grpc 1.55.0 → 1.55.3

data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc

@@ -23,7 +23,9 @@
 #include <sys/socket.h>  // IWYU pragma: keep
 #include <unistd.h>      // IWYU pragma: keep
 
+#include <atomic>
 #include <string>
+#include <tuple>
 #include <utility>
 
 #include "absl/functional/any_invocable.h"
@@ -41,6 +43,7 @@
 #include "src/core/lib/event_engine/posix_engine/tcp_socket_utils.h"
 #include "src/core/lib/event_engine/tcp_socket_utils.h"
 #include "src/core/lib/gprpp/status_helper.h"
+#include "src/core/lib/gprpp/time.h"
 #include "src/core/lib/iomgr/socket_mutator.h"
 
 namespace grpc_event_engine {
@@ -136,6 +139,32 @@ void PosixEngineListenerImpl::AsyncConnectionAcceptor::NotifyOnAccept(
       switch (errno) {
         case EINTR:
           continue;
+        case EMFILE:
+          // When the process runs out of fds, accept4() returns EMFILE. When
+          // this happens, the connection is left in the accept queue until
+          // either a read event triggers the on_read callback, or time has
+          // passed and the accept should be re-tried regardless. This callback
+          // is not cancelled, so a spurious wakeup may occur even when there's
+          // nothing to accept. This is not a performant code path, but if an fd
+          // limit has been reached, the system is likely in an unhappy state
+          // regardless.
+          GRPC_LOG_EVERY_N_SEC(1, GPR_ERROR, "%s",
+                               "File descriptor limit reached. Retrying.");
+          handle_->NotifyOnRead(notify_on_accept_);
+          // Do not schedule another timer if one is already armed.
+          if (retry_timer_armed_.exchange(true)) return;
+          // Hold a ref while the retry timer is waiting, to prevent listener
+          // destruction and the races that would ensue.
+          Ref();
+          std::ignore =
+              engine_->RunAfter(grpc_core::Duration::Seconds(1), [this]() {
+                retry_timer_armed_.store(false);
+                if (!handle_->IsHandleShutdown()) {
+                  handle_->SetReadable();
+                }
+                Unref();
+              });
+          return;
         case EAGAIN:
         case ECONNABORTED:
           handle_->NotifyOnRead(notify_on_accept_);

data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h

@@ -121,6 +121,9 @@ class PosixEngineListenerImpl
     ListenerSocketsContainer::ListenerSocket socket_;
     EventHandle* handle_;
     PosixEngineClosure* notify_on_accept_;
+    // Tracks the status of a backup timer to retry accept4 calls after file
+    // descriptor exhaustion.
+    std::atomic<bool> retry_timer_armed_{false};
   };
   class ListenerAsyncAcceptors : public ListenerSocketsContainer {
    public:

data/src/core/lib/iomgr/tcp_server_posix.cc

@@ -16,13 +16,17 @@
 //
 //
 
+#include <grpc/support/port_platform.h>
+
+#include <utility>
+
+#include <grpc/support/atm.h>
+
 // FIXME: "posix" files shouldn't be depending on _GNU_SOURCE
 #ifndef _GNU_SOURCE
 #define _GNU_SOURCE
 #endif
 
-#include <grpc/support/port_platform.h>
-
 #include "src/core/lib/iomgr/port.h"
 
 #ifdef GRPC_POSIX_SOCKET_TCP_SERVER
@@ -45,6 +49,7 @@
 
 #include <grpc/byte_buffer.h>
 #include <grpc/event_engine/endpoint_config.h>
+#include <grpc/event_engine/event_engine.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 #include <grpc/support/sync.h>
@@ -75,6 +80,8 @@
 #include "src/core/lib/transport/error_utils.h"
 
 static std::atomic<int64_t> num_dropped_connections{0};
+static constexpr grpc_core::Duration kRetryAcceptWaitTime{
+    grpc_core::Duration::Seconds(1)};
 
 using ::grpc_event_engine::experimental::EndpointConfig;
 using ::grpc_event_engine::experimental::EventEngine;
@@ -339,22 +346,38 @@ static void on_read(void* arg, grpc_error_handle err) {
     if (fd < 0) {
       if (errno == EINTR) {
         continue;
-      } else if (errno == EAGAIN || errno == ECONNABORTED ||
-                 errno == EWOULDBLOCK) {
+      }
+      // When the process runs out of fds, accept4() returns EMFILE. When this
+      // happens, the connection is left in the accept queue until either a
+      // read event triggers the on_read callback, or time has passed and the
+      // accept should be re-tried regardless. This callback is not cancelled,
+      // so a spurious wakeup may occur even when there's nothing to accept.
+      // This is not a performant code path, but if an fd limit has been
+      // reached, the system is likely in an unhappy state regardless.
+      if (errno == EMFILE) {
+        GRPC_LOG_EVERY_N_SEC(1, GPR_ERROR, "%s",
+                             "File descriptor limit reached. Retrying.");
+        grpc_fd_notify_on_read(sp->emfd, &sp->read_closure);
+        if (gpr_atm_full_xchg(&sp->retry_timer_armed, true)) return;
+        grpc_timer_init(&sp->retry_timer,
+                        grpc_core::Timestamp::Now() + kRetryAcceptWaitTime,
+                        &sp->retry_closure);
+        return;
+      }
+      if (errno == EAGAIN || errno == ECONNABORTED || errno == EWOULDBLOCK) {
         grpc_fd_notify_on_read(sp->emfd, &sp->read_closure);
         return;
+      }
+      gpr_mu_lock(&sp->server->mu);
+      if (!sp->server->shutdown_listeners) {
+        gpr_log(GPR_ERROR, "Failed accept4: %s",
+                grpc_core::StrError(errno).c_str());
       } else {
-        gpr_mu_lock(&sp->server->mu);
-        if (!sp->server->shutdown_listeners) {
-          gpr_log(GPR_ERROR, "Failed accept4: %s",
-                  grpc_core::StrError(errno).c_str());
-        } else {
-          // if we have shutdown listeners, accept4 could fail, and we
-          // needn't notify users
-        }
-        gpr_mu_unlock(&sp->server->mu);
-        goto error;
+        // if we have shutdown listeners, accept4 could fail, and we
+        // needn't notify users
       }
+      gpr_mu_unlock(&sp->server->mu);
+      goto error;
     }
 
     if (sp->server->memory_quota->IsMemoryPressureHigh()) {
@@ -547,6 +570,7 @@ static grpc_error_handle clone_port(grpc_tcp_listener* listener,
     sp->port_index = listener->port_index;
     sp->fd_index = listener->fd_index + count - i;
     GPR_ASSERT(sp->emfd);
+    grpc_tcp_server_listener_initialize_retry_timer(sp);
     while (listener->server->tail->next != nullptr) {
       listener->server->tail = listener->server->tail->next;
     }
@@ -780,6 +804,7 @@ static void tcp_server_shutdown_listeners(grpc_tcp_server* s) {
   if (s->active_ports) {
     grpc_tcp_listener* sp;
     for (sp = s->head; sp; sp = sp->next) {
+      grpc_timer_cancel(&sp->retry_timer);
       grpc_fd_shutdown(sp->emfd, GRPC_ERROR_CREATE("Server shutdown"));
     }
   }

data/src/core/lib/iomgr/tcp_server_utils_posix.h

@@ -30,6 +30,7 @@
 #include "src/core/lib/iomgr/resolve_address.h"
 #include "src/core/lib/iomgr/socket_utils_posix.h"
 #include "src/core/lib/iomgr/tcp_server.h"
+#include "src/core/lib/iomgr/timer.h"
 #include "src/core/lib/resource_quota/memory_quota.h"
 
 // one listening port
@@ -52,6 +53,11 @@ typedef struct grpc_tcp_listener {
   // identified while iterating through 'next'.
   struct grpc_tcp_listener* sibling;
   int is_sibling;
+  // If an accept4() call fails, a timer is started to drain the accept queue in
+  // case no further connection attempts reach the gRPC server.
+  grpc_closure retry_closure;
+  grpc_timer retry_timer;
+  gpr_atm retry_timer_armed;
 } grpc_tcp_listener;
 
 // the overall server
@@ -139,4 +145,10 @@ grpc_error_handle grpc_tcp_server_prepare_socket(
 // Ruturn true if the platform supports ifaddrs
 bool grpc_tcp_server_have_ifaddrs(void);
 
+// Initialize (but don't start) the timer and callback to retry accept4() on a
+// listening socket after file descriptors have been exhausted. This must be
+// called when creating a new listener.
+void grpc_tcp_server_listener_initialize_retry_timer(
+    grpc_tcp_listener* listener);
+
 #endif  // GRPC_SRC_CORE_LIB_IOMGR_TCP_SERVER_UTILS_POSIX_H

data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc

@@ -18,6 +18,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include <grpc/support/atm.h>
+
 #include "src/core/lib/iomgr/port.h"
 
 #ifdef GRPC_POSIX_SOCKET_TCP_SERVER_UTILS_COMMON
@@ -81,6 +83,24 @@ static int get_max_accept_queue_size(void) {
   return s_max_accept_queue_size;
 }
 
+static void listener_retry_timer_cb(void* arg, grpc_error_handle err) {
+  // Do nothing if cancelled.
+  if (!err.ok()) return;
+  grpc_tcp_listener* listener = static_cast<grpc_tcp_listener*>(arg);
+  gpr_atm_no_barrier_store(&listener->retry_timer_armed, false);
+  if (!grpc_fd_is_shutdown(listener->emfd)) {
+    grpc_fd_set_readable(listener->emfd);
+  }
+}
+
+void grpc_tcp_server_listener_initialize_retry_timer(
+    grpc_tcp_listener* listener) {
+  gpr_atm_no_barrier_store(&listener->retry_timer_armed, false);
+  grpc_timer_init_unset(&listener->retry_timer);
+  GRPC_CLOSURE_INIT(&listener->retry_closure, listener_retry_timer_cb, listener,
+                    grpc_schedule_on_exec_ctx);
+}
+
 static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd,
                                               const grpc_resolved_address* addr,
                                               unsigned port_index,
@@ -112,6 +132,7 @@ static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd,
   sp->server = s;
   sp->fd = fd;
   sp->emfd = grpc_fd_create(fd, name.c_str(), true);
+  grpc_tcp_server_listener_initialize_retry_timer(sp);
 
   // Check and set fd as prellocated
   if (grpc_tcp_server_pre_allocated_fd(s) == fd) {

data/src/core/lib/surface/validate_metadata.cc

@@ -21,8 +21,6 @@
 #include "src/core/lib/surface/validate_metadata.h"
 
 #include "absl/status/status.h"
-#include "absl/strings/escaping.h"
-#include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 
 #include <grpc/grpc.h>
@@ -46,32 +44,49 @@ class LegalHeaderKeyBits : public BitSet<256> {
 };
 constexpr LegalHeaderKeyBits g_legal_header_key_bits;
 
-GPR_ATTRIBUTE_NOINLINE
-absl::Status DoesNotConformTo(absl::string_view x, const char* err_desc) {
-  return absl::InternalError(absl::StrCat(err_desc, ": ", x, " (hex ",
-                                          absl::BytesToHexString(x), ")"));
-}
-
-absl::Status ConformsTo(absl::string_view x, const BitSet<256>& legal_bits,
-                        const char* err_desc) {
+ValidateMetadataResult ConformsTo(absl::string_view x,
+                                  const BitSet<256>& legal_bits,
+                                  ValidateMetadataResult error) {
   for (uint8_t c : x) {
     if (!legal_bits.is_set(c)) {
-      return DoesNotConformTo(x, err_desc);
+      return error;
     }
   }
-  return absl::OkStatus();
+  return ValidateMetadataResult::kOk;
+}
+
+absl::Status UpgradeToStatus(ValidateMetadataResult result) {
+  if (result == ValidateMetadataResult::kOk) return absl::OkStatus();
+  return absl::InternalError(ValidateMetadataResultToString(result));
 }
+
 }  // namespace
 
-absl::Status ValidateHeaderKeyIsLegal(absl::string_view key) {
+ValidateMetadataResult ValidateHeaderKeyIsLegal(absl::string_view key) {
   if (key.empty()) {
-    return absl::InternalError("Metadata keys cannot be zero length");
+    return ValidateMetadataResult::kCannotBeZeroLength;
   }
   if (key.size() > UINT32_MAX) {
-    return absl::InternalError(
-        "Metadata keys cannot be larger than UINT32_MAX");
+    return ValidateMetadataResult::kTooLong;
+  }
+  return ConformsTo(key, g_legal_header_key_bits,
+                    ValidateMetadataResult::kIllegalHeaderKey);
+}
+
+const char* ValidateMetadataResultToString(ValidateMetadataResult result) {
+  switch (result) {
+    case ValidateMetadataResult::kOk:
+      return "Ok";
+    case ValidateMetadataResult::kCannotBeZeroLength:
+      return "Metadata keys cannot be zero length";
+    case ValidateMetadataResult::kTooLong:
+      return "Metadata keys cannot be larger than UINT32_MAX";
+    case ValidateMetadataResult::kIllegalHeaderKey:
+      return "Illegal header key";
+    case ValidateMetadataResult::kIllegalHeaderValue:
+      return "Illegal header value";
   }
-  return ConformsTo(key, g_legal_header_key_bits, "Illegal header key");
+  GPR_UNREACHABLE_CODE(return "Unknown");
 }
 
 }  // namespace grpc_core
@@ -82,8 +97,8 @@ static int error2int(grpc_error_handle error) {
 }
 
 grpc_error_handle grpc_validate_header_key_is_legal(const grpc_slice& slice) {
-  return grpc_core::ValidateHeaderKeyIsLegal(
-      grpc_core::StringViewFromSlice(slice));
+  return grpc_core::UpgradeToStatus(grpc_core::ValidateHeaderKeyIsLegal(
+      grpc_core::StringViewFromSlice(slice)));
 }
 
 int grpc_header_key_is_legal(grpc_slice slice) {
@@ -104,9 +119,9 @@ constexpr LegalHeaderNonBinValueBits g_legal_header_non_bin_value_bits;
 
 grpc_error_handle grpc_validate_header_nonbin_value_is_legal(
     const grpc_slice& slice) {
-  return grpc_core::ConformsTo(grpc_core::StringViewFromSlice(slice),
-                               g_legal_header_non_bin_value_bits,
-                               "Illegal header value");
+  return grpc_core::UpgradeToStatus(grpc_core::ConformsTo(
+      grpc_core::StringViewFromSlice(slice), g_legal_header_non_bin_value_bits,
+      grpc_core::ValidateMetadataResult::kIllegalHeaderValue));
 }
 
 int grpc_header_nonbin_value_is_legal(grpc_slice slice) {

data/src/core/lib/surface/validate_metadata.h

@@ -25,7 +25,6 @@
 
 #include <cstring>
 
-#include "absl/status/status.h"
 #include "absl/strings/string_view.h"
 
 #include <grpc/slice.h>
@@ -35,9 +34,20 @@
 
 namespace grpc_core {
 
-absl::Status ValidateHeaderKeyIsLegal(absl::string_view key);
+enum class ValidateMetadataResult : uint8_t {
+  kOk,
+  kCannotBeZeroLength,
+  kTooLong,
+  kIllegalHeaderKey,
+  kIllegalHeaderValue
+};
 
-}
+const char* ValidateMetadataResultToString(ValidateMetadataResult result);
+
+// Returns nullopt if the key is legal, otherwise returns an error message.
+ValidateMetadataResult ValidateHeaderKeyIsLegal(absl::string_view key);
+
+}  // namespace grpc_core
 
 grpc_error_handle grpc_validate_header_key_is_legal(const grpc_slice& slice);
 grpc_error_handle grpc_validate_header_nonbin_value_is_legal(

data/src/ruby/lib/grpc/version.rb

@@ -14,5 +14,5 @@
 
 # GRPC contains the General RPC module.
 module GRPC
-  VERSION = '1.55.0'
+  VERSION = '1.55.3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grpc
 version: !ruby/object:Gem::Version
-  version: 1.55.0
+  version: 1.55.3
 platform: ruby
 authors:
 - gRPC Authors
 autorequire: 
 bindir: src/ruby/bin
 cert_chain: []
-date: 2023-05-19 00:00:00.000000000 Z
+date: 2023-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-protobuf
@@ -462,6 +462,8 @@ files:
 - src/core/ext/transport/chttp2/transport/hpack_encoder.h
 - src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc
 - src/core/ext/transport/chttp2/transport/hpack_encoder_table.h
+- src/core/ext/transport/chttp2/transport/hpack_parse_result.cc
+- src/core/ext/transport/chttp2/transport/hpack_parse_result.h
 - src/core/ext/transport/chttp2/transport/hpack_parser.cc
 - src/core/ext/transport/chttp2/transport/hpack_parser.h
 - src/core/ext/transport/chttp2/transport/hpack_parser_table.cc
@@ -3208,7 +3210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.13
+rubygems_version: 3.4.17
 signing_key: 
 specification_version: 4
 summary: GRPC system in Ruby