Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix HttpContext race condition by copying values to reader and writer #2294

Merged
merged 5 commits into from
Oct 18, 2023

Conversation

JamesNK
Copy link
Member

@JamesNK JamesNK commented Oct 13, 2023

Potential fix to HttpContext.RequestAborted race condition. Fix is to copy fields need from the context when reader and writer are created.

@JamesNK JamesNK marked this pull request as draft October 13, 2023 07:04
@JamesNK JamesNK marked this pull request as ready for review October 14, 2023 04:22
// Copy HttpContext values.
// This is done to avoid a race condition when reading them from HttpContext later when running in a separate thread.
_bodyReader = _serverCallContext.HttpContext.Request.BodyReader;
// Copy lifetime feature because HttpContext.RequestAborted on .NET 6 doesn't return the real cancellation token.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you explain both the 6.0 comment as well as this whole PR?

From my understanding; If you're using the cancellation token on a background thread it might be disposed instead of canceled when the HttpContext is reused. And if you access the token property after it's been reset you might be using a token from another request.

Copy link
Member Author

@JamesNK JamesNK Oct 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Root problem: dotnet/aspnetcore#42040
The fix it to access the cancellation token on the feature directly. HttpContext.RequestAborted isn't thread-safe but the feature is.

re: .NET 6. I observed that the cancellation token returned by HttpContext.RequestAborted and cached at the start of the request behaved strangely. It wouldn't immediately be canceled when the request was aborted. The cached HttpContext.RequestAborted value appeared to be different from the value after the abort happened (but while the request was still in progress, so the value isn't coming from another request). I didn't investigate why I got this odd behavior in .NET 6 since there was a workaround - access the token from the feature - and .NET 7 and .NET 8 behaved how I expected.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Root problem: dotnet/aspnetcore#42040
The fix it to access the cancellation token on the feature directly. HttpContext.RequestAborted isn't thread-safe but the feature is.

Oh, so gRPC isn't using the token after the middleware returns? That's what my comment was focused on.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. This is in the context of one request.

@JamesNK JamesNK merged commit 91be392 into grpc:master Oct 18, 2023
2 checks passed
@JamesNK JamesNK deleted the jamesnk/streaming-race branch October 18, 2023 00:26
oguzhand95 referenced this pull request in cerbos/cerbos-sdk-net Dec 7, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [Google.Protobuf](https://togithub.com/protocolbuffers/protobuf) |
`3.25.0` -> `3.25.1` |
[![age](https://developer.mend.io/api/mc/badges/age/nuget/Google.Protobuf/3.25.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/Google.Protobuf/3.25.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/Google.Protobuf/3.25.0/3.25.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/Google.Protobuf/3.25.0/3.25.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [Grpc.Net.Client](https://togithub.com/grpc/grpc-dotnet) | `2.58.0` ->
`2.59.0` |
[![age](https://developer.mend.io/api/mc/badges/age/nuget/Grpc.Net.Client/2.59.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/Grpc.Net.Client/2.59.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/Grpc.Net.Client/2.58.0/2.59.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/Grpc.Net.Client/2.58.0/2.59.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [Microsoft.NET.Test.Sdk](https://togithub.com/microsoft/vstest) |
`17.7.2` -> `17.8.0` |
[![age](https://developer.mend.io/api/mc/badges/age/nuget/Microsoft.NET.Test.Sdk/17.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/Microsoft.NET.Test.Sdk/17.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/Microsoft.NET.Test.Sdk/17.7.2/17.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/Microsoft.NET.Test.Sdk/17.7.2/17.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [NUnit.Analyzers](https://togithub.com/nunit/nunit.analyzers) |
`3.9.0` -> `3.10.0` |
[![age](https://developer.mend.io/api/mc/badges/age/nuget/NUnit.Analyzers/3.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/NUnit.Analyzers/3.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/NUnit.Analyzers/3.9.0/3.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/NUnit.Analyzers/3.9.0/3.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [Testcontainers](https://dotnet.testcontainers.org/)
([source](https://togithub.com/testcontainers/testcontainers-dotnet)) |
`3.5.0` -> `3.6.0` |
[![age](https://developer.mend.io/api/mc/badges/age/nuget/Testcontainers/3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/Testcontainers/3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/Testcontainers/3.5.0/3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/Testcontainers/3.5.0/3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [cake.tool](https://cakebuild.net/)
([source](https://togithub.com/cake-build/cake)) | `3.1.0` -> `3.2.0` |
[![age](https://developer.mend.io/api/mc/badges/age/nuget/cake.tool/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/cake.tool/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/cake.tool/3.1.0/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/cake.tool/3.1.0/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf (Google.Protobuf)</summary>

###
[`v3.25.1`](https://togithub.com/protocolbuffers/protobuf/compare/v3.25.0...v3.25.1)

</details>

<details>
<summary>grpc/grpc-dotnet (Grpc.Net.Client)</summary>

###
[`v2.59.0`](https://togithub.com/grpc/grpc-dotnet/releases/tag/v2.59.0)

##### What's Changed

- Fix HttpContext race condition by copying values to reader and writer
by [@&#8203;JamesNK](https://togithub.com/JamesNK) in
[https://github.com/grpc/grpc-dotnet/pull/2294](https://togithub.com/grpc/grpc-dotnet/pull/2294)
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.17.3 to 7.23.2 in /examples/Spar/Server/ClientApp by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/grpc/grpc-dotnet/pull/2298](https://togithub.com/grpc/grpc-dotnet/pull/2298)
- Update grpc tools to 2.59 by
[@&#8203;apolcyn](https://togithub.com/apolcyn) in
[https://github.com/grpc/grpc-dotnet/pull/2303](https://togithub.com/grpc/grpc-dotnet/pull/2303)

**Full Changelog**:
grpc/grpc-dotnet@v2.58.0...v2.59.0

</details>

<details>
<summary>microsoft/vstest (Microsoft.NET.Test.Sdk)</summary>

###
[`v17.8.0`](https://togithub.com/microsoft/vstest/releases/tag/v17.8.0)

#### What's Changed

**Full Changelog**:
microsoft/vstest@v17.7.2...v17.8.0

</details>

<details>
<summary>nunit/nunit.analyzers (NUnit.Analyzers)</summary>

###
[`v3.10.0`](https://togithub.com/nunit/nunit.analyzers/releases/tag/3.10.0):
NUnit Analyzers 3.10 (and 2.10)

[Compare
Source](https://togithub.com/nunit/nunit.analyzers/compare/3.9.0...3.10.0)

NUnit Analyzers 3.10 (and 2.10) - November 27, 2023

This release adds a couple of improvements to the analyzers:

- Check that users don't accidentally specify CallerArgumentExpression
parameters
- Relax analyzers for added support for IAsyncEnumerable on \*Source
attributes

These improvements extend the functionality in the beta that added
support for NUnit 4 and
for migrating to NUnit 4. Especially, the handling of the movement of
classic asserts into a new namespace
NUnit.Framework.Legacy and of the improved assert result messages - for
more information see
https://docs.nunit.org/articles/nunit/Towards-NUnit4.html. The analyzers
can help updating the
classic assert and fix the assert messages.

The release contains contributions from the following users (in
alphabetical order):

-   [@&#8203;manfred-brands](https://togithub.com/manfred-brands)
-   [@&#8203;mikkelbu](https://togithub.com/mikkelbu)
-   [@&#8203;stevenaw](https://togithub.com/stevenaw)

Issues Resolved

Features and Enhancements

- [#&#8203;639](https://togithub.com/nunit/nunit.analyzers/issues/639)
Rule to check users don't accidentally specify CallerArgumentExpression
parameters
- [#&#8203;634](https://togithub.com/nunit/nunit.analyzers/issues/634)
Relax analyzers for added support for IAsyncEnumerable on \*Source
attributes

Tooling, Process, and Documentation

- [#&#8203;648](https://togithub.com/nunit/nunit.analyzers/issues/648)
chore: Skip branch builds on PRs
- [#&#8203;644](https://togithub.com/nunit/nunit.analyzers/issues/644)
chore: Update release notes for 3.10 beta
- [#&#8203;429](https://togithub.com/nunit/nunit.analyzers/issues/429)
Drop the VSIX project

</details>

<details>
<summary>testcontainers/testcontainers-dotnet (Testcontainers)</summary>

###
[`v3.6.0`](https://togithub.com/testcontainers/testcontainers-dotnet/releases/tag/3.6.0)

[Compare
Source](https://togithub.com/testcontainers/testcontainers-dotnet/compare/3.5.0...3.6.0)

A heartfelt thank you to each contributor. Your contributions, whether
through sharing ideas for improvements, identifying issues, submitting
pull requests, or writing articles, are immensely appreciated and help
me a lot. THANK YOU for your support.

### What's Changed

#### ⚠️ Breaking Changes

The members of the container and image builder, `WithImagePullPolicy`
and `WithImageBuildPolicy`, previously received a callback argument of
type `ImagesListResponse`. We've now updated these callbacks, and they
will receive an argument of type `ImageInspectResponse`. This change was
implemented to offer more detailed information regarding the actual
cached image.

- feat: Use Docker's inspect API to get resource information
([#&#8203;1018](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1018))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)

#### 🚀 Features

- feat: Extend the "wait until file exists" API to distinguish between
the test host and container filesystem
([#&#8203;1009](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1009))
[@&#8203;maaex](https://togithub.com/maaex)
- chore: Do not pre-pull cached images
([#&#8203;1032](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1032))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)
- feat: Add Consul module
([#&#8203;1028](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1028))
[@&#8203;witskeeper](https://togithub.com/witskeeper)
- feat: Add Google Cloud Storage API (fake-gcs-server) module
([#&#8203;1023](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1023))
[@&#8203;KSemenenko](https://togithub.com/KSemenenko)
- feat: Add PubSub module
([#&#8203;1005](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1005))
[@&#8203;dejandjenic](https://togithub.com/dejandjenic)
- feat: Share common interface (IDatabaseContainer) for ADO.NET
compatible containers
([#&#8203;920](https://togithub.com/testcontainers/testcontainers-dotnet/issues/920))
[@&#8203;0xced](https://togithub.com/0xced)
- feat: Use Docker's inspect API to get resource information
([#&#8203;1018](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1018))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)
- feat: Ignore FROM args when pre-pulling images
([#&#8203;1016](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1016))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)
- feat: Add NATS module
([#&#8203;1003](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1003))
[@&#8203;niklasfp](https://togithub.com/niklasfp)
- feat: Add Firestore module
([#&#8203;988](https://togithub.com/testcontainers/testcontainers-dotnet/issues/988))
[@&#8203;dejandjenic](https://togithub.com/dejandjenic)

#### 🐛 Bug Fixes

- fix: Retain the internal Couchbase builder configuration if the user
overrides the default configuration
([#&#8203;1040](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1040))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)
- fix: Prevent invalid negative timestamps getting container logs
([#&#8203;1038](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1038))
[@&#8203;mausch](https://togithub.com/mausch)

#### 📖 Documentation

- docs: Add Neo4j example
([#&#8203;1013](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1013))
[@&#8203;khalidabuhakmeh](https://togithub.com/khalidabuhakmeh)
- docs: Add MongoDB example
([#&#8203;1012](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1012))
[@&#8203;khalidabuhakmeh](https://togithub.com/khalidabuhakmeh)
- docs: Add Elasticsearch example
([#&#8203;1010](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1010))
[@&#8203;khalidabuhakmeh](https://togithub.com/khalidabuhakmeh)
- docs: Add Microsoft SQL Server example
([#&#8203;1008](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1008))
[@&#8203;khalidabuhakmeh](https://togithub.com/khalidabuhakmeh)
- docs: Add Flyway example
([#&#8203;1002](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1002))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)

#### 🧹 Housekeeping

- refactor: Cache Docker image full and host name
([#&#8203;1043](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1043))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)
- chore: Remove unnecessary internal APIs
([#&#8203;1020](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1020))
[@&#8203;HofmeisterAn](https://togithub.com/HofmeisterAn)
- chore: Update SSH.NET to version 2023.0.0
([#&#8203;1019](https://togithub.com/testcontainers/testcontainers-dotnet/issues/1019))
[@&#8203;WojciechNagorski](https://togithub.com/WojciechNagorski)

</details>

<details>
<summary>cake-build/cake (cake.tool)</summary>

###
[`v3.2.0`](https://togithub.com/cake-build/cake/blob/HEAD/ReleaseNotes.md#New-in-320-Released-20231110)

- 4225 Add DotNetRemovePackage alias for dotnet remove package command.
-   4187 Add DotNetAddPackage alias for dotnet add package command.
-   4221 Add Azure Pipelines group logging commands.
-   4219 Update Microsoft.CodeAnalysis.CSharp.Scripting to 4.7.0.
-   4217 Update NuGet.\* to 6.7.0.
-   4215 Update Autofac to 7.1.0.
-   4157 Upgrading to spectre.console 0.47.0 breaks the cake build.
-   4144 DotNetMSBuildSettings is missing NodeReuse.
-   3996 Error: Bad IL format with Cake MacOSX (2.3.0 - 3.1.0).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerbos/cerbos-sdk-net).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oğuzhan Durgun <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Oğuzhan Durgun <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants