From 5902d02ad0a056a146231568f1293ffbcd59f61c Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Wed, 18 Apr 2018 20:38:00 -0700 Subject: fixes #346 nng_recv() sometimes acts on null `msg` pointer This closes a fundamental flaw in the way aio structures were handled. In paticular, aio expiration could race ahead, and fire before the aio was properly registered by the provider. This ultimately led to the possibility of duplicate completions on the same aio. The solution involved breaking up nni_aio_start into two functions. nni_aio_begin (which can be run outside of external locks) simply validates that nni_aio_fini() has not been called, and clears certain fields in the aio to make it ready for use by the provider. nni_aio_schedule does the work to register the aio with the expiration thread, and should only be called when the aio is actually scheduled for asynchronous completion. nni_aio_schedule_verify does the same thing, but returns NNG_ETIMEDOUT if the aio has a zero length timeout. This change has a small negative performance impact. We have plans to rectify that by converting nni_aio_begin to use a locklesss flag for the aio->a_fini bit. While we were here, we fixed some error paths in the POSIX subsystem, which would have returned incorrect error codes, and we made some optmizations in the message queues to reduce conditionals while holding locks in the hot code path. --- src/transport/zerotier/zerotier.c | 118 ++++++++++++++++++++------------------ 1 file changed, 63 insertions(+), 55 deletions(-) (limited to 'src/transport/zerotier') diff --git a/src/transport/zerotier/zerotier.c b/src/transport/zerotier/zerotier.c index d0790b37..05866cfb 100644 --- a/src/transport/zerotier/zerotier.c +++ b/src/transport/zerotier/zerotier.c @@ -1745,26 +1745,24 @@ zt_pipe_send(void *arg, nni_aio *aio) size_t bytes; nni_msg *m; - nni_mtx_lock(&zt_lk); - if (nni_aio_start(aio, NULL, p) != 0) { - nni_mtx_unlock(&zt_lk); + if (nni_aio_begin(aio) != 0) { + return; + } + if ((m = nni_aio_get_msg(aio)) == NULL) { + nni_aio_finish_error(aio, NNG_EINVAL); return; } + nni_mtx_lock(&zt_lk); + if (p->zp_closed) { - nni_aio_finish_error(aio, NNG_ECLOSED); nni_mtx_unlock(&zt_lk); + nni_aio_finish_error(aio, NNG_ECLOSED); return; } fragsz = (uint16_t)(p->zp_mtu - zt_offset_data_data); - if ((m = nni_aio_get_msg(aio)) == NULL) { - nni_aio_finish_error(aio, NNG_EINVAL); - nni_mtx_unlock(&zt_lk); - return; - }; - bytes = nni_msg_header_len(m) + nni_msg_len(m); if (bytes >= (0xfffe * fragsz)) { nni_aio_finish_error(aio, NNG_EMSGSIZE); @@ -1821,11 +1819,16 @@ zt_pipe_send(void *arg, nni_aio *aio) zt_send(p->zp_ztn, p->zp_nwid, zt_op_data, p->zp_raddr, p->zp_laddr, data, fraglen + zt_offset_data_data); } while (nni_msg_len(m) != 0); + nni_mtx_unlock(&zt_lk); + + // NB, We never bothered to call nn_aio_sched, because we run this + // synchronously, relying on UDP to simply discard messages if we + // cannot deliver them. This means that pipe send operations with + // this transport are not cancellable. nni_aio_set_msg(aio, NULL); nni_msg_free(m); nni_aio_finish(aio, 0, offset); - nni_mtx_unlock(&zt_lk); } static void @@ -1903,17 +1906,18 @@ zt_pipe_recv(void *arg, nni_aio *aio) { zt_pipe *p = arg; - nni_mtx_lock(&zt_lk); - if (nni_aio_start(aio, zt_pipe_cancel_recv, p) != 0) { - nni_mtx_unlock(&zt_lk); + if (nni_aio_begin(aio) != 0) { return; } + nni_mtx_lock(&zt_lk); if (p->zp_closed) { + nni_mtx_unlock(&zt_lk); nni_aio_finish_error(aio, NNG_ECLOSED); - } else { - p->zp_user_rxaio = aio; - zt_pipe_dorecv(p); + return; } + nni_aio_schedule(aio, zt_pipe_cancel_recv, p); + p->zp_user_rxaio = aio; + zt_pipe_dorecv(p); nni_mtx_unlock(&zt_lk); } @@ -2047,11 +2051,10 @@ zt_pipe_ping_cb(void *arg) // use the the timer to wake us up even if we aren't // going to send a ping. (We don't increment the try count // unless we actually do send one though.) - if (nni_aio_start(aio, zt_pipe_cancel_ping, p) == 0) { + if (nni_aio_begin(aio) == 0) { + nni_aio_schedule(aio, zt_pipe_cancel_ping, p); p->zp_ping_active = 1; if (now > (p->zp_last_recv + p->zp_ping_time)) { - // We have to send a ping to keep the session - // up. p->zp_ping_try++; zt_pipe_send_ping(p); } @@ -2069,6 +2072,9 @@ zt_pipe_start(void *arg, nni_aio *aio) { zt_pipe *p = arg; + if (nni_aio_begin(aio) != 0) { + return; + } nni_mtx_lock(&zt_lk); p->zp_ping_active = 0; // send a gratuitous ping, and start the ping interval timer. @@ -2077,8 +2083,9 @@ zt_pipe_start(void *arg, nni_aio *aio) (p->zp_ping_aio != NULL)) { p->zp_ping_try = 0; nni_aio_set_timeout(aio, p->zp_ping_time); - if (nni_aio_start(p->zp_ping_aio, zt_pipe_cancel_ping, p) == - 0) { + if (nni_aio_begin(p->zp_ping_aio) == 0) { + nni_aio_schedule( + p->zp_ping_aio, zt_pipe_cancel_ping, p); p->zp_ping_active = 1; zt_pipe_send_ping(p); } @@ -2402,11 +2409,13 @@ zt_ep_accept(void *arg, nni_aio *aio) { zt_ep *ep = arg; - nni_mtx_lock(&zt_lk); - if (nni_aio_start(aio, zt_ep_cancel, ep) == 0) { - nni_aio_list_append(&ep->ze_aios, aio); - zt_ep_doaccept(ep); + if (nni_aio_begin(aio) != 0) { + return; } + nni_mtx_lock(&zt_lk); + nni_aio_schedule(aio, zt_ep_cancel, ep); + nni_aio_list_append(&ep->ze_aios, aio); + zt_ep_doaccept(ep); nni_mtx_unlock(&zt_lk); } @@ -2479,7 +2488,8 @@ zt_ep_conn_req_cb(void *arg) if (nni_list_first(&ep->ze_aios) != NULL) { nni_aio_set_timeout(aio, ep->ze_conn_time); - if (nni_aio_start(aio, zt_ep_conn_req_cancel, ep) == 0) { + if (nni_aio_begin(aio) == 0) { + nni_aio_schedule(aio, zt_ep_conn_req_cancel, ep); ep->ze_creq_active = 1; ep->ze_creq_try++; zt_ep_send_conn_req(ep); @@ -2493,43 +2503,41 @@ static void zt_ep_connect(void *arg, nni_aio *aio) { zt_ep *ep = arg; + int rv; + if (nni_aio_begin(aio) != 0) { + return; + } // We bind locally. We'll use the address later when we give // it to the pipe, but this allows us to receive the initial // ack back from the server. (This gives us an ephemeral // address to work with.) nni_mtx_lock(&zt_lk); - if (nni_aio_start(aio, zt_ep_cancel, ep) == 0) { - int rv; - - // Clear the port so we get an ephemeral port. - ep->ze_laddr &= ~((uint64_t) zt_port_mask); - - if ((rv = zt_ep_bind_locked(ep)) != 0) { - nni_aio_finish_error(aio, rv); - nni_mtx_unlock(&zt_lk); - return; - } - - if ((ep->ze_raddr >> 24) == 0) { - ep->ze_raddr |= (ep->ze_ztn->zn_self << zt_port_shift); - } - nni_aio_list_append(&ep->ze_aios, aio); - - ep->ze_running = 1; - - nni_aio_set_timeout(ep->ze_creq_aio, ep->ze_conn_time); + // Clear the port so we get an ephemeral port. + ep->ze_laddr &= ~((uint64_t) zt_port_mask); - if (nni_aio_start( - ep->ze_creq_aio, zt_ep_conn_req_cancel, ep) == 0) { + if ((rv = zt_ep_bind_locked(ep)) != 0) { + nni_aio_finish_error(aio, rv); + nni_mtx_unlock(&zt_lk); + return; + } - // Send out the first connect message; if not - // yet attached to network message will be dropped. - ep->ze_creq_try = 1; - ep->ze_creq_active = 1; - zt_ep_send_conn_req(ep); - } + if ((ep->ze_raddr >> 24) == 0) { + ep->ze_raddr |= (ep->ze_ztn->zn_self << zt_port_shift); + } + nni_aio_list_append(&ep->ze_aios, aio); + ep->ze_running = 1; + nni_aio_schedule(aio, zt_ep_cancel, ep); + + nni_aio_set_timeout(ep->ze_creq_aio, ep->ze_conn_time); + if (nni_aio_begin(ep->ze_creq_aio) == 0) { + nni_aio_schedule(ep->ze_creq_aio, zt_ep_conn_req_cancel, ep); + // Send out the first connect message; if not + // yet attached to network message will be dropped. + ep->ze_creq_try = 1; + ep->ze_creq_active = 1; + zt_ep_send_conn_req(ep); } nni_mtx_unlock(&zt_lk); } -- cgit v1.2.3-70-g09d2