Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix double-free bugs on failure to send a write message. #13051

Merged
merged 1 commit into from
Dec 16, 2021
Merged

Fix double-free bugs on failure to send a write message. #13051

merged 1 commit into from
Dec 16, 2021

Conversation

bzbarsky-apple
Copy link
Contributor

There were two separate bugs here:

  1. For a group write, we were violating the contract for
    WriteClient::SendWriteRequest, which is that the caller must call
    Shutdown on failure but the WriteClient itself will do it on success
    (and call OnDone in the process). We were unconditionally calling
    Shutdown and OnDone inside SetWriteRequest, even on failure.

  2. WriteInteraction was violating the contract for
    WriteClientHandle::SendWriteRequest, which is different: it always
    guarantees it will call OnDone. But the consumer was assuming that
    OnDone would only be called if SendWriteRequest returned success.

Problem

See above.

Change overview

See above.

Testing

Manually tried running the TestGroupMessaging yaml test on darwin. It fails to send the messages (for now) and that was triggering the double-frees. With these fixes those double-frees are gone.

@bzbarsky-apple
Fix double-free bugs on failure to send a write message.
6b8aef9 
There were two separate bugs here:

1) For a group write, we were violating the contract for
WriteClient::SendWriteRequest, which is that the caller must call
Shutdown on failure but the WriteClient itself will do it on success
(and call OnDone in the process).  We were unconditionally calling
Shutdown and OnDone inside SetWriteRequest, even on failure.

2) WriteInteraction was violating the contract for
WriteClientHandle::SendWriteRequest, which is different: it always
guarantees it will call OnDone. But the consumer was assuming that
OnDone would only be called if SendWriteRequest returned success.
@github-actions
Copy link

github-actions bot commented Dec 15, 2021
edited
Loading

PR #13051: Size comparison from 89aff25 to 6b8aef9

Increases (14 builds for esp32, k32w, mbed, nrfconnect, qpg, telink)
platform target config section 89aff25 6b8aef9 change % change
esp32 all-clusters-app c3devkit (read only) 880138 880146 8 0.0
.flash.text 880138 880146 8 0.0
m5stack (read only) 967871 967883 12 0.0
.flash.text 962487 962499 12 0.0
k32w shell k32w061+debug (read/write) 644100 644116 16 0.0
.text 556656 556672 16 0.0
mbed lighting-app CY8CPROTO_062_4343W+release (read/write) 2334320 2334384 64 0.0
.text 1296920 1296984 64 0.0
nrfconnect lighting-app nrf52840dk_nrf52840 (read/write) 927055 927071 16 0.0
text 627160 627172 12 0.0
nrf52840dk_nrf52840+rpc (read/write) 890095 890111 16 0.0
text 601900 601912 12 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 853062 853078 16 0.0
text 557600 557612 12 0.0
lock-app nrf52840dk_nrf52840 text 604928 604940 12 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 825366 825382 16 0.0
text 535460 535472 12 0.0
pump-app nrf52840dk_nrf52840 (read/write) 904047 904063 16 0.0
text 608532 608544 12 0.0
pump-controller-app nrf52840dk_nrf52840 (read/write) 897287 897303 16 0.0
text 603728 603740 12 0.0
qpg lighting-app qpg6105+debug (read only) 536144 536160 16 0.0
.text 530824 530840 16 0.0
lock-app qpg6105+debug (read only) 507832 507848 16 0.0
.text 502512 502528 16 0.0
telink lighting-app tlsr9518adk80d (read/write) 836574 836582 8 0.0
text 583428 583436 8 0.0
Full report (32 builds for efr32, esp32, k32w, linux, mbed, nrfconnect, p6, qpg, telink)
platform target config section 89aff25 6b8aef9 change % change
efr32 lighting-app BRD4161A (read only) 840592 840592 0 0.0
(read/write) 128640 128640 0 0.0
.bss 126760 126760 0 0.0
.data 1876 1876 0 0.0
.text 840584 840584 0 0.0
BRD4161A+rpc (read only) 828196 828196 0 0.0
(read/write) 145312 145312 0 0.0
.bss 143336 143336 0 0.0
.data 1976 1976 0 0.0
.text 828188 828188 0 0.0
window-app BRD4161A (read only) 813968 813968 0 0.0
(read/write) 127576 127576 0 0.0
.bss 125744 125744 0 0.0
.data 1832 1832 0 0.0
.text 813960 813960 0 0.0
esp32 all-clusters-app c3devkit (read only) 880138 880146 8 0.0
(read/write) 1314250 1314250 0 0.0
.dram0.bss 71080 71080 0 0.0
.dram0.data 14212 14212 0 0.0
.flash.rodata 175912 175912 0 0.0
.flash.text 880138 880146 8 0.0
.iram0.text 62076 62076 0 0.0
m5stack (read only) 967871 967883 12 0.0
(read/write) 455512 455512 0 0.0
.dram0.bss 77552 77552 0 0.0
.dram0.data 34056 34056 0 0.0
.flash.rodata 212116 212116 0 0.0
.flash.text 962487 962499 12 0.0
.iram0.text 123451 123451 0 0.0
k32w lighting-app k32w061+se05x+release (read/write) 691148 691148 0 0.0
.bss 79344 79344 0 0.0
.data 1908 1908 0 0.0
.text 604096 604096 0 0.0
lock-app k32w061+debug (read/write) 638712 638712 0 0.0
.bss 77496 77496 0 0.0
.data 1860 1860 0 0.0
.text 553556 553556 0 0.0
shell k32w061+debug (read/write) 644100 644116 16 0.0
.bss 79804 79804 0 0.0
.data 1840 1840 0 0.0
.text 556656 556672 16 0.0
linux chip-tool-ipv6only arm64 (read only) 6979836 6979836 0 0.0
(read/write) 324609 324609 0 0.0
.bss 55905 55905 0 0.0
.data 1096 1096 0 0.0
.data.rel.ro 208392 208392 0 0.0
.dynamic 560 560 0 0.0
.got 55520 55520 0 0.0
.init 24 24 0 0.0
.init_array 168 168 0 0.0
.rodata 376348 376348 0 0.0
.text 5917428 5917428 0 0.0
thermostat-no-ble arm64 (read only) 2008724 2008724 0 0.0
(read/write) 145297 145297 0 0.0
.bss 65649 65649 0 0.0
.data 832 832 0 0.0
.data.rel.ro 72080 72080 0 0.0
.dynamic 560 560 0 0.0
.got 3840 3840 0 0.0
.init 24 24 0 0.0
.init_array 288 288 0 0.0
.rodata 128068 128068 0 0.0
.text 1669120 1669120 0 0.0
mbed all-clusters-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2338816 2338816 0 0.0
.bss 190332 190332 0 0.0
.data 5256 5256 0 0.0
.heap 840856 840856 0 0.0
.text 1301392 1301392 0 0.0
lighting-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2334320 2334384 64 0.0
.bss 182192 182192 0 0.0
.data 5544 5544 0 0.0
.heap 848712 848712 0 0.0
.text 1296920 1296984 64 0.0
lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2307416 2307416 0 0.0
.bss 181232 181232 0 0.0
.data 5536 5536 0 0.0
.heap 849680 849680 0 0.0
.text 1270016 1270016 0 0.0
pigweed-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 1140008 1140008 0 0.0
.bss 11756 11756 0 0.0
.data 4368 4368 0 0.0
.heap 1020320 1020320 0 0.0
.text 103392 103392 0 0.0
shell CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2054328 2054328 0 0.0
.bss 156980 156980 0 0.0
.data 4864 4864 0 0.0
.heap 874600 874600 0 0.0
.text 1016928 1016928 0 0.0
nrfconnect lighting-app nrf52840dk_nrf52840 (read/write) 927055 927071 16 0.0
bss 119852 119852 0 0.0
rodata 104424 104424 0 0.0
text 627160 627172 12 0.0
nrf52840dk_nrf52840+rpc (read/write) 890095 890111 16 0.0
bss 116204 116204 0 0.0
rodata 95720 95720 0 0.0
text 601900 601912 12 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 853062 853078 16 0.0
bss 121228 121228 0 0.0
rodata 99680 99680 0 0.0
text 557600 557612 12 0.0
lock-app nrf52840dk_nrf52840 (read/write) 899107 899107 0 0.0
bss 119032 119032 0 0.0
rodata 99732 99732 0 0.0
text 604928 604940 12 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 825366 825382 16 0.0
bss 120440 120440 0 0.0
rodata 95024 95024 0 0.0
text 535460 535472 12 0.0
pigweed-app nrf52840dk_nrf52840 (read/write) 497447 497447 0 0.0
bss 51820 51820 0 0.0
rodata 45852 45852 0 0.0
text 339488 339488 0 0.0
pump-app nrf52840dk_nrf52840 (read/write) 904047 904063 16 0.0
bss 118944 118944 0 0.0
rodata 101088 101088 0 0.0
text 608532 608544 12 0.0
pump-controller-app nrf52840dk_nrf52840 (read/write) 897287 897303 16 0.0
bss 118824 118824 0 0.0
rodata 99224 99224 0 0.0
text 603728 603740 12 0.0
shell nrf52840dk_nrf52840 (read/write) 782767 782767 0 0.0
bss 109624 109624 0 0.0
rodata 74396 74396 0 0.0
text 524232 524232 0 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 697838 697838 0 0.0
bss 110604 110604 0 0.0
rodata 69040 69040 0 0.0
text 444868 444868 0 0.0
p6 all-clusters-app default (read/write) 2394600 2394600 0 0.0
.bss 118532 118532 0 0.0
.data 2536 2536 0 0.0
.heap 912272 912272 0 0.0
.text 1352864 1352864 0 0.0
light-app default (read/write) 2334912 2334912 0 0.0
.bss 107448 107448 0 0.0
.data 2384 2384 0 0.0
.heap 923512 923512 0 0.0
.text 1293176 1293176 0 0.0
lock-app default (read/write) 2307128 2307128 0 0.0
.bss 106328 106328 0 0.0
.data 2336 2336 0 0.0
.heap 924680 924680 0 0.0
.text 1265392 1265392 0 0.0
qpg lighting-app qpg6105+debug (read only) 536144 536160 16 0.0
(read/write) 146936 146936 0 0.0
.bss 88096 88096 0 0.0
.data 1004 1004 0 0.0
.text 530824 530840 16 0.0
lock-app qpg6105+debug (read only) 507832 507848 16 0.0
(read/write) 146940 146940 0 0.0
.bss 87232 87232 0 0.0
.data 952 952 0 0.0
.text 502512 502528 16 0.0
persistent-storage-app qpg6105+debug (read only) 106448 106448 0 0.0
(read/write) 146938 146938 0 0.0
.bss 36146 36146 0 0.0
.data 288 288 0 0.0
.text 101128 101128 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 836574 836582 8 0.0
bss 88336 88336 0 0.0
noinit 37160 37160 0 0.0
text 583428 583436 8 0.0

mrjerryjohns
mrjerryjohns reviewed Dec 16, 2021
View reviewed changes
Copy link
Contributor

@mrjerryjohns mrjerryjohns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please hold off merging this PR - I'd very much like to review this properly tomorrow morning since I'm going to putting out PRs in this space very soon too.

@andy31415
Copy link
Contributor

fast track: small delta, several checkmarks, PR up for sufficient time for cross timezone review.

@andy31415 andy31415 merged commit 00c2c17 into project-chip:master Dec 16, 2021
@bzbarsky-apple bzbarsky-apple deleted the fix-write-send-bugs branch December 16, 2021 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yunhanw-google yunhanw-google yunhanw-google approved these changes

@mrjerryjohns mrjerryjohns mrjerryjohns approved these changes

@andy31415 andy31415 andy31415 approved these changes

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@anush-apple anush-apple Awaiting requested review from anush-apple

@austinh0 austinh0 Awaiting requested review from austinh0

@balducci-apple balducci-apple Awaiting requested review from balducci-apple

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@emargolis emargolis Awaiting requested review from emargolis

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@hawk248 hawk248 Awaiting requested review from hawk248

@holbrookt holbrookt Awaiting requested review from holbrookt

@jelderton jelderton Awaiting requested review from jelderton

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@LuDuda LuDuda Awaiting requested review from LuDuda

@lzgrablic02 lzgrablic02 Awaiting requested review from lzgrablic02

@msandstedt msandstedt Awaiting requested review from msandstedt

@pan-apple pan-apple Awaiting requested review from pan-apple

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tcarmelveilleux tcarmelveilleux Awaiting requested review from tcarmelveilleux

@tecimovic tecimovic Awaiting requested review from tecimovic

@turon turon Awaiting requested review from turon

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

Assignees
No one assigned
Labels
app controller fast track review - pending
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bzbarsky-apple @andy31415 @mrjerryjohns @yunhanw-google