You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Dan Burkert (Code Review)" <ge...@cloudera.org> on 2017/05/26 01:12:49 UTC
[kudu-CR] Work around another OpenSSL thread safety bug
Hello Todd Lipcon, Alexey Serbin,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/6997
to review the following change.
Change subject: Work around another OpenSSL thread safety bug
......................................................................
Work around another OpenSSL thread safety bug
In the course of debugging some CHECK failures and TSAN errors, I found
that older versions of OpenSSL have non-threadsafe OBJ_create and even
ERR_peek_error methods. This commit fixes an instance where we were
calling OBJ_create concurrently by wrapping it in a std::call_once. I
don't have a fix for ERR_peek_err unsafety, since that's used
pervasively in most methods touching OpenSSL.
Side note: for debugging issues like this, I find it helpful to run ASAN
with the following options:
ASAN_OPTIONS="fast_unwind_on_malloc=0"
That option typically makes races more reproducible, and produces better
stack traces as well.
Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
---
M src/kudu/security/cert-test.cc
1 file changed, 7 insertions(+), 5 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/97/6997/1
--
To view, visit http://gerrit.cloudera.org:8080/6997
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] Work around another OpenSSL thread safety bug
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: Work around another OpenSSL thread safety bug
......................................................................
Patch Set 2:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/6997/2/src/kudu/security/cert.cc
File src/kudu/security/cert.cc:
PS2, Line 60: InitializeOpenSSL();
> Does it make sense to remove it from here at all and add one into Cert::Kud
I think it makes sense to keep it here, since moving it opens up the possibility of calling this method without first initializing.
--
To view, visit http://gerrit.cloudera.org:8080/6997
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes
[kudu-CR] Work around another OpenSSL thread safety bug
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change.
Change subject: Work around another OpenSSL thread safety bug
......................................................................
Patch Set 2:
(2 comments)
http://gerrit.cloudera.org:8080/#/c/6997/2//COMMIT_MSG
Commit Message:
Line 19: ASAN_OPTIONS="fast_unwind_on_malloc=0"
Thank you for putting this into the commit message. I remember Todd and/or you mentioned this in Slack some time ago, but it would be much easier to find it in the commit log.
http://gerrit.cloudera.org:8080/#/c/6997/2/src/kudu/security/cert.cc
File src/kudu/security/cert.cc:
PS2, Line 60: InitializeOpenSSL();
Does it make sense to remove it from here at all and add one into Cert::KuduKerberosPrincipal()? The only call sites of GetKuduKerberosPrincipalOidNid() is CertRequestGenerator::Init() and Cert::KuduKerberosPrincipal()
--
To view, visit http://gerrit.cloudera.org:8080/6997
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes
[kudu-CR] Work around another OpenSSL thread safety bug
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change.
Change subject: Work around another OpenSSL thread safety bug
......................................................................
Patch Set 2: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/6997
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] Work around another OpenSSL thread safety bug
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has submitted this change and it was merged.
Change subject: Work around another OpenSSL thread safety bug
......................................................................
Work around another OpenSSL thread safety bug
In the course of debugging some CHECK failures and TSAN errors, I found
that older versions of OpenSSL have non-threadsafe OBJ_create and even
ERR_peek_error methods. This commit fixes an instance where we were
calling OBJ_create concurrently by wrapping it in a std::call_once. I
don't have a fix for ERR_peek_err unsafety, since that's used
pervasively in most methods touching OpenSSL.
Side note: for debugging issues like this, I find it helpful to run ASAN
with the following options:
ASAN_OPTIONS="fast_unwind_on_malloc=0"
That option typically makes races more reproducible, and produces better
stack traces as well.
Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Reviewed-on: http://gerrit.cloudera.org:8080/6997
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <as...@cloudera.com>
---
M src/kudu/security/cert-test.cc
M src/kudu/security/cert.cc
2 files changed, 31 insertions(+), 6 deletions(-)
Approvals:
Alexey Serbin: Looks good to me, approved
Kudu Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/6997
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] Work around another OpenSSL thread safety bug
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has uploaded a new patch set (#2).
Change subject: Work around another OpenSSL thread safety bug
......................................................................
Work around another OpenSSL thread safety bug
In the course of debugging some CHECK failures and TSAN errors, I found
that older versions of OpenSSL have non-threadsafe OBJ_create and even
ERR_peek_error methods. This commit fixes an instance where we were
calling OBJ_create concurrently by wrapping it in a std::call_once. I
don't have a fix for ERR_peek_err unsafety, since that's used
pervasively in most methods touching OpenSSL.
Side note: for debugging issues like this, I find it helpful to run ASAN
with the following options:
ASAN_OPTIONS="fast_unwind_on_malloc=0"
That option typically makes races more reproducible, and produces better
stack traces as well.
Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
---
M src/kudu/security/cert-test.cc
M src/kudu/security/cert.cc
2 files changed, 31 insertions(+), 6 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/97/6997/2
--
To view, visit http://gerrit.cloudera.org:8080/6997
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I9a9fe1a32f77bf24a5c7e692a55b8ad96488d409
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>