IETF Logo Mail Archive

Re: HTTP/2: Race between PUSH_PROMISE and exclusive PRIORITY

Tom Bergan <tombergan@chromium.org> Fri, 16 September 2016 07:05 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 604E112B0F4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Sep 2016 00:05:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.527
X-Spam-Level:
X-Spam-Status: No, score=-8.527 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.001, RP_MATCHES_RCVD=-1.508, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-nSDMkNjFzl for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Sep 2016 00:05:11 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC39E12B0B8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 16 Sep 2016 00:05:11 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bkn8v-0005VK-47 for ietf-http-wg-dist@listhub.w3.org; Fri, 16 Sep 2016 07:01:01 +0000
Resent-Date: Fri, 16 Sep 2016 07:01:01 +0000
Resent-Message-Id: <E1bkn8v-0005VK-47@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tombergan@chromium.org>) id 1bkn8m-0005UF-4y for ietf-http-wg@listhub.w3.org; Fri, 16 Sep 2016 07:00:52 +0000
Received: from mail-it0-f51.google.com ([209.85.214.51]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tombergan@chromium.org>) id 1bkn8a-0002Kl-Pq for ietf-http-wg@w3.org; Fri, 16 Sep 2016 07:00:50 +0000
Received: by mail-it0-f51.google.com with SMTP id 186so10022217itf.0 for <ietf-http-wg@w3.org>; Fri, 16 Sep 2016 00:00:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GxOagp0EQXSEBqzkjnoeRgxBYP/BjtX/IDAGFImChJI=; b=VgwUBaZ6oGqOd6mbiOwH7BylilKjfp6kSlqpen3D6bFZ3xbzE3eYn6NIoMxZImANsu 49347gkNyoMLZksSOOkFhAXmzCPGZ/IjMvWXbWeXKf0ef929jSi6HluM6O2GnzFB8Tyz ZxSty3KKuo2U6NDL6QpnJ2Iv5b1fPBQJvKNVc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GxOagp0EQXSEBqzkjnoeRgxBYP/BjtX/IDAGFImChJI=; b=Oss24MesLp9aAWCTkFpzzTOLlVc7VxHmvF4eYmO2V5ehbTGWurJ3ASa52m1+zAZ95V O9hsOzhpqOqoBqMhrMvXWx5Ods59QkZSrT544sppcRbI9Gf4EMa9a8uhHg+BGtNYxF6e k31SN6YR5vKMhXZNEiZjRibg1W8ham3Q9FpxOczk6hmvecIfKo+c46icbICvNCh7fBw0 2aF2IZ242Fusi0e/W3H1+xMaIQ4A9iHYJLoLjoRuYErHkyjFT3kAI6CP0T6mEgDhkrb0 UR/XaY4eBFVSQvp/LAnHtJspqzsjAHcDsMh8tl9kpanRTBJUrA88gy8mHZDvxbjFd6fD /Cbw==
X-Gm-Message-State: AE9vXwPirbmnC9Z52AW9u1HIq5f67++QBUwnI02tdePL4jbgM1PnYd4vkkUuAagmi9RjUzqU
X-Received: by 10.36.207.8 with SMTP id y8mr4379730itf.63.1474009214371; Fri, 16 Sep 2016 00:00:14 -0700 (PDT)
Received: from mail-it0-f48.google.com (mail-it0-f48.google.com. [209.85.214.48]) by smtp.gmail.com with ESMTPSA id o188sm2474248itg.11.2016.09.16.00.00.13 for <ietf-http-wg@w3.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Sep 2016 00:00:13 -0700 (PDT)
Received: by mail-it0-f48.google.com with SMTP id n143so9957434ita.1 for <ietf-http-wg@w3.org>; Fri, 16 Sep 2016 00:00:13 -0700 (PDT)
X-Received: by 10.36.14.20 with SMTP id 20mr4145864ite.88.1474009212917; Fri, 16 Sep 2016 00:00:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.48.136 with HTTP; Fri, 16 Sep 2016 00:00:11 -0700 (PDT)
In-Reply-To: <CABkgnnUVa-7KfidT6caEXQ-_WEMN-UHoBgBUC=MUDxzcB4RL=g@mail.gmail.com>
References: <CA+3+x5EG+PV-FEcy23xPU5iJgqh6u6aVRsTS-g=fQZnsMFTMHg@mail.gmail.com> <CABkgnnUVa-7KfidT6caEXQ-_WEMN-UHoBgBUC=MUDxzcB4RL=g@mail.gmail.com>
From: Tom Bergan <tombergan@chromium.org>
Date: Fri, 16 Sep 2016 00:00:11 -0700
X-Gmail-Original-Message-ID: <CA+3+x5FpFrvp1f8fe_vG3_r_n2yZfJ54Z0mTOu2rTUhoWbckrA@mail.gmail.com>
Message-ID: <CA+3+x5FpFrvp1f8fe_vG3_r_n2yZfJ54Z0mTOu2rTUhoWbckrA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a1143840e886d0b053c9a83ff"
Received-SPF: pass client-ip=209.85.214.51; envelope-from=tombergan@chromium.org; helo=mail-it0-f51.google.com
X-W3C-Hub-Spam-Status: No, score=-5.2
X-W3C-Hub-Spam-Report: AWL=-1.010, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bkn8a-0002Kl-Pq df043ee3f93410976eaaeefde39b1dc2
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2: Race between PUSH_PROMISE and exclusive PRIORITY
Archived-At: <http://www.w3.org/mid/CA+3+x5FpFrvp1f8fe_vG3_r_n2yZfJ54Z0mTOu2rTUhoWbckrA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32410
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Your fix would work.

An even simpler (but maybe more controversial) fix is to eliminate the
notion of exclusive dependencies entirely. Say the tree is A -> {X1...XN}
and the client requests B, where the client wants to promote B above all
Xn. With exclusive dependencies, we can do this in a single HEADERS frame.
Without exclusive dependencies, we can still accomplish this by sending A
-> B in the HEADERS, followed by a PRIORITY frame for each B -> Xn. The
second version is a problem only if: (a) N is large, or (b) we are worried
about a race where the server receives the HEADERS frame and starts sending
a response before receiving the following PRIORITY frames.

(a) is an empirical question. Do any H2 clients use exclusive dependencies
on trees with large fanout? I can only speak for Chrome, which does not do
this. Chrome's priority trees are mostly linear.

(b) is a possible race, but I'm not sure how much we should care. The
server's priority tree is "wrong" between receiving HEADERS and the Nth
PRIORITY. In practice, I expect this will be a very short time period
unless there happens to be a congestion window boundary in the middle, and
since PRIORITY frames are small, I expect that to be rare, but this is only
a hunch.

On Thu, Sep 15, 2016 at 5:03 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> Hey Tom,
>
> This is a good bug.  I think that we built the exclusive thing without
> considering that possibility.  The problem is that there is no knowing
> what streams the sender of priority frame knew about when they send
> the PRIORITY frame.
>
> The same problem exists for PRIORITY sent by the server, but that's
> far less of a problem because we don't see anyone using that (or if
> they do, we don't agree on what that means).
>
> A simple "fix" here is to prohibit PRIORITY+exclusive from affecting
> streams that haven't been "mentioned" by the endpoint sending
> PRIORITY.  That is, each endpoint maintains a watermark (for both odd
> and even stream numbers) that increases every time they receive a
> frame from their peer and any stream number below that is assumed to
> be known to the other side.  That means tracking mentions though,
> which is a little cumbersome.
>
> --Martin
>
> On 15 September 2016 at 16:31, Tom Bergan <tombergan@chromium.org> wrote:
> > I believe the following example has a race:
> >
> > 1. Server receives request A.
> > 2. Server sends PUSH_PROMISE frames for B, C, D.
> > 3. Client sends PRIORITY to make B the exclusive parent of C
> > 4. Server receives that PRIORITY frame.
> >
> > After step 2, the server's local priority tree is A -> {B,C,D}, due to
> the
> > default priority rules in RFC 7540 Section 5.3.5. At step 4, the server
> > cannot know if the client has received the PUSH_PROMISE for D yet. This
> > makes it ambiguous whether the client intended the tree to be A -> B ->
> > {C,D} or A -> {B->C, D}. I believe this race can happen any time a
> > PUSH_PROMISE and exclusive PRIORITY can pass each other on the wire. I
> think
> > the race is impossible for non-exclusive PRIORITYs.
> >
> > This is the simplest example of the race, but it's admittedly strange
> that
> > the client would send that specific PRIORITY frame. Here's slightly more
> > complex, but less strange example:
> >
> > 1. Client requests A then B, where B's HEADERS frame makes A the
> exclusive
> > parent of B
> > 2. Server receives request A
> > 3. Server sends PUSH_PROMISE frames for C, D.
> > 4. Server receives request B
> > 5. Client receives PUSH_PROMISE frames for C, D
> >
> > At each step, the priority trees are updated like this:
> >
> > 1. Client's tree is A -> B
> > 2. Server's tree is A
> > 3. Server's tree is A -> {C,D}
> > 4. Server's tree is A -> B -> {C,D}
> > 5. Client's tree is A -> {B,C,D}
> >
> > If steps 3 and 4 are swapped, the client and server will finish with the
> > same priority tree. As-is, they finish with different priority trees.
> >
> > Does that sound right? If so, is this worth mentioning in some kind of
> > errata or other note? Apologies if this was brought up previously -- I
> > searched through the mailing list archives and did not see a mention.
> >
> > -Tom
>

v2.23.0 | Report a Bug | By Email