Closed Bug 1278767 Opened 9 years ago Closed 9 years ago

[Remote Control] Wrong time for Date.now() at the moment of generating a certificate for remote control service on FxOS TV

Categories

(Firefox OS Graveyard :: Gaia::TV, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::TV
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:2.6+, b2g-v2.6 fixed)

Status:
RESOLVED FIXED
Project Flags:
blocking-b2g 2.6+
Tracking Flags:
Tracking Status
b2g-v2.6 --- fixed

People

(Reporter: chunmin, Assigned: chunmin)

References

Details

(Whiteboard: [ft:conndevices])

Attachments

(1 file, 2 obsolete files)

(Re)start remote-control service when time is changed
48 bytes, text/x-github-pull-request
schien
: review+
jocheng
: approval-gaia-v2.6+
Details | Review
Device: Nexus player Steps for reproduce ----------------------------- 1. Flash the TV build into nexus player 2. reboot the TV 3. call Date.now() Expected result ----------------------------- The time converted from Date.now() should be the current time(e.g., 2016-6-8 14:46:30). Output result ----------------------------- The time converted from Date.now() is 2000-xxx-xxxx The year is apparently wrong.
Hi Eric, I open a bug for tracking the time issue causing the certificate error(bug 1276871). Please correct me if I say anything wrong of the reproducing steps. Hi Josh, It may have potential risk if there is anything using 'time' as a parameter to generate or process something for further usage on TV. However, we already have a workaround for bug 1276871, so this issue currently causes no harm for remote control service.
Whiteboard: [ft:conndevices]
Blocks: TV_FxOS2.6
Summary: Wrong time for Date.now() at the moment of generating a certificate for remote control service on FxOS TV → [Remote Control] Wrong time for Date.now() at the moment of generating a certificate for remote control service on FxOS TV
blocking-b2g: --- → 2.6?
See Also: → 1284191
From my test, if we delay startup of remote-control service for 30 sec, than the time is write and bug 1284191 won't happen.
blocking-b2g: 2.6? → 2.6+
WIP: https://github.com/ChunMinChang/gecko-dev/commit/8581f3663c0ac9b7d71b6ef6169813240e13b641 If we delay to launch the remote-control service after the network is connected, then sometimes the "_mozilla_papi._tcp" broadcast messages for presentation-api will disappear. I am tracing why this happen.
(In reply to Chun-Min Chang[:chunmin] from comment #5) > WIP: > https://github.com/ChunMinChang/gecko-dev/commit/ > 8581f3663c0ac9b7d71b6ef6169813240e13b641 > > If we delay to launch the remote-control service after the network is > connected, then sometimes the "_mozilla_papi._tcp" broadcast messages for > presentation-api will disappear. I am tracing why this happen. If I add some logs in MulticastDNSDeviceProvider.cpp / nsDNSServiceDiscovery.cpp / MDNSResponderOperator.cpp to trace, then it won't happen again. If I add an extra delay before launching RecomteControlService.jsm, then this won't happen. Thus, I guess it's some kind of race-condition. AFAIK, all main processing is on main thread, only some works will run on socket thread. However, I could reproduce it when I use GDB. More worse, using |p [variable]| in GDB can't work because FxOS on Nexusplayer can't disable optimizer by |export B2G_NOOPT=1|. I try using |volatile|, but it doesn't work. The GDB server in FxOS on Nexusplayer can't work normally. It will get stuck all the time. Check the process by |$ adb shell b2g-ps| $ adb shell b2g-ps APPLICATION SEC USER PID PPID VSIZE RSS WCHAN PC NAME b2g 0 root 170 1 261524 115236 ffffffff f3484be7 t /system/b2g/b2g (Nuwa) 0 root 366 170 134540 22732 ffffffff f736b522 S /system/b2g/b2g If the b2g process shows |t| on PC, then it means b2g get stuck We can use |kill -2| to interrupt the GDB server. $ adb shell kill -2 170 Then your GDB console will show --------------------------------------------------------------------------- Program received signal SIGINT, Interrupt. __epoll_pwait () at bionic/libc/arch-x86/syscalls/__epoll_pwait.S:32 32 cmpl $-MAX_ERRNO, %eax (gdb) Continuing. --------------------------------------------------------------------------- Then you can press 'c' to continue it. If it still gets stuck. Try again until it run.
workaround 1) Add extra delay after receiving the signal that the network is active, 2) Use nsIObserver to notify that the presentation api is started. Then remote_control.js should launch the RemoteControlService.jsm(_remotecontrol._tcp) after receiving this signal.
Attached file WIP: Add a service queue for mDNS (obsolete) —
Attachment #8768755 - Flags: feedback?(schien)
Comment on attachment 8771244 [details] WIP: Add a service queue for mDNS Hi SC, Could you give me some suggestions about this issue?
Attachment #8771244 - Flags: feedback?(schien)
Comment on attachment 8768755 [details] WIP: Delay loading RemoteControlService A better and more general solution is to monitor system time change event and renew certificate. On Firefox OS we can use https://developer.mozilla.org/en-US/docs/Mozilla/B2G_OS/API/Window/onmoztimechange.
Comment on attachment 8771244 [details] WIP: Add a service queue for mDNS No sure if this patch really works since we haven't understand the root cause. Need @xeonchen's input on how to further debugging on this issue since he know better about the current MDNS service implementation than me.
Flags: needinfo?(xeonchen)
Attachment #8771244 - Flags: feedback?(schien)
(In reply to Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz) from comment #11) > Comment on attachment 8771244 [details] > WIP: Add a service queue for mDNS > > No sure if this patch really works since we haven't understand the root > cause. Need @xeonchen's input on how to further debugging on this issue > since he know better about the current MDNS service implementation than me. If you want debug the b2g process, the only way I know is to attach it rather than running it directly. Did you try |./run-gdb.sh attach|? I'm not sure I understand the reason of the patch, when will the service queue contain more than one service? BTW, not sure if it helps, but Bug 1187813 describes a scenario that NTP doesn't work correctly on B2G.
Flags: needinfo?(xeonchen)
(In reply to Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz) from comment #10) > Comment on attachment 8768755 [details] > WIP: Delay loading RemoteControlService > > A better and more general solution is to monitor system time change event > and renew certificate. On Firefox OS we can use > https://developer.mozilla.org/en-US/docs/Mozilla/B2G_OS/API/Window/ > onmoztimechange. Hmm...it indeed can avoid this happening when starting up, but we still suffer from same issue every time when network is turned on again. We will re-start both Presentation API and remote-control service when the network status is back to alive, so we might need another approach here.
(In reply to Gary Chen [:xeonchen] from comment #12) > (In reply to Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz) from comment > #11) > > Comment on attachment 8771244 [details] > > WIP: Add a service queue for mDNS > > > > No sure if this patch really works since we haven't understand the root > > cause. Need @xeonchen's input on how to further debugging on this issue > > since he know better about the current MDNS service implementation than me. > > If you want debug the b2g process, the only way I know is to attach it > rather than running it directly. > Did you try |./run-gdb.sh attach|? > > I'm not sure I understand the reason of the patch, when will the service > queue contain more than one service? We will use mDNS to register a remote-control service[0] when network is connected. I think presentation api also be registered in the same time. What will happen when both services are registered? If the presentation api is registered first[1], is it possible to register the remote-control service before receiving the presentation api's reply[2]? I am not familiar with mDNS stuff, could you give me some suggestions? [0] https://github.com/mozilla-b2g/gecko-b2g/blob/b2g48_v2_6/b2g/components/RemoteControlService.jsm#L434 [1] https://dxr.mozilla.org/mozilla-central/source/netwerk/dns/mdns/libmdns/MDNSResponderOperator.cpp#416 [2] https://dxr.mozilla.org/mozilla-central/source/netwerk/dns/mdns/libmdns/MDNSResponderOperator.cpp#527
From Gary's testing, mDNS is able to register two services at the same time[0], so it should be fine without the queue. [0] https://gist.github.com/xeonchen/1f8ab104b3d90c3cfb15c29b81f8edd9
(In reply to Chun-Min Chang[:chunmin] from comment #15) Well, I notice that there is one |nsIDNSServiceInfo| and |nsIDNSRegistrationListener| in MDNSResponderOperator[0], so it is possible to be overwritten when the second service is registered before receiving first service's reply. [0] https://dxr.mozilla.org/mozilla-central/source/netwerk/dns/mdns/libmdns/MDNSResponderOperator.h#92
|window.onmoztimechange| can solve the issue for "generating certificate at the wrong time", so I submit the patch. The intermittent mDNS problem should be opened on another bug to trace it.
Attachment #8768755 - Attachment is obsolete: true
Attachment #8771244 - Attachment is obsolete: true
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed see my comment in pull request.
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed keep same structure
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed see my comment in pull request
Attachment #8772291 - Flags: review?(schien) → review-
If we delete the previous certificate on every window.onmoztimechange, then the certificate will be different on every boot up. The certificate fingerprint is currently used as the server's identification. Thus, if it's always different, then the paired client can't recognize it (so we need to enter PIN code to pair devices every time). One way is to use other fixed value like MAC address as server's identification, but I am not sure if it's possible to get MAC address of server on client side. Another way is to find a way to validate the certificate's date. If the date is expired, then we update it on window.onmoztimechange. Any idea?
Flags: needinfo?(schien)
(In reply to Chun-Min Chang[:chunmin] from comment #21) certificate.validity.notAfterLocalTime[0,1] might be a useful reference [0] https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsIX509Cert.idl#138 [1] http://searchfox.org/mozilla-central/source/security/manager/ssl/nsIX509CertValidity.idl#54
(In reply to Chun-Min Chang[:chunmin] from comment #21) > If we delete the previous certificate on every window.onmoztimechange, then > the certificate will be different on every boot up. The certificate > fingerprint is currently used as the server's identification. Thus, if it's > always different, then the paired client can't recognize it (so we need to > enter PIN code to pair devices every time). > > One way is to use other fixed value like MAC address as server's > identification, but I am not sure if it's possible to get MAC address of > server on client side. Another way is to find a way to validate the > certificate's date. If the date is expired, then we update it on > window.onmoztimechange. > > Any idea? Per our discussion, we'll need a logic in RemoteControlService.jsm that checks if it needs to recreate the certificate if expired. This logic will be used every time server start or system time change.
Flags: needinfo?(schien)
(In reply to Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz) from comment #23) > (In reply to Chun-Min Chang[:chunmin] from comment #21) > Per our discussion, we'll need a logic in RemoteControlService.jsm that > checks if it needs to recreate the certificate if expired. This logic will > be used every time server start or system time change. I found the logic is inside LocalCertGetTask[0] It explains why we can't start remote-control service upon TV is booted up, even when we use window.onmoztimechange to update the certificate. (we will get following sequence if we start service on boot op.) When |getOrCreateCert|[1] is called for starting service, it will validate the certificate's period. If current time < cert's started day or (current time - cert's expired day) < 1 day, then it's invalid[2]. 0) flash Init time is 2016/xx/xx start service -> getOrCreateCert -> Get cert fail -> create cert 'A' started from 2016... 1) first boot Init time is 2000/xx/xx start service -> getOrCreateCert -> Get cert 'A' -> validate fail -> create cert 'B' started from 2000... (onTimeChange -> time is 2016/xx/xx -> getOrCreateCert 'B' -> Get cert -> validate fail -> create cert 'B_1' started from 2016...) 2) second boot Init time is 2000/xx/xx start service -> getOrCreateCert -> Get cert 'B_1' -> validate fail -> create cert 'C' started from 2000... (onTimeChange -> time is 2016/xx/xx -> getOrCreateCert 'C' -> Get cert -> validate fail -> create cert 'C_1' started from 2016...) ... ... ... [0] http://searchfox.org/mozilla-central/source/security/manager/ssl/LocalCertService.cpp#84 [1] https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsILocalCertService.idl#30 [2] http://searchfox.org/mozilla-central/source/security/manager/ssl/LocalCertService.cpp#331
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed Keep anonymous function to create a local scope for all the remote control objects, but extract those duplicated code into functions. For time-changed event, we will do the following things: 1) RemoteControlService.stop() if service is running. 2) Delete the previous certificate and generate a new one if it's invalid - nsILocalCertService.getOrCreateCert will do this based on the current time 3) RemoteControlService.start() A |onTimeChange| function is added into remote_control.js to notify |RemoteControlService.jsm|. From perspective of remote_control.js, it doesn't know the certificate stuff, so it just passes this signal to RemoteControlService.jsm for further handling.
Attachment #8772291 - Flags: review- → review?(schien)
(In reply to Chun-Min Chang[:chunmin] from comment #16) This is incorrect. The RegisterOperator is newed and the serviceInfo is from underlying DNS Service Discovery(dns_sd.h). It's weird that the intermittent mDNS problem is never shown after I push the bluetooth service to nexus player....
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed see my comment in pull request.
Attachment #8772291 - Flags: review?(schien)
The remote-control service need to force setting |MOZ_B2G_REMOTECONTROLSERVICE| to true and comment some code in RemoteControlService.jsm to make it work. Mulet has neither nsINetworkManager[0] for monitoring the network status(it's for Gonk only) and nor window.onmoztimechange(Gonk only too?). In such case, we can't start the remote-control service if we don't run it directly on booting up. If we really need to run this service on non-gonk platform and avoid this issue, I think we need to manage the certificate by our own instead of nsILocalCertService. For example, RemoteControlService.jsm -------------------------------------------- function start(): ... ... cert = nsIX509CertDB.FindCertByNickname() // [1, 2] if (!cert) cert = nsILocalCertService.getOrCreateCert(...) } // The certificate will be validated upon receiving time-changed event ... function onTimeChange(aTimestamp): // Triggered by window.onmoztimechange ... ... if (aTimestamp > cert.validity.notAfter) { // [3, 4] // The certificate is expired, get a new one nsILocalCertService.removeCert() // [5] cert = nsILocalCertService.getOrCreateCert(...) } ... ... However, the window.onmoztimechange is also need to port to the non-gonk platform, otherwise, it won't be checked. What do you think? Should we need to enable remote-control service on Mulet? Is it ok that we could just do the certificate part on Mulet and leave the window.onmoztimechange and nsINetworkManager part? [0] https://dxr.mozilla.org/mozilla-esr45/source/dom/system/gonk/nsINetworkManager.idl [1] http://searchfox.org/mozilla-central/source/security/manager/ssl/nsIX509CertDB.idl#86 [2] http://searchfox.org/mozilla-central/source/security/manager/ssl/nsNSSCertificateDB.cpp#98 [3] http://searchfox.org/mozilla-central/source/security/manager/ssl/nsIX509Cert.idl#138 [4] http://searchfox.org/mozilla-central/source/security/manager/ssl/nsIX509CertValidity.idl#47 [5] http://searchfox.org/mozilla-central/source/security/manager/ssl/nsILocalCertService.idl#39
Flags: needinfo?(schien)
Thanks for the detailed explanation. Spending too much effort on enabling remote control on Mulet is unnecessary since we are not shipping TV 2.6 simulator. You can r? me when you address the one last comment I made on pull request.
Flags: needinfo?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed The main difference in this version: 1. Implementation of comment 28 2. Start remote-control service on booting up 3. Divide _doStart into several components for readability 4. Check the discoverable before firing onTimeChange for RemoteControlService.jsm The (1) will enable remote-control service on some platform without window.onmoztimechange and nsINetworkManager. It will run directly on starting up. However, it will make readers a bit confused about managing certificate ourselves instead of the inside logic in gecko. Leave some comments might be helpful.
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed see my comment on pull request.
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed The previous patch for implementation of comment 28 depends on Gonk's behaviour. Thus we wrap the code for Gonk only into preprocessor directives and leave other's behaviour as usual. For non-gonk platform, the service will be started on booting up and validate the certificate at the same time. For gonk platform, the service will be started on booting up but use the previous certificate without validation. The certificate will be validated when receiving time-changed event.
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed see my comment in pull request.
Attachment #8772291 - Flags: review?(schien)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed Move those code related to |nsIIOService| out of MOZ_WIDGET_GONK directives.
Attachment #8772291 - Flags: review?(schien)
Attachment #8772291 - Flags: review?(schien) → review+
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed [Approval Request Comment] [Bug caused by] (feature/regressing bug #): [User impact] if declined: [Testing completed]: [Risk to taking this patch] (and alternatives if risky): [String changes made]:
Attachment #8772291 - Flags: approval-gaia-v2.6?(jocheng)
Comment on attachment 8772291 [details] [review] (Re)start remote-control service when time is changed Approve for TV 2.6
Attachment #8772291 - Flags: approval-gaia-v2.6?(jocheng) → approval-gaia-v2.6+
Hi Gary, Could you help to merge this?
Flags: needinfo?(xeonchen)
Assignee: nobody → cchang
https://github.com/mozilla-b2g/gecko-b2g/commit/dd3ccdec45a855410cbdaced5efd2a90fa74ad52
Status: NEW → RESOLVED
Closed: 9 years ago
status-b2g-v2.6: --- → fixed
Flags: needinfo?(xeonchen)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: