport/internal.h index 8c4fa2d34a..5872fd8e0a 100644 --- a/src/core/ext/transport/chttp2/transport/internal.h +++ b/src/core/ext/transport/chttp2/transport/internal.h @@ -422,23 +422,21 @@ typedef struct { /** number of streams that are currently being read */ gpr_refcount active_streams; - /** when the application requests writes be closed, the write_closed is - 'queued'; when the close is flow controlled into the send path, we are - 'sending' it; when the write has been performed it is 'sent' */ + /** Is this stream closed for writing. */ bool write_closed; - /** is this stream reading half-closed (boolean) */ + /** Is this stream reading half-closed. */ bool read_closed; - /** are all published incoming byte streams closed */ + /** Are all published incoming byte streams closed. */ bool all_incoming_byte_streams_finished; - /** is this stream in the stream map? (boolean) */ + /** Is this stream in the stream map. */ bool in_stream_map; - /** has this stream seen an error? if 1, then pending incoming frames - can be thrown away */ + /** Has this stream seen an error. + If true, then pending incoming frames can be thrown away. */ bool seen_error; + bool exceeded_metadata_size; bool published_initial_metadata; bool published_trailing_metadata; - bool faked_trailing_metadata; grpc_chttp2_incoming_metadata_buffer received_initial_metadata; grpc_chttp2_incoming_metadata_buffer received_trailing_metadata; @@ -481,7 +479,8 @@ struct grpc_chttp2_stream_parsing { /** which metadata did we get (on this parse) */ uint8_t got_metadata_on_parse[2]; /** should we raise the seen_error flag in transport_global */ - uint8_t seen_error; + bool seen_error; + bool exceeded_metadata_size; /** window available for peer to send to us */ int64_t incoming_window; /** parsing state for data frames */ diff --git a/src/core/ext/transport/chttp2/transport/parsing.c b/src/core/ext/transport/chttp2/transport/parsing.c index 2995066e51..4bd374b7fa 100644 --- a/src/core/ext/transport/chttp2/transport/parsing.c +++ b/src/core/ext/transport/chttp2/transport/parsing.c @@ -45,6 +45,10 @@ #include "src/core/lib/profiling/timers.h" #include "src/core/lib/transport/static_metadata.h" +#define TRANSPORT_FROM_PARSING(tp) \ + ((grpc_chttp2_transport *)((char *)(tp)-offsetof(grpc_chttp2_transport, \ + parsing))) + static int init_frame_parser(grpc_exec_ctx *exec_ctx, grpc_chttp2_transport_parsing *transport_parsing); static int init_header_frame_parser( @@ -170,7 +174,9 @@ void grpc_chttp2_publish_reads( while (grpc_chttp2_list_pop_parsing_seen_stream( transport_global, transport_parsing, &stream_global, &stream_parsing)) { if (stream_parsing->seen_error) { - stream_global->seen_error = 1; + stream_global->seen_error = true; + stream_global->exceeded_metadata_size = + stream_parsing->exceeded_metadata_size; grpc_chttp2_list_add_check_read_ops(transport_global, stream_global); } @@ -612,7 +618,7 @@ static void on_initial_header(void *tp, grpc_mdelem *md) { if (md->key == GRPC_MDSTR_GRPC_STATUS && md != GRPC_MDELEM_GRPC_STATUS_0) { /* TODO(ctiller): check for a status like " 0" */ - stream_parsing->seen_error = 1; + stream_parsing->seen_error = true; } if (md->key == GRPC_MDSTR_GRPC_TIMEOUT) { @@ -633,8 +639,26 @@ static void on_initial_header(void *tp, grpc_mdelem *md) { gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC), *cached_timeout)); GRPC_MDELEM_UNREF(md); } else { - grpc_chttp2_incoming_metadata_buffer_add( - &stream_parsing->metadata_buffer[0], md); + const size_t new_size = + stream_parsing->metadata_buffer[0].size + GRPC_MDELEM_LENGTH(md); + grpc_chttp2_transport_global *transport_global = + &TRANSPORT_FROM_PARSING(transport_parsing)->global; + const size_t metadata_size_limit = + transport_global->settings[GRPC_LOCAL_SETTINGS] + [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]; + if (new_size > metadata_size_limit) { + if (!stream_parsing->exceeded_metadata_size) { + gpr_log(GPR_DEBUG, + "received initial metadata size exceeds limit (%lu vs. %lu)", + new_size, metadata_size_limit); + stream_parsing->seen_error = true; + stream_parsing->exceeded_metadata_size = true; + } + GRPC_MDELEM_UNREF(md); + } else { + grpc_chttp2_incoming_metadata_buffer_add( + &stream_parsing->metadata_buffer[0], md); + } } grpc_chttp2_list_add_parsing_seen_stream(transport_parsing, stream_parsing); @@ -658,12 +682,30 @@ static void on_trailing_header(void *tp, grpc_mdelem *md) { if (md->key == GRPC_MDSTR_GRPC_STATUS && md != GRPC_MDELEM_GRPC_STATUS_0) { /* TODO(ctiller): check for a status like " 0" */ - stream_parsing->seen_error = 1; + stream_parsing->seen_error = true; + } + + const size_t new_size = + stream_parsing->metadata_buffer[1].size + GRPC_MDELEM_LENGTH(md); + grpc_chttp2_transport_global *transport_global = + &TRANSPORT_FROM_PARSING(transport_parsing)->global; + const size_t metadata_size_limit = + transport_global->settings[GRPC_LOCAL_SETTINGS] + [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]; + if (new_size > metadata_size_limit) { + if (!stream_parsing->exceeded_metadata_size) { + gpr_log(GPR_DEBUG, + "received trailing metadata size exceeds limit (%lu vs. %lu)", + new_size, metadata_size_limit); + stream_parsing->seen_error = true; + stream_parsing->exceeded_metadata_size = true; + } + GRPC_MDELEM_UNREF(md); + } else { + grpc_chttp2_incoming_metadata_buffer_add( + &stream_parsing->metadata_buffer[1], md); } - grpc_chttp2_incoming_metadata_buffer_add(&stream_parsing->metadata_buffer[1], - md); - grpc_chttp2_list_add_parsing_seen_stream(transport_parsing, stream_parsing); GPR_TIMER_END("on_trailing_header", 0); |