Ubuntu
golang-google-grpc package

  1. Bug #1819936
  2. Comment #0

Comment 0 for bug 1819936

Revision history for this message
Tiit Pikma (thsnr) wrote :

[Impact]

The version of golang-google-grpc packaged in bionic and cosmic (1.6.0-3) crashes intermittently due to a race condition. Upstream bug report and pull requests:

https://github.com/grpc/grpc-go/issues/1111
https://github.com/grpc/grpc-go/pull/1546
https://github.com/grpc/grpc-go/pull/1687

This can cause all packages Built-Using: golang-google-grpc=1.6.0-3 to crash as well (see https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1800973).

The attached debdiff contains two upstream fixes squashed together:

https://github.com/grpc/grpc-go/commit/22c3f92f5faea8db492fb0f5ae4daf0d2752b19e
https://github.com/grpc/grpc-go/commit/c6b46087ab923e9f453ec433f99174cdd45b9b89

These fix the race by synchronizing the entire function.

[Test Case]

1. Download the source: apt source golang-google-grpc && cd golang-google-grpc-1.6.0
2. Patch in the attached test cases: patch -p1 < test-cases-only.patch
   - Theses are part of the upstream patch. Only apply manually to verify problem pre-patch.
3. Build the package, running the test cases: dpkg-buildpackage --target clean,build
   - Since this is a race condition, the first test case is not guaranteed to fail.
   - The second test case should always fail.

With the fixes applied there is no need for step 2 (the test cases are part of the patch) and step 3 succeeds every time without failure.

[Regression potential]

Any regressions are extremely unlikely due to the size and scope of the patch. It removes a guard flag and instead synchronizes access to the entire method with a mutex. The fix has been applied upstream since 30 Nov 2017 and is still in use in the latest release:

https://github.com/grpc/grpc-go/blob/v1.19.0/internal/transport/handler_server.go#L193

A possible source of regressions would be the squashing of the two commits into one. Luckily they were also applied upstream immediately one after the other so it should work without problems.

Issues might also arise from my inexperience in updating Ubuntu packages and submitting patches for Stable Release Updates.

[Other Info]

As golang-google-grpc is a Go library it is linked into other packages statically. This means that simply updating this package is not enough and dependents need to be rebuilt to benefit from these fixes.

If this patch is accepted then I plan to open another SRU request to set the fixed version as a minimal build dependency for etcd to have it also rebuilt and resolve https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1800973.

Release: Ubuntu 18.04.2 LTS
Package: golang-google-grpc 1.6.0-3