Tentative fix for a deadlock from 4169 (#4245)

rzikm · web-flow · commit f903bfebbc09 · 2024-04-16T15:58:53.000-04:00
diff --git a/src/core/packet_builder.c b/src/core/packet_builder.c
@@ -101,6 +101,7 @@ QuicPacketBuilderInitialize(
     Builder->Path = Path;
     Builder->PacketBatchSent = FALSE;
     Builder->PacketBatchRetransmittable = FALSE;
+    Builder->WrittenConnectionCloseFrame = FALSE;
     Builder->Metadata = &Builder->MetadataStorage.Metadata;
     Builder->EncryptionOverhead = CXPLAT_ENCRYPTION_OVERHEAD;
     Builder->TotalDatagramsLength = 0;
@@ -493,9 +494,12 @@ QuicPacketBuilderGetPacketTypeAndKeyForControlFrames(
                     ? QUIC_PACKET_KEY_HANDSHAKE
                     : QUIC_PACKET_KEY_INITIAL;
 
-            if ((Builder->Datagram == NULL || Builder->DatagramLength == 0) &&
+            if (!Builder->WrittenConnectionCloseFrame &&
                 Connection->Crypto.TlsState.WriteKeys[PreviousKeyType] != NULL) {
-                MaxKeyType = PreviousKeyType; // Use the lower key for the first packet in a datagram.
+                //
+                // Downgrade the key so that we send the CLOSE frame on previous protection level.
+                //
+                MaxKeyType = PreviousKeyType;
             }
         }
 
diff --git a/src/core/packet_builder.h b/src/core/packet_builder.h
@@ -78,6 +78,11 @@ typedef struct QUIC_PACKET_BUILDER {
     //
     uint8_t EcnEctSet : 1;
 
+    //
+    // Indicates that a CONNECTION_CLOSE frame was written in some packet.
+    //
+    uint8_t WrittenConnectionCloseFrame : 1;
+
     //
     // The total number of datagrams that have been created.
     //
diff --git a/src/core/send.c b/src/core/send.c
@@ -532,7 +532,7 @@ QuicSendWriteFrames(
         char* CloseReasonPhrase = Connection->CloseReasonPhrase;
 
         if (IsApplicationClose && ! Is1RttEncryptionLevel) {
-            // 
+            //
             // A CONNECTION_CLOSE of type 0x1d MUST be replaced by a CONNECTION_CLOSE of
             // type 0x1c when sending the frame in Initial or Handshake packets. Otherwise,
             // information about the application state might be revealed. Endpoints MUST
@@ -558,6 +558,8 @@ QuicSendWriteFrames(
                 AvailableBufferLength,
                 Builder->Datagram->Buffer)) {
 
+            Builder->WrittenConnectionCloseFrame = TRUE;
+
             //
             // We potentially send the close frame on multiple protection levels.
             // We send in increasing encryption level so clear the flag only once
