Skip to content

Bluetooth: Remove rx < tx prio check #71391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 18, 2024
Merged

Bluetooth: Remove rx < tx prio check #71391

merged 1 commit into from
Apr 18, 2024

Conversation

@alwa-nordic
Copy link
Contributor

@alwa-nordic alwa-nordic commented Apr 11, 2024

The comment states the reason for this requirement is to detect violations by a remote peer. The ATT version of this was removed in ea04fd9. TLDR: It's neither possible for, nor the job of the host to police the remote device.

We remove this requirement to be more flexible about the number of priority levels in the system, and to avoid the temptation of using priorities as a synchronization mechanism.

@alwa-nordic
Bluetooth: Remove rx < tx prio check
81bb968 
The comment states the reason for this requirement is to detect
violations by a remote peer. The ATT version of this was removed in
ea04fd9. TLDR: It's neither possible
for, nor the job of the host to police the remote device.

We remove this requirement to be more flexible about the number of
priority levels in the system, and to avoid the temptation of using
priorities as a synchronization mechanism.

Signed-off-by: Aleksander Wasaznik <[email protected]>
@alwa-nordic alwa-nordic requested a review from jori-nordic April 11, 2024 12:51
@alwa-nordic alwa-nordic marked this pull request as ready for review April 11, 2024 13:45
@Thalley
Copy link
Contributor

Thalley commented Apr 12, 2024

It's neither possible for, nor the job of the host to police the remote device.

If a remote device sends 2 ATT requests without waiting for a response today, what does the Zephyr host do?

If the RX thread gets a higher priority than the TX thread, will it handle it the same way?

Just want to make sure that this doesn't allow for remote devices to DOS us if the thread priorities are "incorrect"

@jori-nordic
Copy link
Contributor

jori-nordic commented Apr 12, 2024
edited
Loading

Then we should have a test for the DoS instead :)
We do have a test for the pipelining that you describe: https://github.com/jori-nordic/zephyr/blob/remove-ipsp/tests/bsim/bluetooth/host/att/pipeline/dut/src/main.c#L322

@Thalley
Copy link
Contributor

Thalley commented Apr 12, 2024

Then we should have a test for the DoS instead :) We do have a test for the pipelining that you describe: https://github.com/jori-nordic/zephyr/blob/remove-ipsp/tests/bsim/bluetooth/host/att/pipeline/dut/src/main.c#L322

Yeah, it should be trivial to run (or even make a CI config) for that test where the RX thread has a higher priority than the TX thread, to see if we can actually remove this requirement without potentionally breaking stuff

@alwa-nordic
Copy link
Contributor Author

alwa-nordic commented Apr 12, 2024

If a remote device sends 2 ATT requests without waiting for a response today, what does the Zephyr host do?

The current implementation will just-work, handing the pipelined the requests.

If the RX thread gets a higher priority than the TX thread, will it handle it the same way?

Yes. But the TX of the first response may be delayed and sent with the second.

Just want to make sure that this doesn't allow for remote devices to DOS us if the thread priorities are "incorrect"

This is a valid concern. The DOS in this case means the host will use more att_pool buffers or other tx resources than one would expect, possibly starving other tx users. But this DOS is already possible in a myriad of other ways. E.g. I think the remote device can send a bunch of L2CAP control messages and NAK the responses on air. We might need to implement per-acl buffer pools to remedy this.

Thalley
Thalley approved these changes Apr 12, 2024
View reviewed changes
Copy link
Contributor

@Thalley Thalley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as receiving multiple ATT requests from a malfunctioning/malicious remote device device doesn't when RX has higher prio than TX doesn't break things, I'm OK with removing this

It would be nice to have a least some testing where CONFIG_BT_RX_PRIO > CONFIG_BT_HCI_TX_PRIO to ensure that Zephyr works without this restricton

@jori-nordic
Copy link
Contributor

jori-nordic commented Apr 12, 2024

@alwa-nordic can you add a prj.conf for the pipeline test with the priorities inverted? can be in a future PR

@alwa-nordic alwa-nordic mentioned this pull request Apr 12, 2024
Closed
@aescolar aescolar merged commit 5dd1cdd into zephyrproject-rtos:main Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhedberg jhedberg jhedberg approved these changes

@Thalley Thalley Thalley approved these changes

@asbjornsabo asbjornsabo Awaiting requested review from asbjornsabo

@hermabe hermabe Awaiting requested review from hermabe

@sjanc sjanc Awaiting requested review from sjanc

@Vudentz Vudentz Awaiting requested review from Vudentz

+1 more reviewer

@jori-nordic jori-nordic jori-nordic approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jhedberg jhedberg

Labels

area: Bluetooth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@alwa-nordic @Thalley @jori-nordic @jhedberg @zephyrbot @aescolar