Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make PASE setup a bit more robust if multiple clients race. #25352

Merged
merged 1 commit into from
Feb 28, 2023

Conversation

bzbarsky-apple
Copy link
Contributor

Without this change, we can end up in the following situation:

  1. A PBKDFParamRequest comes in. We start a PASE handshake. 2) While we are in the middle of that, a PBKDFParamRequest from some other
    entity comes in on a different exchange.
  2. Since we are not expecting PBKDFParamRequest, we not only respond with
    failure to the new message, but also cancel the exising handshake.

So if two clients race to establish PASE, they can keep canceling each other and neither will complete.

The fix is to stop listening for PBKDFParamRequest while we are in the middle of a handshake.

Without this change, we can end up in the following situation:

1) A PBKDFParamRequest comes in.  We start a PASE handshake.
2) While we are in the middle of that, a PBKDFParamRequest from some other
   entity comes in on a different exchange.
3) Since we are not expecting PBKDFParamRequest, we not only respond with
   failure to the new message, but also cancel the exising handshake.

So if two clients race to establish PASE, they can keep canceling each other and
neither will complete.

The fix is to stop listening for PBKDFParamRequest while we are in the middle of
a handshake.
@github-actions
Copy link

PR #25352: Size comparison from af511d7 to c9f2016

Increases (7 builds for cc32xx, mbed, nrfconnect, qpg)
platform target config section af511d7 c9f2016 change % change
cc32xx lock CC3235SF_LAUNCHXL (read only) 642601 643073 472 0.1
.debug_aranges 87280 87328 48 0.1
.debug_frame 299812 299984 172 0.1
.debug_info 20256131 20256926 795 0.0
.debug_line 2656120 2656422 302 0.0
.debug_loc 2797440 2797924 484 0.0
.debug_ranges 281768 281816 48 0.0
.debug_str 3023104 3023324 220 0.0
.rodata 105761 105801 40 0.0
.strtab 377825 378387 562 0.1
.symtab 256224 256512 288 0.1
.text 534716 535148 432 0.1
mbed lock-app CY8CPROTO_062_4343W+release (read/write) 2467096 2467200 104 0.0
.text 1429740 1429844 104 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1167376 1167524 148 0.0
rodata 136188 136224 36 0.0
text 807920 808040 120 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1112396 1112544 148 0.0
rodata 113032 113068 36 0.0
text 777072 777184 112 0.0
all-clusters-app nrf7002dk_nrf5340_cpuapp (read/write) 1372476 1372624 148 0.0
rodata 213576 213612 36 0.0
text 767504 767616 112 0.0
qpg lighting-app qpg6105+debug (read/write) 1151252 1151396 144 0.0
.text 598348 598492 144 0.0
lock-app qpg6105+debug (read/write) 1118452 1118604 152 0.0
.text 565552 565704 152 0.0
Full report (7 builds for cc32xx, mbed, nrfconnect, qpg)
platform target config section af511d7 c9f2016 change % change
cc32xx lock CC3235SF_LAUNCHXL 0 0 0 0.0
(read only) 642601 643073 472 0.1
(read/write) 203688 203688 0 0.0
.ARM.attributes 44 44 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 197088 197088 0 0.0
.comment 194 194 0 0.0
.data 1480 1480 0 0.0
.debug_abbrev 930126 930126 0 0.0
.debug_aranges 87280 87328 48 0.1
.debug_frame 299812 299984 172 0.1
.debug_info 20256131 20256926 795 0.0
.debug_line 2656120 2656422 302 0.0
.debug_loc 2797440 2797924 484 0.0
.debug_ranges 281768 281816 48 0.0
.debug_str 3023104 3023324 220 0.0
.ramVecs 780 780 0 0.0
.resetVecs 64 64 0 0.0
.rodata 105761 105801 40 0.0
.shstrtab 232 232 0 0.0
.stab 204 204 0 0.0
.stabstr 441 441 0 0.0
.stack 2048 2048 0 0.0
.strtab 377825 378387 562 0.1
.symtab 256224 256512 288 0.1
.text 534716 535148 432 0.1
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2467096 2467200 104 0.0
.bss 215804 215804 0 0.0
.data 5880 5880 0 0.0
.text 1429740 1429844 104 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read only) 4 4 0 0.0
(read/write) 1167376 1167524 148 0.0
bss 143423 143423 0 0.0
rodata 136188 136224 36 0.0
text 807920 808040 120 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read only) 4 4 0 0.0
(read/write) 1112396 1112544 148 0.0
bss 142579 142579 0 0.0
rodata 113032 113068 36 0.0
text 777072 777184 112 0.0
all-clusters-app nrf7002dk_nrf5340_cpuapp (read only) 4 4 0 0.0
(read/write) 1372476 1372624 148 0.0
bss 105902 105902 0 0.0
rodata 213576 213612 36 0.0
text 767504 767616 112 0.0
qpg lighting-app qpg6105+debug (read/write) 1151252 1151396 144 0.0
.bss 99804 99804 0 0.0
.data 852 852 0 0.0
.text 598348 598492 144 0.0
lock-app qpg6105+debug (read/write) 1118452 1118604 152 0.0
.bss 96292 96292 0 0.0
.data 864 864 0 0.0
.text 565552 565704 152 0.0

@pullapprove pullapprove bot requested a review from sharadb-amazon February 27, 2023 22:24
@andy31415 andy31415 merged commit faa1c2b into project-chip:master Feb 28, 2023
@bzbarsky-apple bzbarsky-apple deleted the PASE-more-robust branch February 28, 2023 16:48
shchen-Lab added a commit to bouffalolab/connectedhomeip-1 that referenced this pull request Mar 1, 2023
…p-1 into bl702l_matter

* 'bl702l_matter' of github.com:bouffalolab/connectedhomeip-1: (446 commits)
  [Python] Add Python commissioning flow (project-chip#25119)
  Add to flake8 in workflow and fix python files (project-chip#25280)
  Align Time Format Localization cluster XML to spec changes. (project-chip#25289)
  Use the PathsFinder module in scripts/tests/run_test_suite.py instead of having duplicated code (project-chip#25368)
  Add a continuous browse for Matter operational advertisements on Darwin. (project-chip#25317)
  Chef doorlock sample update (project-chip#24118)
  Fix implementation of OnChipScanComplete and OnScanComplete - second PR (project-chip#24873)
  Add to flake8 in workflow and fix python files (project-chip#25279)
  Make PASE setup a bit more robust if multiple clients race. (project-chip#25352)
  Add dependent lib kotlin-stdlib for kotlin version of java-matter-controller (project-chip#25358)
  [python tests] Add to flake8 in workflow and fix python files (part project-chip#25193) (project-chip#25312)
  Add to flake8 in workflow and fix python files (project-chip#25283)
  Add a way to read a concrete attribute path from AttributePathIB::Parser. (project-chip#25293)
  Make sure various tests in TestReadInteraction are not no-ops. (project-chip#25298)
  [Android] Add isUrgent option in Android (project-chip#25301)
  [NXP] Add to flake8 in workflow and fix python files (part project-chip#25193) (project-chip#25305)
  [placeholder] Allow applications can specify which additional sources to build (project-chip#25346)
  Set thread sleep and yield backends for rpc (project-chip#25350)
  [config-data] Remove some enums that just don't generate anything (project-chip#25370)
  [Tizen] CI workflow for running QEMU-based tests (project-chip#24871)
  ...
shchen-Lab added a commit to bouffalolab/connectedhomeip-1 that referenced this pull request Mar 1, 2023
* official/master: (449 commits)
  tv-casting-app: Updating the context we pass to FindOrEstablishSession
  Changing caching logic to match video players using hostname before other attributes
  Enable -Wconversion tree-wide on darwin. (project-chip#25376)
  [Python] Add Python commissioning flow (project-chip#25119)
  Add to flake8 in workflow and fix python files (project-chip#25280)
  Align Time Format Localization cluster XML to spec changes. (project-chip#25289)
  Use the PathsFinder module in scripts/tests/run_test_suite.py instead of having duplicated code (project-chip#25368)
  Add a continuous browse for Matter operational advertisements on Darwin. (project-chip#25317)
  Chef doorlock sample update (project-chip#24118)
  Fix implementation of OnChipScanComplete and OnScanComplete - second PR (project-chip#24873)
  Add to flake8 in workflow and fix python files (project-chip#25279)
  Make PASE setup a bit more robust if multiple clients race. (project-chip#25352)
  Add dependent lib kotlin-stdlib for kotlin version of java-matter-controller (project-chip#25358)
  [python tests] Add to flake8 in workflow and fix python files (part project-chip#25193) (project-chip#25312)
  Add to flake8 in workflow and fix python files (project-chip#25283)
  Add a way to read a concrete attribute path from AttributePathIB::Parser. (project-chip#25293)
  Make sure various tests in TestReadInteraction are not no-ops. (project-chip#25298)
  [Android] Add isUrgent option in Android (project-chip#25301)
  [NXP] Add to flake8 in workflow and fix python files (part project-chip#25193) (project-chip#25305)
  [placeholder] Allow applications can specify which additional sources to build (project-chip#25346)
  ...
lecndav pushed a commit to lecndav/connectedhomeip that referenced this pull request Mar 22, 2023
…chip#25352)

Without this change, we can end up in the following situation:

1) A PBKDFParamRequest comes in.  We start a PASE handshake.
2) While we are in the middle of that, a PBKDFParamRequest from some other
   entity comes in on a different exchange.
3) Since we are not expecting PBKDFParamRequest, we not only respond with
   failure to the new message, but also cancel the exising handshake.

So if two clients race to establish PASE, they can keep canceling each other and
neither will complete.

The fix is to stop listening for PBKDFParamRequest while we are in the middle of
a handshake.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants