upstream: fix mid-batch thread-aware LB initialization out-of-bounds#43697
Merged
Conversation
Signed-off-by: Boteng Yao <boteng@google.com>
wdauchy
approved these changes
Mar 1, 2026
Contributor
wdauchy
left a comment
wdauchy
left a comment
There was a problem hiding this comment.
LGTM, thanks for the fix
nezdolik
reviewed
Mar 2, 2026
| const auto& per_priority_state = (*per_priority_state_vector)[priority]; | ||
| // Copy panic flag from LoadBalancerBase. It is calculated when there is a change | ||
| // in hosts set or hosts' health. | ||
| ASSERT(priority < per_priority_panic_.size()); |
Member
There was a problem hiding this comment.
should this be ASSERT (debug only builds) or RELEASE_ASSERT?
Member
Author
There was a problem hiding this comment.
Using ASSERT is to catch the issue from tests, and it will have issues if this is not true in release, so this is fine, wdyt?
Member
|
apart from one nit comment LGTM! |
nezdolik
approved these changes
Mar 2, 2026
bmjask
pushed a commit
to bmjask/envoy
that referenced
this pull request
Mar 14, 2026
…nvoyproxy#43697) Fixes a crash introduced by envoyproxy#43346. When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop. 1. Process any dirty priorities to properly size vectors if the load balancer is initialized mid-batch. 2. Add a bounds check `ASSERT` to prevent silent out-of-bounds bit vector reads. 3. Add an initialization regression test to prevent this pattern from breaking in the future. Commit Message: Additional Description: Risk Level: low (already guarded by `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update`). Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com> Signed-off-by: bjmask <11672696+bjmask@users.noreply.github.com>
bvandewalle
pushed a commit
to bvandewalle/envoy
that referenced
this pull request
Mar 17, 2026
…nvoyproxy#43697) Fixes a crash introduced by envoyproxy#43346. When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop. 1. Process any dirty priorities to properly size vectors if the load balancer is initialized mid-batch. 2. Add a bounds check `ASSERT` to prevent silent out-of-bounds bit vector reads. 3. Add an initialization regression test to prevent this pattern from breaking in the future. Commit Message: Additional Description: Risk Level: low (already guarded by `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update`). Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
fishcakez
pushed a commit
to fishcakez/envoy
that referenced
this pull request
Mar 25, 2026
…nvoyproxy#43697) Fixes a crash introduced by envoyproxy#43346. When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop. 1. Process any dirty priorities to properly size vectors if the load balancer is initialized mid-batch. 2. Add a bounds check `ASSERT` to prevent silent out-of-bounds bit vector reads. 3. Add an initialization regression test to prevent this pattern from breaking in the future. Commit Message: Additional Description: Risk Level: low (already guarded by `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update`). Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
henrymwang
pushed a commit
to DataDog/envoy
that referenced
this pull request
Apr 13, 2026
…nvoyproxy#43697) Fixes a crash introduced by envoyproxy#43346. When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop. 1. Process any dirty priorities to properly size vectors if the load balancer is initialized mid-batch. 2. Add a bounds check `ASSERT` to prevent silent out-of-bounds bit vector reads. 3. Add an initialization regression test to prevent this pattern from breaking in the future. Commit Message: Additional Description: Risk Level: low (already guarded by `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update`). Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
krinkinmu
pushed a commit
to grnmeira/envoy
that referenced
this pull request
Apr 20, 2026
…nvoyproxy#43697) Fixes a crash introduced by envoyproxy#43346. When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop. 1. Process any dirty priorities to properly size vectors if the load balancer is initialized mid-batch. 2. Add a bounds check `ASSERT` to prevent silent out-of-bounds bit vector reads. 3. Add an initialization regression test to prevent this pattern from breaking in the future. Commit Message: Additional Description: Risk Level: low (already guarded by `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update`). Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes a crash introduced by #43346.
When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop.
ASSERTto prevent silent out-of-bounds bit vector reads.Commit Message:
Additional Description:
Risk Level: low (already guarded by
envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update).Testing:
Docs Changes:
Release Notes: