[bug #54528] MQTT Ring Buffer Gets Corrupted under RTOS Operation

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[bug #54528] MQTT Ring Buffer Gets Corrupted under RTOS Operation

Simon Goldschmidt
URL:
  <http://savannah.nongnu.org/bugs/?54528>

                 Summary: MQTT Ring Buffer Gets Corrupted under RTOS Operation
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: richardi
            Submitted on: Fri 17 Aug 2018 02:00:11 PM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: 2.0.2

    _______________________________________________________

Details:

Hi, great job on the mqtt client - it's definitely one of the best
implementations out there that is suitable for embedded use. During some
stress testing using a high-volume publishing client, it occasionally crashes
with Wireshark showing malformed MQTT messages prior to crash and subsequent
broker disconnect. Reason for this is ring buffer corruption in
mqtt_output_send(). This function is being called from two separate contexts -
application context via mqtt_publish(), as well as from the tcp_ip thread via
the mqtt_tcp_err_cb(). Occasionally both contexts clash, and the ring_buffer
gets clobbered - there are a few places this can happen, but one obvious one
is that calculated length is actually much less by the time the index gets
advanced, so uninitialised data gets sent as a MQTT packet. Workaround for me
was to wrap this function in a mutex, but my solution is FreeRTOS specific, so
I'm unfortunately unable to assist with a pull request.




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?54528>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[bug #54528] MQTT Ring Buffer Gets Corrupted under RTOS Operation

Simon Goldschmidt
Follow-up Comment #1, bug #54528 (project lwip):

Oops, typo - the clashing context is meant to be mqtt_tcp_sent_cb(), which is
invoked after a successful ACK of the prior packet and proceeds to spool the
ringbuf, not the error callback...

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?54528>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[bug #54528] MQTT Ring Buffer Gets Corrupted under RTOS Operation

Simon Goldschmidt
Update of bug #54528 (project lwip):

                  Status:                    None => Invalid                
             Open/Closed:                    Open => Closed                

    _______________________________________________________

Follow-up Comment #2:

That sounds like you're violating threading requirements.

Read the docs, e.g. http://www.nongnu.org/lwip/2_0_x/pitfalls.html

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?54528>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel