PTL: Fix connection establishment protocol (with refactoring)

[artpol84]

On the server side the folowing messages are sent to the client during connection:

• (4B) Security verification
• (4B) Status
• (4B) Server-local index of the peer

client only receives 2 messgaes:

• (4B) Status
• (4B) Server-local index of the peer

For unknown reason in most of the time extra 4 bytes were consumed by the client.
But sometimes these extra bytes were prepending a valid message shifting tag and
size away and PMIx_Init hangs were observed.

Signed-off-by: Artem Polyakov artpol84@gmail.com

[artpol84]

@jjhursey this issue I mentioned on the call.
I still see another issue but it is less frequent and happens in finalize.

[rhc54]

I'm afraid this isn't the correct fix - it will break the scenario where we execute a validation handshake operation or have no available validation mechanism. Let me poke at it a bit to see how we resolve it.

[artpol84]

@rhc54 I spent time debugging it and want to work on the fix further.
Please do not close my PRs.
You can provide your thoughts but I’d like to have a fix

[artpol84]

I will address the cases you mentioned and will update PR tomorrow

[artpol84]

Btw for handshake it should work fine I think.
Only absence of security module might be an issue

[rhc54]

No problem - happy to let you resolve it if you like. The problem is that the handshake and "no-module" paths both require that the final resolution be returned to the client. The correct patch is probably to simply remove the code that returned status in the macro for the "non-handshake" path, letting the code in the main function return the result for all three paths.

[rhc54]

If you feel it would help, you are more than welcome to replace the security handshake macro with the actual code - nothing sacred about the macro. The intent is that the server always makes final determination of the outcome and communicates it to the client, regardless of the security mechanism in use.

[artpol84]

@rhc54 note, that here a htonl conversion was missing.

[artpol84]

while here ntohl conversion is present.
It was working because the representation of 0x0 is the same in both LE and BE.

[rhc54]

Probably also because I'm unaware of anyone actually using mixed endian clusters any more. Still, we try to maintain it just as good practice.

[artpol84]

But here if one side performs htonl, but another side doesn't it will lead to an issue even on homogeneous cluster

[artpol84]

This was moved down to the place where a peer is fully initialized.

[artpol84]

IIUC we don't have psec modules with handshake so far.
So this change should be fine with respect to cross-version compatibility.

One clarification:
It seems to me that this code is not quite correct:

• Status message is received above (generic code for both client and server)
• but here you do another receive before and not after client's handshake.
  If I understand the right way would be to perform the handshake and only afterward exchange with messages.

[rhc54]

The handshake itself exchanges messages as part of its procedure. I'd have to look at the broader code to understand the situation.

[artpol84]

So let me rephrase:
Does it make sense to send the message before server has completed handshake?
IMO it doesn't, but it seems to be here in this sequence.

[artpol84]

Bringing the whole piece in question here:

        pmix_ptl_base_recv_blocking(sd, (char*)&reply, sizeof(pmix_status_t));	
        if (PMIX_SUCCESS != reply) {	
            /* see if they want us to do the handshake */	
            if (PMIX_ERR_READY_FOR_HANDSHAKE == reply) {	
                PMIX_PSEC_CLIENT_HANDSHAKE(reply, pmix_client_globals.myserver, sd);	
                if (PMIX_SUCCESS != reply) {	
                    return reply;	
                }	
                /* if the handshake succeeded, then fall thru to the next step */	
            } else {	
                return reply;	
            }	
        }

[artpol84]

The original status was already received above.
And after this code piece I don't see any additional exchange to confirm that handshake was successful

[artpol84]

As I haven't found any psec component that supports handshake, I think it is ok to move this above the subsequent sends.
And it is more logical to have authentification performed as the very first step.

[rhc54]

Some of us have components that implement handshakes (e.g., openssl) outside of the core code due to security requirements of specific customers. Let's make sure we don't break that support.

[artpol84]

Sure.
How can we do that?

[rhc54]

We used to have an openssl component but we removed it awhile ago and now provide it only upon customer request. It will take me some time to get it released again to the public repo. Meantime, I can check it when I get back next week.

[artpol84]

Also, here
https://github.com/pmix/pmix/pull/1240/files#diff-2f3e46bf48df10ec8101693fba191ef3R1283
I don't see that this case is expected in any way.
Only 2 receives are performed instead of 4.

[rhc54]

Again, I'd have to look at the broader context to understand the scenario. Will do so upon return from vacation.

[artpol84]

@rhc54, what would be a good way to check that tools communication is not broken?

[rhc54]

@rhc54, what would be a good way to check that tools communication is not broken?

Easiest would be to switch to the test/simple directory and run ./simptest -e ./simptool.

[artpol84]

$ ./simptest -e ./simptool
Testing version 4.0.0a1
[artpol-VirtualBox:03736] SERVER: ERRHANDLER REGISTRATION CALLBACK CALLED WITH STATUS 0, ref=0
Collecting inventory
[artpol-VirtualBox:03736] INVENTORY RECEIVED
Inventory collected: 0
[artpol-VirtualBox:03736] INVENTORY READY FOR DELIVERY
[artpol-VirtualBox:03736] SERVER: TOOL CONNECT
[artpol-VirtualBox:03752] Tool ns foobar rank 0: Running
[artpol-VirtualBox:03736] SERVER: QUERY
[artpol-VirtualBox:03736] 	Key: foobar
[artpol-VirtualBox:03736] 	Key: spastic
[artpol-VirtualBox:03752] Client ns foobar rank 0: Finalizing
[artpol-VirtualBox:03736] SERVER: FINALIZED foobar:0 WAKEUP 1
Client ns foobar rank 0:PMIx_Finalize successfully completed
SIMPTEST: Model event handler called with status -147(PMIX MODEL DECLARED)
	pmix.pgm.model:	PMIX
	pmix.mdl.name:	test
	pmix.evname:	SIMPTEST-MODEL
Test finished OK!

[artpol84]

Looks like working.
We should implement the same thing for the test suite so we will cover tools as well.

[rhc54]

Looks like working.
We should implement the same thing for the test suite so we will cover tools as well.

Sure, I can do that easily enough. Good idea.

[artpol84]

I was thinking about the handshake codepath and I don't think it would work at all in the current code base for the following reasons.

• Server would send a non-converted code for PMIX_ERR_READY_FOR_HANDSHAKE here. This will be value -14 = 0xFFFFFFF1
• Client would receive it with conversion here. This would result in ntohl(0xFFFFFFF1) = 0x1FFFFFFF which is positive and not equal to original -14.

Bottom line this sort of contributes to my statement that we are not breaking backward compatibility with tools as it was simply not working with the handshake.

We used to have an openssl component but we removed it a while ago and now provide it only upon customer request. It will take me some time to get it released again to the public repo. Meantime, I can check it when I get back next week.

This would be helpful because my original perception of the handshake logic was that server only needs to communicate that it is waiting for the handshake to begin and that afterward client-server communication (handshake) will happen over a separate channel and no additional confirmation would be required. So I was surprised by the following:

The problem is that the handshake and "no-module" paths both require that the final resolution be returned to the client.

As I interpret that as in the handshake sequence:

• Server sends PMIX_ERR_READY_FOR_HANDSHAKE
• They do handshake
• Another message is required to confirm that server has accepted the connection.

[artpol84]

@rhc54, as you know we have some urgency with 3.1.3 release.
If you can propose any way to speed up verification of this PR would be great.
Maybe you can send me OpenSSL component and I’ll test it myself today.

[artpol84]

@rhc54?

[rhc54]

Sorry - I returned from vacation last night and am only just beginning to find the bottom of my work inbox, let alone finding time to deal with this issue. I should be able to make time tomorrow.

Maybe you can send me OpenSSL component and I’ll test it myself today.

Somehow, I don't recall "email it to your competitor" being one of the options in my corporate software release manual 😄

[artpol84]

Ok, thanks.
Regarding OpenSSL - it wasn’t clear to me that it is a private component.

[artpol84]

Thanks, @karasevb !

[artpol84]

@rhc54 note, that effectively this change is breaking backward compatibility with previous versions as we discussed in #1239.

[artpol84]

I mean not this one, but the one that caused it in #1239

[rhc54]

I'm looking at this PR now - I am not convinced we want this last commit as we cannot backport it to the release branches to make them work. Will have to ponder and look at alternatives.

[jjhursey]

Adding the tool check to the Cross-version CI might be a good thing to do. Would it be as simple as all permutations of versions A and B:

cd $HOME/pmix-A/test/simple
./simptest -e $HOME/pmix-B/test/simple/simptool

If so I can work on adding that to the testing setup.

[rhc54]

Adding the tool check to the Cross-version CI might be a good thing to do. Would it be as simple as all permutations of versions A and B:

cd $HOME/pmix-A/test/simple
./simptest -e $HOME/pmix-B/test/simple/simptool

If so I can work on adding that to the testing setup.

Yep, that would do it! Don't include v1.2.5, obviously.

[artpol84]

This PR breaks tool compatibility in the way I described in #1240 (comment).
The rationale was the following:
We need to fix each branch anyway because of (a) the bug in connection protocol and (b) the fact that server sends unconverted handshake status and clients are using ntohl to interpret it.
Given that we had to touch every branch and recommend everyone to update I believe that it makes sense to refactor the protocol that is being fixed anyway.

I can restore the tools protocol if absolutely needed, but believe its not that important for the reasons above.

[artpol84]

Also @rhc54, could you confirm that #1240 (comment) is making sense to you.
I extracted all my concerns/rationale here. So you can only consider this comment out of the whole discussion.

[artpol84]

@rhc54 any progress on this?

[rhc54]

I'm working on it as time permits - we can discuss it on today's call.

[jjhursey]

Per teleconf:

• Ralph working on fixing the Tool connection portion of this PR (will post a PR when ready)
• Prefer to not touch the ptl/usock component since it's only there to support the v1.2 series. We should avoid making changes to ptl/usock if at all possible.
• Needs more investigation and review

[artpol84]

bot:retest

[ibm-ompi]

The IBM CI (Cross-version) build failed! Please review the log, linked below.

Gist: https://gist.github.com/97adb2838d0127ac4fabf8f03c6a5c2f

[artpol84]

@rhc54, note that this PR is mentioned in the release notes here:
Changes since v3.1.2rc2
PR #1237: Avoid double-free of collective tracker
PR #1237: Ensure all participants are notified of fence complete
PR #1237: Ensure all participants are notified of connect and disconnect complete
PR #1250: Fix PMIx_server_finalize hang (rare)
PR #1271: PTL/usock doesn't support tools
PR #1240: Fix the PTL connection establishment protocol <---- !!!!!
PR #1280: Fix tool connection in psec/handshake mode

But I'm actually going to close it as we went ahead with an alternative solution: So last two lines of the release notes should both reference #1280.