Current implementation of atomic write to notification olm session writes might fail when called from multiple threads due to reasons explained in: https://phab.comm.dev/D8795#inline-56969. This differential aims to mitigate the issue.
Details
Details
- Change notification encryption on the keyserver to encrypt field by field: https://gist.github.com/marcinwasowicz/a18b31f8bee1d56cc50fb71809077dcb
- Let notification decryption run concurrently in NSE using dispatch queues:https://gist.github.com/marcinwasowicz/4cca17794123b110134bf393d21e0b14
- Ensure that error occur before this diff but notification is correctly decrypted and displayed after this diff.
My logs after applying this diff looked like this:
NotificationService default 15:44:48.290206+0200 COMM: <NSThread: 0x14541a1c0>{number = 2, name = (null)} started decrypt NotificationService default 15:44:48.290256+0200 COMM: <NSThread: 0x145321e10>{number = 3, name = (null)} started decrypt NotificationService default 15:44:48.290268+0200 COMM: <NSThread: 0x14541a440>{number = 4, name = (null)} started decrypt NotificationService default 15:44:48.290647+0200 Not internal release, disabling SIRL NotificationService default 15:44:48.290667+0200 System Keychain Always Supported set via feature flag to disabled NotificationService default 15:44:48.290709+0200 Adding securityd connection to pool, total now 1 NotificationService default 15:44:48.290806+0200 Adding securityd connection to pool, total now 2 NotificationService default 15:44:48.290946+0200 Adding securityd connection to pool, total now 3 NotificationService default 15:44:48.291805+0200 Requesting app group container lookup; personaid = 1000, type = DEFAULT, name = 76D364EF-0FF9-4233-9BE8-73A0AF6750BE, origin [pid = 132, personaid = 199], proximate [pid = 32, personaid = 199], identifier = <private>, euid = 501, uid = 501, platform = 2 NotificationService default 15:44:48.291855+0200 Requesting app group container lookup; personaid = 1000, type = DEFAULT, name = 76D364EF-0FF9-4233-9BE8-73A0AF6750BE, origin [pid = 132, personaid = 199], proximate [pid = 32, personaid = 199], identifier = <private>, euid = 501, uid = 501, platform = 2 NotificationService default 15:44:48.291930+0200 Requesting app group container lookup; personaid = 1000, type = DEFAULT, name = 76D364EF-0FF9-4233-9BE8-73A0AF6750BE, origin [pid = 132, personaid = 199], proximate [pid = 32, personaid = 199], identifier = <private>, euid = 501, uid = 501, platform = 2 NotificationService default 15:44:48.292774+0200 Consuming sandbox extension; path = [<private>], key = 0 NotificationService default 15:44:48.292813+0200 Revoking sandbox extension; key = 0 NotificationService default 15:44:48.292839+0200 container_create_or_lookup_app_group_path_by_app_group_identifier: success NotificationService default 15:44:48.293096+0200 Consuming sandbox extension; path = [<private>], key = 0 NotificationService default 15:44:48.293118+0200 Revoking sandbox extension; key = 0 NotificationService default 15:44:48.293191+0200 container_create_or_lookup_app_group_path_by_app_group_identifier: success NotificationService default 15:44:48.293543+0200 Consuming sandbox extension; path = [<private>], key = 0 NotificationService default 15:44:48.293569+0200 Revoking sandbox extension; key = 0 NotificationService default 15:44:48.293601+0200 container_create_or_lookup_app_group_path_by_app_group_identifier: success NotificationService default 15:44:48.294760+0200 COMM: <NSThread: 0x145321e10>{number = 3, name = (null)} ended decrypt NotificationService default 15:44:48.295073+0200 COMM: <NSThread: 0x14541a440>{number = 4, name = (null)} ended decrypt NotificationService default 15:44:48.295171+0200 COMM: <NSThread: 0x14541a1c0>{number = 2, name = (null)} ended decrypt
All threads successfully decrypt their content and don't run sequentially.
Before applying this diff:
NotificationService default 15:48:42.754225+0200 COMM: <NSThread: 0x109b20290>{number = 2, name = (null)} started decrypt NotificationService default 15:48:42.754256+0200 COMM: <NSThread: 0x12801b240>{number = 3, name = (null)} started decrypt NotificationService default 15:48:42.754343+0200 COMM: <NSThread: 0x128304340>{number = 4, name = (null)} started decrypt NotificationService default 15:48:42.754865+0200 Not internal release, disabling SIRL NotificationService default 15:48:42.754918+0200 System Keychain Always Supported set via feature flag to disabled NotificationService default 15:48:42.755006+0200 Adding securityd connection to pool, total now 1 NotificationService default 15:48:42.755136+0200 Adding securityd connection to pool, total now 2 NotificationService default 15:48:42.755182+0200 Adding securityd connection to pool, total now 3 NotificationService default 15:48:42.756612+0200 Requesting app group container lookup; personaid = 1000, type = DEFAULT, name = 76D364EF-0FF9-4233-9BE8-73A0AF6750BE, origin [pid = 132, personaid = 199], proximate [pid = 32, personaid = 199], identifier = <private>, euid = 501, uid = 501, platform = 2 NotificationService default 15:48:42.756647+0200 Requesting app group container lookup; personaid = 1000, type = DEFAULT, name = 76D364EF-0FF9-4233-9BE8-73A0AF6750BE, origin [pid = 132, personaid = 199], proximate [pid = 32, personaid = 199], identifier = <private>, euid = 501, uid = 501, platform = 2 NotificationService default 15:48:42.756706+0200 Requesting app group container lookup; personaid = 1000, type = DEFAULT, name = 76D364EF-0FF9-4233-9BE8-73A0AF6750BE, origin [pid = 132, personaid = 199], proximate [pid = 32, personaid = 199], identifier = <private>, euid = 501, uid = 501, platform = 2 NotificationService default 15:48:42.758270+0200 Consuming sandbox extension; path = [<private>], key = 0 NotificationService default 15:48:42.758338+0200 Revoking sandbox extension; key = 0 NotificationService default 15:48:42.758374+0200 container_create_or_lookup_app_group_path_by_app_group_identifier: success NotificationService default 15:48:42.759088+0200 Consuming sandbox extension; path = [<private>], key = 0 NotificationService default 15:48:42.759113+0200 Revoking sandbox extension; key = 0 NotificationService default 15:48:42.759136+0200 container_create_or_lookup_app_group_path_by_app_group_identifier: success NotificationService default 15:48:42.760148+0200 Consuming sandbox extension; path = [<private>], key = 0 NotificationService default 15:48:42.760188+0200 Revoking sandbox extension; key = 0 NotificationService default 15:48:42.760227+0200 container_create_or_lookup_app_group_path_by_app_group_identifier: success NotificationService default 15:48:42.760673+0200 COMM: <NSThread: 0x12801b240>{number = 3, name = (null)} ended decrypt
Only one thread was able to decrypt.
Diff Detail
Diff Detail
- Repository
- rCOMM Comm
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp | ||
---|---|---|
93–98 ↗ | (On Diff #30210) | By doing that we're risking that the name will get shorter. This sounds serious because it reduces the number of possible file names, but only a little bit. But still, it could be better to avoid generating strings with spaces at all. A more serious issue with the number of strings is that I'm not sure if all the filesystems with which this code might interact are case-sensitive. We probably would be safer assuming that this isn't guaranteed. We probably should just use generateRandomHexString with the appropriate length, e.g. 16 or even 32. |