** Description changed: [Impact] Applications using package python-tornado v5.1.1 or earlier are susceptible to an out of memory error related to websockets. [Other Info] Upstream commit(s): https://github.com/tornadoweb/tornado/pull/2351/commits/20becca336caae61cd24f7afba0e177c0a210c70 $ git remote -v origin https://github.com/tornadoweb/tornado.git (fetch) origin https://github.com/tornadoweb/tornado.git (push) $ git describe --contains 20becca3 v5.1.0b1~28^2~1 $ rmadison python3-tornardo => python3-tornado | 4.2.1-1ubuntu3 | xenial python3-tornado | 4.5.3-1 | bionic/universe => python3-tornado | 4.5.3-1ubuntu0.1 | bionic-updates/universe python3-tornado | 6.0.3+really5.1.1-3 | focal/universe python3-tornado | 6.0.4-2 | groovy/universe python3-tornado | 6.0.4-3 | hirsute/universe python3-tornado | 6.1.0-1 | hirsute-proposed/universe [Original Description] Tornado has no 'flow control' for websockets. A websocket will receive data as fast as it can, and store the data in a deque. If that data is not consumed as fast as it is written, then that deque will grow in size indefinitely, ultimately leading to a memory error and killing the process. Fix is to use a Queue. Read and get messages from the queue on the client side. Patch file [0] Commit history [1] GitHub [2] Issue [3] [0] https://patch-diff.githubusercontent.com/raw/tornadoweb/tornado/pull/2351.patch [1] https://github.com/tornadoweb/tornado/pull/2351/commits [2] https://github.com/tornadoweb/tornado [3] https://github.com/tornadoweb/tornado/issues/2341 [Test Case] - # Before adding patch file + I was unable to provide adequate testing and/or a reproducer for this bug. + In the bionic patch, the unit tests were failing and I have added another patch to address this - # lxc container start - lxc launch ubuntu:18.04 server - lxc stop server - - # network setup - lxc network attach lxcbr0 server eth0 eth0 - lxc config device set server eth0 ipv4.address 10.0.0.3 - lxc start server - - # lxc container start - lxc launch ubuntu:18.04 client - lxc stop client - - # network setup - lxc network attach lxcbr0 client eth0 eth0 - lxc config device set client eth0 ipv4.address 10.0.0.3 - lxc start client - - # server.py setup - lxc exec server bash - # run `ip a` or ping google.com to verify internet connectivity - - apt-get update - apt install ubuntu-dev-tools -y - sudo apt-get install build-essential python-dev - - pull-lp-source python-tornado bionic - - sudo apt build-dep . - - # shrink server size - lxc config set server limits.cpu 2 - lxc config set server limits.memory 150MB - lxc exec server bash - - # Copy and paste the attached server.py code - # Saved to python-tornado-4.5.3/demos/ - - # Build and run server.py - python3 setup.py build - python3 setup.py install - python3 demos/server.py - - # client.py setup - # Copy and paste the attached client.py code - # Saved to python-tornado-4.5.3/demos/ - use - `ip a` - to find ip address for client container or exit and do `lxc list` - from python-tornado-4.5.3/ - # edit client.py websocket ip address - client = Client("ws://localhost:3000", 5) - - - # After applying patch file, rebuild/rerun server.py and client.py - Copy and paste the 2 patch files to /python-tornado/debian/patches - [0] fix-oom-error.patch - [1] remove-unused-imports.patch - quilt import patche(s) - quilt pop -a - quilt push -a - quilt refresh - quilt top - python3 setup.py build - python3 setup.py install - python3 demos/client.py + d/p/0001-test-Skip-test_source_port_fail-when-running-as-root.patch
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1903733 Title: Out of memory issue for websocket client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tornado/+bug/1903733/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
