Race condition with the TLS thread

[floitsch]

Install the following code as a container with jaguar:

import http
import certificate-roots
import net

main:
  certificate-roots.install-common-trusted-roots
  network := net.open

  client := http.Client network
  response := client.get --uri="https://toit.io"
  response.body.drain
  client.close
  print "Response: $response.status-code"

For example as 'test' container:

jag container install test test.toit

Then reboot the device.
Just when you see 'connecting' (or depending on your network maybe slightly later) run the command to uninstall the container.

jag container uninstall test

This should lead to the following crash:

[wifi] DEBUG: connecting
[wifi] DEBUG: connected
[wifi] INFO: network address dynamically assigned through dhcp {ip: 192.168.88.101}
[wifi] INFO: dns server address dynamically assigned through dhcp {ip: [192.168.88.1, 8.8.8.8]}
[jaguar.http] INFO: running Jaguar device 'test' (id: 'be082c5a-1e21-4c8b-bdca-8de4c40d52e6') on 'http://192.168.88.101:9000'
Guru Meditation Error: Core  0 panic'ed (LoadProhibited). Exception was unhandled.

Core  0 register dump:
PC      : 0x400ddb6c  PS      : 0x00060630  A0      : 0x80164a9c  A1      : 0x3fff1d00  
A2      : 0x3fff27f0  A3      : 0x3fff9018  A4      : 0x3fff20d4  A5      : 0x0000000c  
A6      : 0x000000cc  A7      : 0x00000000  A8      : 0x00000000  A9      : 0x3fff2030  
A10     : 0x00000198  A11     : 0x3fff8d79  A12     : 0x0000000f  A13     : 0x00000030  
A14     : 0x3fff8f49  A15     : 0x00000067  SAR     : 0x00000020  EXCCAUSE: 0x0000001c  
EXCVADDR: 0x00000008  LBEG    : 0x4000c46c  LEND    : 0x4000c477  LCOUNT  : 0x00000000  



******************************************************************************
Decoding by `jag`, device has version <2.0.0-alpha.176.5+f1a00000>
******************************************************************************
Crash in native code:
Backtrace: 0x400ddb69:0x3fff1d00 0x40164a99:0x3fff2070 0x40164ff9:0x3fff2180 0x4014ecd7:0x3fff21c0 0x4014fb2b:0x3fff2210 0x4014e351:0x3fff22b0 0x4014e3a3:0x3fff22d0 0x400dd729:0x3fff22f0 0x400e2e39:0x3fff2310 0x400e2e92:0x3fff2340 0x400e924a:0x3fff2360 0x400e9271:0x3fff2380
0x400ddb69: toit::toit_tls_find_root(void*, mbedtls_x509_crt const*, mbedtls_x509_crt**) + 0x5
0x40164a99: x509_crt_verify_restartable_ca_cb + 0xe9
0x40164ff9: mbedtls_x509_crt_verify_with_ca_cb + 0x21
0x4014ecd7: mbedtls_ssl_parse_certificate + 0x73
0x4014fb2b: mbedtls_ssl_handshake_client_step + 0x66f
0x4014e351: mbedtls_ssl_handshake_step + 0x41
0x4014e3a3: mbedtls_ssl_handshake + 0x1f
0x400dd729: toit::BaseMbedTlsSocket::handshake() + 0x9
0x400e2e39: toit::TlsEventSource::entry() + 0x49
0x400e2e92: non-virtual thunk to toit::TlsEventSource::entry() + 0x6
0x400e924a: toit::Thread::_boot() + 0x22
0x400e9271: toit::esp_thread_start(void*) + 0x5
******************************************************************************

[kasperl]

It looks like we're deleting the resource groups in the process when we shut it down from the side. That in return will try to unregister all resources, thus deleting them. The TLS event source has a list of all the TLS socket resources that are being handshaken, so we must not delete them before mbedtls is done with them.

Special care has to be taken so that marking the socket resource for deletion and doing mbedtls callbacks that touch the resource are synchronized. The effect should be that we wait with deleting a process until we're sure the callbacks are done (ideally cancelled as fast as possible).