Debian Bug report logs - #534683
libssl0.9.8: IMPL_CHECK gives a helgrind error

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Russell Coker <russell@coker.com.au>

Date: Fri, 26 Jun 2009 10:27:04 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534683; Package libssl0.9.8. (Fri, 26 Jun 2009 10:27:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Fri, 26 Jun 2009 10:27:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libssl0.9.8: IMPL_CHECK gives a helgrind error
Date: Fri, 26 Jun 2009 20:22:06 +1000
Package: libssl0.9.8
Version: 0.9.8g-15+lenny1
Severity: normal


==27415== Possible data race during read of size 8 at 0x55ef9c8 by thread #4
==27415==    at 0x52D1046: CRYPTO_new_ex_data (ex_data.c:570)
==27415==    by 0x5318BD7: RSA_new_method (rsa_lib.c:185)
==27415==    by 0x531B76C: rsa_cb (rsa_asn1.c:80)
==27415==    by 0x534CB42: asn1_item_ex_combine_new (tasn_new.c:177)
==27415==    by 0x53501E4: ASN1_item_ex_d2i (tasn_dec.c:399)
==27415==    by 0x53502B3: ASN1_item_d2i (tasn_dec.c:134)
==27415==    by 0x534863C: d2i_PublicKey (d2i_pu.c:96)
==27415==    by 0x534624F: X509_PUBKEY_get (x_pubkey.c:364)
==27415==    by 0x5346C07: d2i_PUBKEY (x_pubkey.c:390)
==27415==    by 0x40D480: SelectorInfo::Parse(char*) (dkimverify.cpp:1312)
==27415==    by 0x40E0A4: CDKIMVerify::GetSelector(std::string const&, std::stri
ng const&) (dkimverify.cpp:1369)
==27415==    by 0x410120: CDKIMVerify::ProcessHeaders() (dkimverify.cpp:719)
==27415==  This conflicts with a previous write of size 8 by thread #2
==27415==    at 0x52D0F67: impl_check (ex_data.c:205)
==27415==    by 0x52D1084: CRYPTO_new_ex_data (ex_data.c:570)
==27415==    by 0x532684F: BIO_set (bio_lib.c:100)
==27415==    by 0x53268D9: BIO_new (bio_lib.c:76)
==27415==    by 0x5326E81: BIO_new_mem_buf (bss_mem.c:102)
==27415==    by 0x4065C4: dk_end (domainkeys.c:1843)
==27415==    by 0x406D22: dk_eom (domainkeys.c:1982)
==27415==    by 0x4034CC: domainkeys_verify(int, char const*, int, unsigned char
**, char***) (dkim-test.cpp:218)

I get the above an on AMD64 system.  Line 570 of ex_data.c has IMPL_CHECK which
is defined as follows:
/* Internal function that checks whether "impl" is set and if not, sets it to
 * the default. */
static void impl_check(void)
        {
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
        if(!impl)
                impl = &impl_default;
        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
        }
/* A macro wrapper for impl_check that first uses a non-locked test before
 * invoking the function (which checks again inside a lock). */
#define IMPL_CHECK if(!impl) impl_check();

So if we changed the macro definition to the following then the problem would
go away:

#define IMPL_CHECK impl_check();

But that would probably decrease performance.  Is there a possibility of a
pointer write not being atomic?




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534683; Package libssl0.9.8. (Fri, 26 Jun 2009 11:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Fri, 26 Jun 2009 11:57:06 GMT) Full text and rfc822 format available.

Message #10 received at 534683@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Russell Coker <russell@coker.com.au>, 534683@bugs.debian.org
Subject: Re: [Pkg-openssl-devel] Bug#534683: libssl0.9.8: IMPL_CHECK gives a helgrind error
Date: Fri, 26 Jun 2009 13:34:25 +0200
On Fri, Jun 26, 2009 at 08:22:06PM +1000, Russell Coker wrote:
> /* Internal function that checks whether "impl" is set and if not, sets it to
>  * the default. */
> static void impl_check(void)
>         {
>         CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
>         if(!impl)
>                 impl = &impl_default;
>         CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
>         }
> /* A macro wrapper for impl_check that first uses a non-locked test before
>  * invoking the function (which checks again inside a lock). */
> #define IMPL_CHECK if(!impl) impl_check();
> 
> So if we changed the macro definition to the following then the problem would
> go away:
> 
> #define IMPL_CHECK impl_check();
> 
> But that would probably decrease performance.  Is there a possibility of a
> pointer write not being atomic?

The answer to that question is very CPU specific.  There is no
guarantee that it is atomic.  And I'm not even sure that being
atomic is a good enough guarantee.  You probably also need
to prevent reordering (with barriers).

Looking at the Linux kernel, they have a define/function
atomic_set() just to be able to write a integer atomicly on all
arches it supports.  There is also an atomic_read().

Looking at this example, impl could be in the process of being
written in thread 1, but only half written, and then thread 2's
"if (!impl)" could fail and it might call impl() with a wrong
pointer.  It's probably unlikely that this happens, but it
always bites you sooner or later.


Kurt





Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sat, 19 Nov 2011 09:50:35 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sat, 19 Nov 2011 09:50:39 GMT) Full text and rfc822 format available.

Message #15 received at 534683-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 351684-done@bugs.debian.org,394107-done@bugs.debian.org,431918-done@bugs.debian.org,511727-done@bugs.debian.org,520021-done@bugs.debian.org,524682-done@bugs.debian.org,526747-done@bugs.debian.org,534534-done@bugs.debian.org,534656-done@bugs.debian.org,534683-done@bugs.debian.org,534685-done@bugs.debian.org,534687-done@bugs.debian.org,534699-done@bugs.debian.org,534706-done@bugs.debian.org,534889-done@bugs.debian.org,534892-done@bugs.debian.org,536229-done@bugs.debian.org,546521-done@bugs.debian.org,556968-done@bugs.debian.org,557261-done@bugs.debian.org,561558-done@bugs.debian.org,645805-done@bugs.debian.org,
Cc: openssl098@packages.debian.org, openssl098@packages.qa.debian.org
Subject: Bug#641975: Removed package(s) from unstable
Date: Sat, 19 Nov 2011 09:44:37 +0000
Version: 0.9.8o-7+rm

Dear submitter,

as the package openssl098 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/641975

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug No longer marked as fixed in versions 0.9.8o-7+rm and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:47 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libssl0.9.8' to 'openssl'. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:59 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions openssl/0.9.8g-15+lenny1. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:59 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:26:39 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.