[22033] Release `participant_stateless` secure builtin writer history change when authentication has finished #5386

Mario-DL · 2024-11-06T09:49:30Z

Description

SecurityManager did not ensure that participant_stateless_secure_writer history changes were released when the remote participant was authenticated, leading to a high resource utilization.
This PR:

Decreases the default initial preallocated pool payload sizes experimentally:
- Participant stateless was 6292 bytes, so it was left to the closest (2^n), 8192.
- Participant secure volatile was 692, so it was left to 1024.
Makes the participant stateless secure writer history to remove the change when participants cryptography succeeds. In this way we ensure that authentication has finished in both sides. This was important because having authorized the remote is not a sufficient condition to remove the change as the remote may require us to resend until it completes the authentication with us.

Addition Notes:

A follow up PR will be made to configure the pool from the RTPSParticipantAllocationAttributes.
The temporal commit has to be removed after the review has finished.

@Mergifyio backport 3.1.x 3.0.x 2.14.x 2.10.x

Contributor Checklist

Commit messages follow the project guidelines.
The code follows the style guidelines of this project.
Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
Any new/modified methods have been properly documented using Doxygen.
Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
Changes are backport compatible: they do NOT break ABI nor change library core behavior.
Changes are API compatible.
N/A New feature has been added to the versions.md file (if applicable).
N/A New feature has been documented/Current behavior is correctly described in the documentation.
Applicable backports have been included in the description.

Reviewer Checklist

The PR has a milestone assigned.
The title and description correctly express the PR's purpose.
Check contributor checklist is correct.
If this is a critical bug fix, backports to the critical-only supported branches have been requested.
Check CI results: changes do not issue any warning.
Check CI results: failing tests are unrelated with the changes.

Signed-off-by: Mario Dominguez <[email protected]>

… cryptography succeeds Signed-off-by: Mario Dominguez <[email protected]>

MiguelCompany · 2024-11-12T07:03:54Z

@Mergifyio backport 3.1.x 3.0.x 2.14.x

mergify · 2024-11-12T07:04:13Z

backport 3.1.x 3.0.x 2.14.x

✅ Backports have been created

#5391 [22033] Release participant_stateless secure builtin writer history change when authentication has finished (backport #5386) has been created for branch 3.1.x
#5392 [22033] Release participant_stateless secure builtin writer history change when authentication has finished (backport #5386) has been created for branch 3.0.x
#5393 [22033] Release participant_stateless secure builtin writer history change when authentication has finished (backport #5386) has been created for branch 2.14.x

…when authentication has finished (#5386) * TMP: REMOVE THIS COMMIT Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Modify secure builtins initial payload size Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Fix: release stateless msg payload pool when participant cryptography succeeds Signed-off-by: Mario Dominguez <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> (cherry picked from commit b414621)

MiguelCompany · 2024-11-12T07:07:11Z

@Mergifyio backport 2.10.x

mergify · 2024-11-12T07:07:17Z

backport 2.10.x

✅ Backports have been created

#5394 [22033] Release participant_stateless secure builtin writer history change when authentication has finished (backport #5386) has been created for branch 2.10.x

…when authentication has finished (#5386) * TMP: REMOVE THIS COMMIT Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Modify secure builtins initial payload size Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Fix: release stateless msg payload pool when participant cryptography succeeds Signed-off-by: Mario Dominguez <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> (cherry picked from commit b414621)

fujitatomoya

we do not have reproducible environment anymore, but description and implementation loos good. thanks for letting me know.

…when authentication has finished (#5386) (#5391) * TMP: REMOVE THIS COMMIT Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Modify secure builtins initial payload size Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Fix: release stateless msg payload pool when participant cryptography succeeds Signed-off-by: Mario Dominguez <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> (cherry picked from commit b414621) Co-authored-by: Mario Domínguez López <[email protected]>

…when authentication has finished (#5386) (#5392) * TMP: REMOVE THIS COMMIT Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Modify secure builtins initial payload size Signed-off-by: Mario Dominguez <[email protected]> * Refs #22033: Fix: release stateless msg payload pool when participant cryptography succeeds Signed-off-by: Mario Dominguez <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> (cherry picked from commit b414621) Co-authored-by: Mario Domínguez López <[email protected]>

Mario-DL added this to the v3.2.0 milestone Nov 6, 2024

Mario-DL changed the title ~~[22033] Release participant_stateless secure builtin writer when authentication has finished~~ [22033] Release participant_stateless secure builtin writer history change when authentication has finished Nov 6, 2024

Mario-DL force-pushed the fix/22033 branch 2 times, most recently from 2caa14e to 8dbc8d2 Compare November 7, 2024 12:32

Mario-DL requested review from richiprosima and removed request for richiprosima November 7, 2024 12:33

github-actions bot added the ci-pending PR which CI is running label Nov 7, 2024

Mario-DL added 4 commits November 8, 2024 07:51

TMP: REMOVE THIS COMMIT

3f2fb1c

Signed-off-by: Mario Dominguez <[email protected]>

Refs #22033: BB test

afb1b81

Signed-off-by: Mario Dominguez <[email protected]>

Refs #22033: Modify secure builtins initial payload size

fa23ed4

Signed-off-by: Mario Dominguez <[email protected]>

Refs #22033: Fix: release stateless msg payload pool when participant…

a9b1131

… cryptography succeeds Signed-off-by: Mario Dominguez <[email protected]>

Mario-DL force-pushed the fix/22033 branch from 8dbc8d2 to a9b1131 Compare November 8, 2024 07:59

Mario-DL requested review from MiguelCompany and removed request for MiguelCompany November 8, 2024 08:10

MiguelCompany approved these changes Nov 11, 2024

View reviewed changes

MiguelCompany mentioned this pull request Nov 11, 2024

[SECURITY Error] WriterHistory cannot add the CacheChange_t -> Function on_process_handshake #4310

Closed

1 task

MiguelCompany linked an issue Nov 11, 2024 that may be closed by this pull request

[SECURITY Error] WriterHistory cannot add the CacheChange_t -> Function on_process_handshake #4310

Closed

1 task

MiguelCompany merged commit b414621 into master Nov 12, 2024
16 of 17 checks passed

MiguelCompany deleted the fix/22033 branch November 12, 2024 07:03

mergify bot mentioned this pull request Nov 12, 2024

[22033] Release participant_stateless secure builtin writer history change when authentication has finished (backport #5386) #5391

Merged

14 tasks

mergify bot mentioned this pull request Nov 12, 2024

[22033] Release participant_stateless secure builtin writer history change when authentication has finished (backport #5386) #5394

Open

14 tasks

fujitatomoya reviewed Nov 12, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[22033] Release `participant_stateless` secure builtin writer history change when authentication has finished #5386

[22033] Release `participant_stateless` secure builtin writer history change when authentication has finished #5386

Mario-DL commented Nov 6, 2024 •

edited by MiguelCompany

Loading

MiguelCompany commented Nov 12, 2024

mergify bot commented Nov 12, 2024 •

edited

Loading

MiguelCompany commented Nov 12, 2024

mergify bot commented Nov 12, 2024 •

edited

Loading

fujitatomoya left a comment

[22033] Release participant_stateless secure builtin writer history change when authentication has finished #5386

[22033] Release participant_stateless secure builtin writer history change when authentication has finished #5386

Conversation

Mario-DL commented Nov 6, 2024 • edited by MiguelCompany Loading

Description

Contributor Checklist

Reviewer Checklist

MiguelCompany commented Nov 12, 2024

mergify bot commented Nov 12, 2024 • edited Loading

✅ Backports have been created

MiguelCompany commented Nov 12, 2024

mergify bot commented Nov 12, 2024 • edited Loading

✅ Backports have been created

fujitatomoya left a comment

Choose a reason for hiding this comment

[22033] Release `participant_stateless` secure builtin writer history change when authentication has finished #5386

[22033] Release `participant_stateless` secure builtin writer history change when authentication has finished #5386

Mario-DL commented Nov 6, 2024 •

edited by MiguelCompany

Loading

mergify bot commented Nov 12, 2024 •

edited

Loading

mergify bot commented Nov 12, 2024 •

edited

Loading