From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 97D383858C60; Fri, 27 Aug 2021 17:43:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 97D383858C60 From: "mark at klomp dot org" To: elfutils-devel@sourceware.org Subject: [Bug debuginfod/27917] protect against federation loops Date: Fri, 27 Aug 2021 17:43:22 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: debuginfod X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mark at klomp dot org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dichen at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution cc bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2021 17:43:22 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27917 Mark Wielaard changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED CC| |mark at klomp dot org Status|NEW |RESOLVED --- Comment #3 from Mark Wielaard --- commit d3f914023abcd6ae76b168da97518e5e7dbd761a Author: Di Chen Date: Fri Aug 20 13:03:21 2021 +0800 debuginfod: PR27917 - protect against federation loops If someone misconfigures a debuginfod federation to have loops, and a nonexistent buildid lookup is attempted, bad things will happen, as is documented. This patch aims to reduce the risk by adding an option to debuginfod that functions kind of like an IP packet's TTL: a limit on the length of XFF: header that debuginfod is willing to process. If X-Forwarded-For: exceeds N hops, it will not delegate a local lookup miss to upstream debuginfods. Commit ab38d167c40c99 causes federation loops for non-existent resources to result in multiple temporary deadlocks, each lasting for $DEBUGINFOD_TIMEOUT seconds. Since concurrent requests for each unique resource are now serialized, federation loops can result in one server thread waiting to acquire a lock while the server thread holding the lock waits for the first thread to respond to an http request. This PR can help protect against the above multiple temporary deadlocks behaviour. Ex. if --forwarded-ttl-limit=3D0 then the timeout behaviour = of local loops should be avoided. https://sourceware.org/bugzilla/show_bug.cgi?id=3D27917 Signed-off-by: Di Chen --=20 You are receiving this mail because: You are on the CC list for the bug.=