[MDEV-20329] S3 engine can crash when libcurl is compiled with OpenSSL < 1.1 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4.7
Fix Version/s: 10.5.3
Component/s: Storage Engine - S3
Labels:
None

Description

libMariaS3 uses libcurl underneath. This in-turn uses an SSL library which most commonly is OpenSSL. Certain versions of Linux compile it with OpenSSL 1.0.2 which has a potential race condition in it.

To resolve this the curl creators recommend adding locking callbacks to OpenSSL. Of course this requires us to know what SSL library Curl was compiled with. Which means once there is a code fix to libMariaS3 there will also need to be a subsequent fix in the S3 engine's build system.

Attachments

Activity

Ascending order - Click to sort in descending order

Andrew Hutchings (Inactive) added a comment - 2019-08-12 13:51

libMariaS3 bug for reference: https://github.com/mariadb-corporation/libmarias3/issues/70

Andrew Hutchings (Inactive) added a comment - 2019-08-12 13:51 libMariaS3 bug for reference: https://github.com/mariadb-corporation/libmarias3/issues/70

Elena Stepanova added a comment - 2019-08-12 13:56

To make it searchable:

Thread 1 (Thread 0x7f7130a32700 (LWP 11369)):

#0  0x00007f7137691c15 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#1  0x00007f713769221a in lh_retrieve () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#2  0x00007f71376947f1 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#3  0x00007f7137695221 in ERR_get_state () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#4  0x00007f713769533e in ERR_put_error () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#5  0x00007f71376c7542 in PEM_read_bio () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#6  0x00007f71376c58fa in PEM_X509_INFO_read_bio () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#7  0x00007f71376d575c in X509_load_cert_crl_file () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#8  0x00007f71376d587a in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#9  0x00007f71376cb88f in X509_STORE_load_locations () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2

#10 0x00007f713c13a50b in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#11 0x00007f713c13c4c2 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#12 0x00007f713c0ed5d2 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#13 0x00007f713c100487 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#14 0x00007f713c115796 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#15 0x00007f713c1166c1 in curl_multi_perform () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#16 0x00007f713c10c680 in curl_easy_perform () from /usr/lib/x86_64-linux-gnu/libcurl.so.4

#17 0x000055f53aa0c16c in execute_request (ms3=0x7f70c021ed30, cmd=MS3_CMD_GET, bucket=0x7ffe4eb264ac "elenas-bucket", object=0x7f7130a2f350 "test/ts1/frm", source_bucket=0x0, source_object=0x0, filter=0x0, data=0x0, data_size=0, continuation=0x0, ret_ptr=0x7f7130a2f270) at /data/src/bb-10.5-monty/storage/maria/libmarias3/src/request.c:781

#18 0x000055f53aa088cf in ms3_get (ms3=0x7f70c021ed30, bucket=0x7ffe4eb264ac "elenas-bucket", key=0x7f7130a2f350 "test/ts1/frm", data=0x7f7130a2f608, length=0x7f7130a2f610) at /data/src/bb-10.5-monty/storage/maria/libmarias3/src/marias3.c:259

#19 0x000055f53aa0546d in s3_get_object (s3_client=0x7f70c021ed30, aws_bucket=0x7ffe4eb264ac "elenas-bucket", name=0x7f7130a2f350 "test/ts1/frm", block=0x7f7130a2f600, compression=0 '\000', print_error=0 '\000') at /data/src/bb-10.5-monty/storage/maria/s3_func.c:837

#20 0x000055f53aa06cd3 in s3_get_frm (s3_client=0x7f70c021ed30, s3_info=0x7f7130a2f640, block=0x7f7130a2f600) at /data/src/bb-10.5-monty/storage/maria/s3_func.c:1217

#21 0x000055f53aa0031e in s3_discover_table (hton=0x55f53d7f3830, thd=0x7f70c0000b10, share=0x7f70c03c68a8) at /data/src/bb-10.5-monty/storage/maria/ha_s3.cc:543

#22 0x000055f539bd7630 in discover_handlerton (thd=0x7f70c0000b10, plugin=0x7f70c016d4e0, arg=0x7f70c03c68a8) at /data/src/bb-10.5-monty/sql/handler.cc:5314

#23 0x000055f5396192f5 in plugin_foreach_with_mask (thd=0x7f70c0000b10, func=0x55f539bd75a1 <discover_handlerton(THD*, plugin_ref, void*)>, type=1, state_mask=8, arg=0x7f70c03c68a8) at /data/src/bb-10.5-monty/sql/sql_plugin.cc:2432

#24 0x000055f539bd7a2a in ha_discover_table (thd=0x7f70c0000b10, share=0x7f70c03c68a8) at /data/src/bb-10.5-monty/sql/handler.cc:5358

#25 0x000055f539800463 in open_table_def (thd=0x7f70c0000b10, share=0x7f70c03c68a8, flags=11) at /data/src/bb-10.5-monty/sql/table.cc:632

#26 0x000055f539a394a4 in tdc_acquire_share (thd=0x7f70c0000b10, tl=0x7f70c0015048, flags=3, out_table=0x7f7130a2fc88) at /data/src/bb-10.5-monty/sql/table_cache.cc:840

#27 0x000055f5394adf9b in open_table (thd=0x7f70c0000b10, table_list=0x7f70c0015048, ot_ctx=0x7f7130a30070) at /data/src/bb-10.5-monty/sql/sql_base.cc:1944

#28 0x000055f5394b53fe in open_and_process_table (thd=0x7f70c0000b10, tables=0x7f70c0015048, counter=0x7f7130a30104, flags=0, prelocking_strategy=0x7f7130a30188, has_prelocking_list=false, ot_ctx=0x7f7130a30070) at /data/src/bb-10.5-monty/sql/sql_base.cc:3841

#29 0x000055f5394b79b2 in open_tables (thd=0x7f70c0000b10, options=..., start=0x7f7130a300e8, counter=0x7f7130a30104, flags=0, prelocking_strategy=0x7f7130a30188) at /data/src/bb-10.5-monty/sql/sql_base.cc:4341

#30 0x000055f5394bb509 in open_and_lock_tables (thd=0x7f70c0000b10, options=..., tables=0x7f70c0015048, derived=true, flags=0, prelocking_strategy=0x7f7130a30188) at /data/src/bb-10.5-monty/sql/sql_base.cc:5225

#31 0x000055f53943b161 in open_and_lock_tables (thd=0x7f70c0000b10, tables=0x7f70c0015048, derived=true, flags=0) at /data/src/bb-10.5-monty/sql/sql_base.h:505

#32 0x000055f5395f672e in execute_sqlcom_select (thd=0x7f70c0000b10, all_tables=0x7f70c0015048) at /data/src/bb-10.5-monty/sql/sql_parse.cc:6240

#33 0x000055f5395e13f4 in mysql_execute_command (thd=0x7f70c0000b10) at /data/src/bb-10.5-monty/sql/sql_parse.cc:3882

#34 0x000055f5395fe348 in mysql_parse (thd=0x7f70c0000b10, rawbuf=0x7f70c0014528 "SELECT MAX(`from`), MIN(`to`) FROM ts1  /* QNO 360 CON_ID 15 */", length=63, parser_state=0x7f7130a311d0, is_com_multi=false, is_next_command=false) at /data/src/bb-10.5-monty/sql/sql_parse.cc:7868

#35 0x000055f5395d549d in dispatch_command (command=COM_QUERY, thd=0x7f70c0000b10, packet=0x7f70c0008221 " SELECT MAX(`from`), MIN(`to`) FROM ts1  /* QNO 360 CON_ID 15 */ ", packet_length=65, is_com_multi=false, is_next_command=false) at /data/src/bb-10.5-monty/sql/sql_parse.cc:1827

#36 0x000055f5395d25f9 in do_command (thd=0x7f70c0000b10) at /data/src/bb-10.5-monty/sql/sql_parse.cc:1360

#37 0x000055f5398b5a1c in do_handle_one_connection (connect=0x55f53e59a930, put_in_cache=true) at /data/src/bb-10.5-monty/sql/sql_connect.cc:1413

#38 0x000055f5398b53b6 in handle_one_connection (arg=0x55f53e59a930) at /data/src/bb-10.5-monty/sql/sql_connect.cc:1309

#39 0x00007f713cd704a4 in start_thread (arg=0x7f7130a32700) at pthread_create.c:456

#40 0x00007f713ac7dd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Elena Stepanova added a comment - 2019-08-12 13:56 To make it searchable: Thread 1 (Thread 0x7f7130a32700 (LWP 11369)): #0 0x00007f7137691c15 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #1 0x00007f713769221a in lh_retrieve () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #2 0x00007f71376947f1 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #3 0x00007f7137695221 in ERR_get_state () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #4 0x00007f713769533e in ERR_put_error () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #5 0x00007f71376c7542 in PEM_read_bio () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #6 0x00007f71376c58fa in PEM_X509_INFO_read_bio () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #7 0x00007f71376d575c in X509_load_cert_crl_file () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #8 0x00007f71376d587a in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #9 0x00007f71376cb88f in X509_STORE_load_locations () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 #10 0x00007f713c13a50b in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #11 0x00007f713c13c4c2 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #12 0x00007f713c0ed5d2 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #13 0x00007f713c100487 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #14 0x00007f713c115796 in ?? () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #15 0x00007f713c1166c1 in curl_multi_perform () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #16 0x00007f713c10c680 in curl_easy_perform () from /usr/lib/x86_64-linux-gnu/libcurl.so.4 #17 0x000055f53aa0c16c in execute_request (ms3=0x7f70c021ed30, cmd=MS3_CMD_GET, bucket=0x7ffe4eb264ac "elenas-bucket", object=0x7f7130a2f350 "test/ts1/frm", source_bucket=0x0, source_object=0x0, filter=0x0, data=0x0, data_size=0, continuation=0x0, ret_ptr=0x7f7130a2f270) at /data/src/bb-10.5-monty/storage/maria/libmarias3/src/request.c:781 #18 0x000055f53aa088cf in ms3_get (ms3=0x7f70c021ed30, bucket=0x7ffe4eb264ac "elenas-bucket", key=0x7f7130a2f350 "test/ts1/frm", data=0x7f7130a2f608, length=0x7f7130a2f610) at /data/src/bb-10.5-monty/storage/maria/libmarias3/src/marias3.c:259 #19 0x000055f53aa0546d in s3_get_object (s3_client=0x7f70c021ed30, aws_bucket=0x7ffe4eb264ac "elenas-bucket", name=0x7f7130a2f350 "test/ts1/frm", block=0x7f7130a2f600, compression=0 '\000', print_error=0 '\000') at /data/src/bb-10.5-monty/storage/maria/s3_func.c:837 #20 0x000055f53aa06cd3 in s3_get_frm (s3_client=0x7f70c021ed30, s3_info=0x7f7130a2f640, block=0x7f7130a2f600) at /data/src/bb-10.5-monty/storage/maria/s3_func.c:1217 #21 0x000055f53aa0031e in s3_discover_table (hton=0x55f53d7f3830, thd=0x7f70c0000b10, share=0x7f70c03c68a8) at /data/src/bb-10.5-monty/storage/maria/ha_s3.cc:543 #22 0x000055f539bd7630 in discover_handlerton (thd=0x7f70c0000b10, plugin=0x7f70c016d4e0, arg=0x7f70c03c68a8) at /data/src/bb-10.5-monty/sql/handler.cc:5314 #23 0x000055f5396192f5 in plugin_foreach_with_mask (thd=0x7f70c0000b10, func=0x55f539bd75a1 <discover_handlerton(THD*, plugin_ref, void*)>, type=1, state_mask=8, arg=0x7f70c03c68a8) at /data/src/bb-10.5-monty/sql/sql_plugin.cc:2432 #24 0x000055f539bd7a2a in ha_discover_table (thd=0x7f70c0000b10, share=0x7f70c03c68a8) at /data/src/bb-10.5-monty/sql/handler.cc:5358 #25 0x000055f539800463 in open_table_def (thd=0x7f70c0000b10, share=0x7f70c03c68a8, flags=11) at /data/src/bb-10.5-monty/sql/table.cc:632 #26 0x000055f539a394a4 in tdc_acquire_share (thd=0x7f70c0000b10, tl=0x7f70c0015048, flags=3, out_table=0x7f7130a2fc88) at /data/src/bb-10.5-monty/sql/table_cache.cc:840 #27 0x000055f5394adf9b in open_table (thd=0x7f70c0000b10, table_list=0x7f70c0015048, ot_ctx=0x7f7130a30070) at /data/src/bb-10.5-monty/sql/sql_base.cc:1944 #28 0x000055f5394b53fe in open_and_process_table (thd=0x7f70c0000b10, tables=0x7f70c0015048, counter=0x7f7130a30104, flags=0, prelocking_strategy=0x7f7130a30188, has_prelocking_list=false, ot_ctx=0x7f7130a30070) at /data/src/bb-10.5-monty/sql/sql_base.cc:3841 #29 0x000055f5394b79b2 in open_tables (thd=0x7f70c0000b10, options=..., start=0x7f7130a300e8, counter=0x7f7130a30104, flags=0, prelocking_strategy=0x7f7130a30188) at /data/src/bb-10.5-monty/sql/sql_base.cc:4341 #30 0x000055f5394bb509 in open_and_lock_tables (thd=0x7f70c0000b10, options=..., tables=0x7f70c0015048, derived=true, flags=0, prelocking_strategy=0x7f7130a30188) at /data/src/bb-10.5-monty/sql/sql_base.cc:5225 #31 0x000055f53943b161 in open_and_lock_tables (thd=0x7f70c0000b10, tables=0x7f70c0015048, derived=true, flags=0) at /data/src/bb-10.5-monty/sql/sql_base.h:505 #32 0x000055f5395f672e in execute_sqlcom_select (thd=0x7f70c0000b10, all_tables=0x7f70c0015048) at /data/src/bb-10.5-monty/sql/sql_parse.cc:6240 #33 0x000055f5395e13f4 in mysql_execute_command (thd=0x7f70c0000b10) at /data/src/bb-10.5-monty/sql/sql_parse.cc:3882 #34 0x000055f5395fe348 in mysql_parse (thd=0x7f70c0000b10, rawbuf=0x7f70c0014528 "SELECT MAX(`from`), MIN(`to`) FROM ts1 /* QNO 360 CON_ID 15 */", length=63, parser_state=0x7f7130a311d0, is_com_multi=false, is_next_command=false) at /data/src/bb-10.5-monty/sql/sql_parse.cc:7868 #35 0x000055f5395d549d in dispatch_command (command=COM_QUERY, thd=0x7f70c0000b10, packet=0x7f70c0008221 " SELECT MAX(`from`), MIN(`to`) FROM ts1 /* QNO 360 CON_ID 15 */ ", packet_length=65, is_com_multi=false, is_next_command=false) at /data/src/bb-10.5-monty/sql/sql_parse.cc:1827 #36 0x000055f5395d25f9 in do_command (thd=0x7f70c0000b10) at /data/src/bb-10.5-monty/sql/sql_parse.cc:1360 #37 0x000055f5398b5a1c in do_handle_one_connection (connect=0x55f53e59a930, put_in_cache=true) at /data/src/bb-10.5-monty/sql/sql_connect.cc:1413 #38 0x000055f5398b53b6 in handle_one_connection (arg=0x55f53e59a930) at /data/src/bb-10.5-monty/sql/sql_connect.cc:1309 #39 0x00007f713cd704a4 in start_thread (arg=0x7f7130a32700) at pthread_create.c:456 #40 0x00007f713ac7dd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Andrew Hutchings (Inactive) added a comment - 2019-09-30 16:31

Pull request submitted with patch to MariaDB's build system that will use the new OpenSSL locking code in libmarias3 where required.

Andrew Hutchings (Inactive) added a comment - 2019-09-30 16:31 Pull request submitted with patch to MariaDB's build system that will use the new OpenSSL locking code in libmarias3 where required.

Robert Bindar added a comment - 2020-03-27 11:05

Merged in 10.5, thanks LinuxJedi!

Robert Bindar added a comment - 2020-03-27 11:05 Merged in 10.5, thanks LinuxJedi !

MariaDB Server

S3 engine can crash when libcurl is compiled with OpenSSL < 1.1

Details

Description

Attachments

Activity

People

Dates

Git Integration