Implement Connection Pool API

[anrossi]

Description

Provide an API for pooling connections across multiple RSS cores

Testing

Manual testing

Documentation

Documentation will be updated with the new API

[nibanks]

If this is an internal function, we can probably assert this instead of checking it. SAL indicates this is a required output too.

[anrossi]

Well it's part of the CxPlat interface, so if we make that library separate, it should validate this

[nibanks]

If we ever actually do that, then there will be plenty to clean up. For now, simpler is better IMO.

[anrossi]

I think I'm going to leave this here. Why would we want less validation? It's on the control path, so this isn't performance sensitive.

[guhetier]

nit: it's not more or less validation, it is hard failure vs soft failure :)
This check means the caller might do something wrong (not provide the output buffer) and it will be harder for us to realize because we migth recover. A crash would point at the error directly.

[nibanks]

I would prefer a DBG assert instead of a check for all internal functions, independent of if it might be exposed later.

[codecov]

Codecov Report

Attention: Patch coverage is 32.54717% with 143 lines in your changes missing coverage. Please review.

Project coverage is 86.28%. Comparing base (da4cbd2) to head (acd61c6).

Files with missing lines	Patch %	Lines
src/core/connection_pool.c	30.39%	142 Missing ⚠️
src/core/library.h	83.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4832      +/-   ##
==========================================
- Coverage   87.08%   86.28%   -0.80%     
==========================================
  Files          56       57       +1     
  Lines       17685    17894     +209     
==========================================
+ Hits        15401    15440      +39     
- Misses       2284     2454     +170     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[guhetier]

"and started" -> does it means the flag causes all created connections to be closed on failure, or only started connections?

I assume the former, that is the reasonable thing to do - but that sentence can be confusing. Maybe the "started" part should be in the "Note": "The connection might have been started when it get close because of this flag, ...."

[guhetier]

Is the cast needed? The function accepts a uint32_t

[guhetier]

This comment should be updated.
(the "just use the current processor" part is more nuanced now).

Ugh, github is annoying, it doesn't let me comment on a line out of its diff :(

[guhetier]

Why the == TRUE? If this is already a "nice" boolean, there is no need for it. If it isn't yet a "nice" boolean, this could give the wrong result (and !! or != FALSE would be better).

[anrossi]

We had a pattern (that seems to have been abandoned) where boolean values from user mode were converted for use in kernel mode with != FALSE (which is what I should have done).
These are "nice" booleans, so I should be able to use them directly. Let's try that

[guhetier]

_In_ SAL annotation don't mean anything on a struct, and are not used in MsQuic currently (or at least in this file). I don't think we should introduce that pattern.
_Field_* annotations should be used if there is something to specify here.

[anrossi]

Fair point. I'll convert the ones that can be to _Field_* and remove the rest.

[guhetier]

nit: it's not more or less validation, it is hard failure vs soft failure :)
This check means the caller might do something wrong (not provide the output buffer) and it will be harder for us to realize because we migth recover. A crash would point at the error directly.

[guhetier]

nit: That if test is very hard to read.
It could easily be split in several tests and potentially in a "validateConfig" function.

[anrossi]

I'll break it up to make it easier to read, but this is an area where I disagree with making a helper function.

[guhetier]

Shouldn't this one also be INTERNAL_ERROR?
Is there a scenario that can lead here, or is this check to be cautious but essentially an assert?

[anrossi]

It could be an ASSERT because I don't think RSS can be configured with a smaller key size (on windows at least. No idea about Linux).
But I picked INVALID_STATE because the RSS configuration would be in an invalid state. Potentially difficult for the caller to understand that.

[guhetier]

I see...
INVALID_STATE is generally used when the caller did something at the wrong time or in the wrong order.

Do you know if the user could do something that affect the rss key length? If yes, INVALID_STATE can make sense.
But if it means the OS is in a wrong config (or a config ew don't expect), I think I'd keep INTERNAL_ERROR (or some other more precise error code)

[guhetier]

IMO, everything inside the body of this loop should be extracted in a "TryCreateConnection" function, or something similar.
And everything in the parent loop should also be extracted in a "CreateConnection" function or some similar name.

Both are action that are pretty independent from all the pre-processing you need to do first, it will help a lot being able to abstract them.

[nibanks]

Could you put a comment to say why we need this?

[nibanks]

In general, we should be using the following format for error traces (not logs) so they are collected in the low volume scenario:

        QuicTraceEvent(
            LibraryErrorStatus,
            "[ lib] ERROR, %u, %s.",
            WsaError,
            "WSAStartup");

[nibanks]

Suggested change

	#define IOCTL_QUIC_RUN_VALIDATE_CONNECTION_POOL_CREATE \
	QUIC_CTL_CODE(132, METHOD_BUFFERED, FILE_WRITE_DATA)
	#define IOCTL_QUIC_RUN_VALIDATE_CONNECTION_POOL_CREATE \
	QUIC_CTL_CODE(132, METHOD_BUFFERED, FILE_WRITE_DATA)

[nibanks]

What happens if/when this is called in parallel on two threads/cpus?

[nibanks]

nit: offsets in this function are all off.

[nibanks]

Code coverage is still claiming a lot of the lines in this file are uncovered...

[nibanks]

I believe this is because code coverage doesn't run with xdp. Probably should change that...

[nibanks]

Remember, QuicTraceLog* functions are effectively verbose level 'printf' style traces. If you want to be able to efficiently capture an error trace, you will need to use QuicTraceEvent. Perhaps this is fine for invalid parameter calls (I don't think we even have these at all for api.c), but please keep in mind for all your error logging.

[nibanks]

FYI, in general, for other functions in api.c we are logging api enter/exit even for INVALID_PARAMETER cases.

[anrossi]

Right, but I can't dereference an untrusted pointer without validating it isn't NULL. So either I log entry after the validation, or I log entry without any parameter, which seems to be the requirement for this scenario.

[nibanks]

In general, you don't need to log an error if the function itself already logs an error.