0a19fe3b60
We use capped exponential backoff in several places in the code when handling failures. The code we've copy-and-pasted all over has a check to see if the backoff is greater than the limit, but this check happens after the bitshift and we always increment the number of attempts. This causes an overflow with a fairly small number of failures (ex. at one place I tested it occurs after only 24 iterations), resulting in a negative backoff which then never recovers. The backoff becomes a tight loop consuming resources and/or DoS'ing a Nomad RPC handler or an external API such as Vault. Note this doesn't occur in places where we cap the number of iterations so the loop breaks (usually to return an error), so long as the number of iterations is reasonable. Introduce a helper with a check on the cap before the bitshift to avoid overflow in all places this can occur. Fixes: #18199 Co-authored-by: stswidwinski <stan.swidwinski@gmail.com> |
||
|---|---|---|
| .. | ||
| args | ||
| boltdd | ||
| broker | ||
| bufconndialer | ||
| codec | ||
| constraints/semver | ||
| crypto | ||
| discover | ||
| envoy | ||
| escapingfs | ||
| escapingio | ||
| flags | ||
| flatmap | ||
| gated-writer | ||
| grpc-middleware/logging | ||
| ipaddr | ||
| iterator | ||
| logging | ||
| mount | ||
| noxssrw | ||
| pluginutils | ||
| pointer | ||
| pool | ||
| raftutil | ||
| snapshot | ||
| stats | ||
| subproc | ||
| testlog | ||
| testtask | ||
| tlsutil | ||
| useragent | ||
| users | ||
| uuid | ||
| winsvc | ||
| backoff.go | ||
| backoff_test.go | ||
| cluster.go | ||
| cluster_test.go | ||
| eof.go | ||
| funcs.go | ||
| funcs_test.go | ||
| opaque.go | ||
| opaque_test.go | ||
| warning.go | ||
| warning_test.go | ||