GNU bug report logs - #53005
cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: serious; Reported by: Simon South <simon@HIDDEN>; Keywords: patch; dated Tue, 4 Jan 2022 14:38:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 53005 <at> debbugs.gnu.org:


Received: (at 53005) by debbugs.gnu.org; 12 Jan 2022 21:22:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jan 12 16:22:34 2022
Received: from localhost ([127.0.0.1]:59285 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n7l4k-00071g-5V
	for submit <at> debbugs.gnu.org; Wed, 12 Jan 2022 16:22:34 -0500
Received: from mailout.easymail.ca ([64.68.200.34]:48496)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@HIDDEN>) id 1n7l4i-00071D-Ee
 for 53005 <at> debbugs.gnu.org; Wed, 12 Jan 2022 16:22:32 -0500
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id 8BB4E6EEB5;
 Wed, 12 Jan 2022 21:22:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo05-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo05-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id G_cGWc6vNEZk; Wed, 12 Jan 2022 21:22:26 +0000 (UTC)
Received: from laptop (23-233-96-244.cpe.pppoe.ca [23.233.96.244])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id 375E76DA55;
 Wed, 12 Jan 2022 21:22:26 +0000 (UTC)
From: Simon South <simon@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#53005: [PATCH 1/1] gnu: glibc: Preserve
 "__pthread_key_create" symbol.
References: <cover.1641856285.git.simon@HIDDEN>
 <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@HIDDEN>
 <Yd8qUwGKBIZPG0P9@HIDDEN>
Date: Wed, 12 Jan 2022 16:22:27 -0500
In-Reply-To: <Yd8qUwGKBIZPG0P9@HIDDEN> (Leo Famulari's message of "Wed,
 12 Jan 2022 14:21:55 -0500")
Message-ID: <878rvkodik.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 53005
Cc: 53005 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Leo Famulari <leo@HIDDEN> writes:
> First, how was the LUKS2 volume created? Was it created by Guix
> System?

No, this would've been a volume I created myself; I expect only users
who are partitioning their drives manually or replacing an existing
system would encounter this.  The Guix manual actually instructs users
to select a different PBKDF algorithm[0] for compatibility with GRUB,
one that by coincidence does not appear to be affected[1].

However, remember this problem potentially affects _all_ packages that
use threads in C or C++.  It appears that dynamically-linked executables
(i.e. the vast majority) generally sidestep the problem by avoiding any
"dangerous" methods in libgcc, but there could still be crashing bugs
elsewhere waiting to be discovered.

> Is Guix doing something wrong that requires the workaround?

This is all a consequence of stripping libraries with the
"--strip-unneeded" option instead of "--strip-debug"[2], in the interest
of reducing store sizes.  The man page for "strip" describes it like
this:

  --strip-unneeded
      Remove all symbols that are not needed for relocation processing.

My personal opinion is that this option makes sense for executables but
is too aggressive to use on libraries.

  - Unlike executables, we generally want to do more with a library than
    just relocate it.

  - Providing a rich set of symbols is normally a desirable feature of a
    library and not a bug.

  - Only at link time is it possible to say which of a library's symbols
    are truly relevant; therefore, the selection of symbols to retain
    should logically be performed by the linker, not an automated step
    during the library's packaging (outside of any link context).

    Specifically, it's impossible for us to predict cases like this one,
    where a symbol not obviously needed to use a library is nonetheless
    relied on by an application.

However, Guix's gnu-build-system provides only a single "#:strip-flags"
argument that is applied to all of a package's binaries.  So, as an
alternative solution, we could either extend that mechanism to allow
different sets of flags to be applied to different types of binaries, or
revert the changes (commits f32a6055a5 and e0f31baacc) altogether.  I
didn't expect either of those options would be popular, and truthfully,
everything does appear to work okay (for now) with only this one change
to glibc.

[0] https://guix.gnu.org/en/manual/devel/en/html_node/Keyboard-Layout-and-Networking-and-Partitioning.html#Disk-Partitioning
[1] But then, neither GRUB nor the Guix installer are commonly used on
    non-Intel systems.
[2] Originally proposed in https://issues.guix.gnu.org/42555

-- 
Simon South
simon@HIDDEN




Information forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.

Message received at 53005 <at> debbugs.gnu.org:


Received: (at 53005) by debbugs.gnu.org; 12 Jan 2022 19:22:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jan 12 14:22:05 2022
Received: from localhost ([127.0.0.1]:59148 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n7jC9-0003nK-Gq
	for submit <at> debbugs.gnu.org; Wed, 12 Jan 2022 14:22:05 -0500
Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:44229)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1n7jC7-0003mo-TE
 for 53005 <at> debbugs.gnu.org; Wed, 12 Jan 2022 14:22:04 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.west.internal (Postfix) with ESMTP id 0E0AE3200F76;
 Wed, 12 Jan 2022 14:21:57 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Wed, 12 Jan 2022 14:21:58 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=4iZn2xMMOw1pkvR1WI3MyJhR
 rYTAjT4ogJA227BMG6o=; b=hL3jy6FC7eF+wwq5iGF91sG0tzGfvtN2HXdgf9kV
 bK5aRu0wbizMkhnX1ySgl/x0oJv1QaFKSFSCpgux1CFxJDV9f25CC8T90PcBS/Dy
 JEeyEFKi5tMkQaGcvNXp025n3WoahepI8GZ9e68OFsZb3rYa3R1u1N/dok9VYksO
 7co=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=4iZn2x
 MMOw1pkvR1WI3MyJhRrYTAjT4ogJA227BMG6o=; b=gkCFY3cU6qaaPjWxh3y8N4
 QpMSnvJHcJrIemGHj9fWfdESrhKR5t8TdY1LWLXzoTh4frI+taewwF+M3RA6CDKR
 lPhPaCcRhswJwZWDezJiixYYX857j6AHTRlAf/EkEMSFzSCpn8mXLTxFyh0deWOj
 xai+5ip2iCLNhStqlKCdV62VHe1kDZef2vhY19PGO7mmoP4IQnMrfK/mcViv9RJ7
 yT8Oo2CeRcBwWwfVnicp8KLLuvO9ue3v0yct40aYsz4O4RW5fjQOO+s5s7NiZl6i
 Wk36aOtYgFT3MaDzOImUeG4Wbw97ljCee8yata7m6sj6grpvTCGWLmeEJF4QkkMQ
 ==
X-ME-Sender: <xms:VSrfYRcQsMhYG46kKc4X9wN5xyTmCQN1Rja6X4CmDdabYhRarQDELg>
 <xme:VSrfYfOflbBs4T8XyBoMPLuzY7s7fO2S3reAxM8f5uBArgCXK2gfucukNi-7usi3Z
 n4P3SnVm83BHLJLPQ>
X-ME-Received: <xmr:VSrfYajEzcLzWiru3YbxqAClctVtERGx52BW4z4rXZqhwSerWVnGe3EXlmKdQhc4C4XErUXjJ-W6MLN2QNlTvkqAXw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrtddugdellecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
 fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr
 mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg
 hrnhepvddvudegffefiedttdfhfedvuefhgfekieekgeekveetgefhfeetgfegueduffei
 necuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrg
 hrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:VSrfYa8XDxBpI9MCvlZ9_PDJt8aEi39gCPv5X6Qp1Dhl-5EgxbYbpA>
 <xmx:VSrfYdsTTDlJQpoC3PN5DZ81K2TvZFkMc8YD5XUl5vJ6F1C3n-dwmg>
 <xmx:VSrfYZHSBXi2IBSWllKTTcA8wX_4Fcyxvs7PToZ2RUsIm-GldUawkQ>
 <xmx:VSrfYb3OP9a8Y_Fo1TrTDtOJMKlrYCQ9BHo5Gl4nj6qEEfJ3h7xOhw>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 12 Jan 2022 14:21:57 -0500 (EST)
Date: Wed, 12 Jan 2022 14:21:55 -0500
From: Leo Famulari <leo@HIDDEN>
To: Simon South <simon@HIDDEN>
Subject: Re: bug#53005: [PATCH 1/1] gnu: glibc: Preserve
 "__pthread_key_create" symbol.
Message-ID: <Yd8qUwGKBIZPG0P9@HIDDEN>
References: <cover.1641856285.git.simon@HIDDEN>
 <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53005
Cc: 53005 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Mon, Jan 10, 2022 at 06:34:26PM -0500, Simon South wrote:
> Avoid a potential crash in multithreaded applications by preserving the
> pthread library's "__pthread_key_create" symbol, used by libgcc to detect the
> use of threads in an application.
> 
> Fixes <https://issues.guix.gnu.org/53005>.
> 
> * gnu/packages/base.scm (glibc)[arguments]: Add "#:strip-flags" with
> "--keep-symbol=__pthread_key_create" appended to the default set.

Thanks for analysing this bug and sending a patch.

Because the proposed fix changes glibc, it will require rebuilding the
entire distro. That's expensive, so, we need to think about it some more
before deciding what to do.

First, how was the LUKS2 volume created? Was it created by Guix System?
Is it the default type of LUKS volume created by Guix? I see that our
cryptsetup package has "with-default-luks-format=LUKS1". I'm trying to
understand how many users will be affected by this bug.

Second, do other distros have to apply the same workaround with
'--keep-symbol'? Like, is this problem widespread? Is Guix doing
something wrong that requires the workaround?

Sorry if you already answered these questions in your previous messages.




Information forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.
Added tag(s) patch. Request was from Simon South <simon@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 53005 <at> debbugs.gnu.org:


Received: (at 53005) by debbugs.gnu.org; 10 Jan 2022 23:35:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 10 18:35:05 2022
Received: from localhost ([127.0.0.1]:53546 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n74Bs-0005Uy-KH
	for submit <at> debbugs.gnu.org; Mon, 10 Jan 2022 18:35:04 -0500
Received: from mailout.easymail.ca ([64.68.200.34]:60586)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@HIDDEN>) id 1n74Bp-0005UD-PI
 for 53005 <at> debbugs.gnu.org; Mon, 10 Jan 2022 18:35:03 -0500
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id 158302D57D
 for <53005 <at> debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo02-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id BcsIajboVB4z for <53005 <at> debbugs.gnu.org>;
 Mon, 10 Jan 2022 23:34:55 +0000 (UTC)
Received: from localhost.localdomain (23-233-96-244.cpe.pppoe.ca
 [23.233.96.244])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id ACE712D554
 for <53005 <at> debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:55 +0000 (UTC)
From: Simon South <simon@HIDDEN>
To: 53005 <at> debbugs.gnu.org
Subject: Re: bug#53005: cryptsetup-static aborts opening LUKS2 volume with
 Argon2i PBKDF
Date: Mon, 10 Jan 2022 18:34:25 -0500
Message-Id: <cover.1641856285.git.simon@HIDDEN>
X-Mailer: git-send-email 2.34.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 53005
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Here's a patch that fixes this problem by modifying the glibc package so the
"__pthread_key_create" symbol in its pthread library is preserved, as opposed
to being stripped off as it is today.

This tests fine for me on both AArch64 and x86-64: Stepping through the code
in gdb I can see libgcc's __gthread_active_p() is now returning true, and both
cryptsetup tools now open a LUKS2 volume without issue.  So far nothing else
seems to be affected.

This is the smallest and least-intrusive fix I can think of though I expect it
will still result in a large number of packages being rebuilt.

--
Simon South
simon@HIDDEN


Simon South (1):
  gnu: glibc: Preserve "__pthread_key_create" symbol.

 gnu/packages/base.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)


base-commit: e2d8125a5c6d4338749e6bf8882f220395b25275
-- 
2.34.0





Information forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.

Message received at 53005 <at> debbugs.gnu.org:


Received: (at 53005) by debbugs.gnu.org; 10 Jan 2022 23:35:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 10 18:35:04 2022
Received: from localhost ([127.0.0.1]:53544 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n74Bs-0005Uw-8T
	for submit <at> debbugs.gnu.org; Mon, 10 Jan 2022 18:35:04 -0500
Received: from mailout.easymail.ca ([64.68.200.34]:60592)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@HIDDEN>) id 1n74Bp-0005UE-Mj
 for 53005 <at> debbugs.gnu.org; Mon, 10 Jan 2022 18:35:03 -0500
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id 2CF292D554
 for <53005 <at> debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo02-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XBNMhPsRTTVy for <53005 <at> debbugs.gnu.org>;
 Mon, 10 Jan 2022 23:34:55 +0000 (UTC)
Received: from localhost.localdomain (23-233-96-244.cpe.pppoe.ca
 [23.233.96.244])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id CA0762D570
 for <53005 <at> debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:55 +0000 (UTC)
From: Simon South <simon@HIDDEN>
To: 53005 <at> debbugs.gnu.org
Subject: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol.
Date: Mon, 10 Jan 2022 18:34:26 -0500
Message-Id: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@HIDDEN>
X-Mailer: git-send-email 2.34.0
In-Reply-To: <cover.1641856285.git.simon@HIDDEN>
References: <cover.1641856285.git.simon@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 53005
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Avoid a potential crash in multithreaded applications by preserving the
pthread library's "__pthread_key_create" symbol, used by libgcc to detect the
use of threads in an application.

Fixes <https://issues.guix.gnu.org/53005>.

* gnu/packages/base.scm (glibc)[arguments]: Add "#:strip-flags" with
"--keep-symbol=__pthread_key_create" appended to the default set.
---
 gnu/packages/base.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 12e4de52d4..68c85dcdd5 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -795,6 +795,16 @@ (define-public glibc
                   '()))
 
       #:tests? #f                                 ; XXX
+
+      #:strip-flags '("--strip-unneeded"
+                      "--enable-deterministic-archives"
+
+                      ;; Preserve the symbol "__pthread_key_create" in the
+                      ;; pthread library as this is used by libgcc to detect
+                      ;; the use of threads in an application.
+                      ;; See https://issues.guix.gnu.org/53005.
+                      "--keep-symbol=__pthread_key_create")
+
       #:phases (modify-phases %standard-phases
                  (add-before
                   'configure 'pre-configure
-- 
2.34.0





Information forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.
Severity set to 'serious' from 'normal' Request was from Leo Famulari <leo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 53005 <at> debbugs.gnu.org:


Received: (at 53005) by debbugs.gnu.org; 8 Jan 2022 01:52:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 07 20:52:41 2022
Received: from localhost ([127.0.0.1]:46116 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n60uP-0003jm-8H
	for submit <at> debbugs.gnu.org; Fri, 07 Jan 2022 20:52:41 -0500
Received: from mailout.easymail.ca ([64.68.200.34]:48606)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@HIDDEN>) id 1n60uM-0003jX-9e
 for 53005 <at> debbugs.gnu.org; Fri, 07 Jan 2022 20:52:40 -0500
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id 10D2B80588
 for <53005 <at> debbugs.gnu.org>; Sat,  8 Jan 2022 01:52:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo03-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo03-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IO78A-Khw3_o for <53005 <at> debbugs.gnu.org>;
 Sat,  8 Jan 2022 01:52:31 +0000 (UTC)
Received: from laptop (23-233-96-244.cpe.pppoe.ca [23.233.96.244])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id C9AFC8051A
 for <53005 <at> debbugs.gnu.org>; Sat,  8 Jan 2022 01:52:31 +0000 (UTC)
From: Simon South <simon@HIDDEN>
To: 53005 <at> debbugs.gnu.org
Subject: Re: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
Date: Fri, 07 Jan 2022 20:52:31 -0500
Message-ID: <87ee5jt2n4.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 53005
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

After some testing I've found the regression was introduced in commits
f32a6055a5 and e0f31baacc, "build-system/gnu: strip with
--strip-unneeded", which replace "--strip-debug" with "--strip-unneeded"
for packages that use the GNU build system.  It seems this is now
stripping a bit too much.

The solution may be as simple as undoing this change in (at least) the
"static-package" function (guix/build-system/gnu.scm:211).
Alternatively we may need to add a "--keep-symbol" flag in a few places.

I'm continuing to investigate.

-- 
Simon South
simon@HIDDEN




Information forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.

Message received at 53005 <at> debbugs.gnu.org:


Received: (at 53005) by debbugs.gnu.org; 4 Jan 2022 14:45:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 04 09:45:02 2022
Received: from localhost ([127.0.0.1]:37191 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n4l3d-00033g-FZ
	for submit <at> debbugs.gnu.org; Tue, 04 Jan 2022 09:45:02 -0500
Received: from mailout.easymail.ca ([64.68.200.34]:34982)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@HIDDEN>) id 1n4l3b-00033S-9X
 for 53005 <at> debbugs.gnu.org; Tue, 04 Jan 2022 09:45:00 -0500
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id 82A8C415B6
 for <53005 <at> debbugs.gnu.org>; Tue,  4 Jan 2022 14:44:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo02-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id QUltsVj00FPE for <53005 <at> debbugs.gnu.org>;
 Tue,  4 Jan 2022 14:44:53 +0000 (UTC)
Received: from mars (23-233-96-244.cpe.pppoe.ca [23.233.96.244])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id 3C6BA41329
 for <53005 <at> debbugs.gnu.org>; Tue,  4 Jan 2022 14:44:53 +0000 (UTC)
From: Simon South <simon@HIDDEN>
To: 53005 <at> debbugs.gnu.org
Subject: Re: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
Date: Tue, 04 Jan 2022 09:44:52 -0500
Message-ID: <87sfu31rx7.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 53005
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

This seems to be caused by the symbol "__pthread_key_create" being
absent from cryptsetup's symbol table during linking, even though it is
meant to be exported explicitly by glibc.

The fundamental issue is that cryptsetup's Argon2i implementation (and
thus cryptsetup itself) is multithreaded, but libgcc[0], a low-level
runtime library used by the compiler, is unaware of this fact.
Consequently libgcc's stack-unwinding code skips the use of a mutex that
would normally synchronize data access among multiple threads, allowing
a race condition to develop when two or more threads try to exit
simultaneously.

One thread will fail to locate its frame-descriptor entry, causing NULL
to be returned by libgcc's _Unwind_Find_FDE() function
(libgcc/unwind-dw2-fde.c:1029), leading to an assertion failing (in
uw_init_context_1() at libgcc/unwind-dw2.c:1593) and abort() being
called, terminating the process.

The underlying failure is indicated in a comment in gcc's code, at
libgcc/gthr-posix.h:215.  libgcc uses the presence of specific symbols
in a program's symbol table to infer whether or not the program is
multithreaded:

   For a program to be multi-threaded the only thing that it certainly
   must be using is pthread_create.  However, there may be other
   libraries that intercept pthread_create with their own definitions to
   wrap pthreads functionality for some purpose.  In those cases,
   pthread_create being defined might not necessarily mean that
   libpthread is actually linked in.

   For the GNU C library, we can use a known internal name.  This is
   always available in the ABI, but no other library would define it.
   That is ideal, since any public pthread function might be intercepted
   just as pthread_create might be.  __pthread_key_create is an
   "internal" implementation symbol, but it is part of the public
   exported ABI.  Also, it's among the symbols that the static
   libpthread.a always links in whenever pthread_create is used, so
   there is no danger of a false negative result in any
   statically-linked, multi-threaded program.

It seems the final sentence is no longer true, at least in recent
versions of Guix.

Building the "cryptsetup-static" package with "#:strip-binaries? #f" and
dumping the resulting binary's symbol table with "objdump -t" shows
"pthread_create" is present but not "__pthread_key_create".  This seems
to be why libgcc's __gthread_active_p() always returns false, turning
wrapper functions like __gthread_mutex_lock() into no-ops and
effectively disabling the use of the mutex in _Unwind_Find_FDE().

The question then is why this symbol either is no longer being exported
by glibc or is being dropped at some point during cryptsetup's
compilation.  (Other packages may be affected as well: Even the regular,
dynamically-linked cryptsetup shows this problem, but avoids a crash by
not invoking libgcc's stack-unwinding routines.)

I'll keep working on this but having gotten this far, I'm hoping someone
else has some insight.

[0] https://gcc.gnu.org/onlinedocs/gccint/Libgcc.html

-- 
Simon South
simon@HIDDEN




Information forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 4 Jan 2022 14:37:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 04 09:37:10 2022
Received: from localhost ([127.0.0.1]:37178 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1n4kw2-0002pa-In
	for submit <at> debbugs.gnu.org; Tue, 04 Jan 2022 09:37:10 -0500
Received: from lists.gnu.org ([209.51.188.17]:51348)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@HIDDEN>) id 1n4kvy-0002pP-5A
 for submit <at> debbugs.gnu.org; Tue, 04 Jan 2022 09:37:09 -0500
Received: from eggs.gnu.org ([209.51.188.92]:46834)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@HIDDEN>)
 id 1n4kvw-00057d-Dn
 for bug-guix@HIDDEN; Tue, 04 Jan 2022 09:37:05 -0500
Received: from mailout.easymail.ca ([64.68.200.34]:51134)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@HIDDEN>)
 id 1n4kvs-0006Gr-HU
 for bug-guix@HIDDEN; Tue, 04 Jan 2022 09:37:02 -0500
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id A6E60C7F25
 for <bug-guix@HIDDEN>; Tue,  4 Jan 2022 14:36:58 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo01-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo01-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id drz7Gi5X590v for <bug-guix@HIDDEN>;
 Tue,  4 Jan 2022 14:36:58 +0000 (UTC)
Received: from mars (23-233-96-244.cpe.pppoe.ca [23.233.96.244])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id 6033AC7F1A
 for <bug-guix@HIDDEN>; Tue,  4 Jan 2022 14:36:58 +0000 (UTC)
From: Simon South <simon@HIDDEN>
To: bug-guix@HIDDEN
Subject: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
Date: Tue, 04 Jan 2022 09:36:57 -0500
Message-ID: <87v8yz1sae.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=64.68.200.34; envelope-from=simon@HIDDEN;
 helo=mailout.easymail.ca
X-Spam_score_int: -22
X-Spam_score: -2.3
X-Spam_bar: --
X-Spam_report: (-2.3 / 5.0 requ) RCVD_IN_DNSWL_MED=-2.3,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Currently cryptsetup from the "cryptsetup-static" package is unable to
open LUKS2 encrypted volumes that use the Argon2i key-derivation
algorithm, the default for LUKS2.  It catches SIGABRT and exits without
opening the volume.

This appears to be a regression following the merge of the
core-updates-frozen branch and because of it, I'm unable to boot into an
up-to-date system as there is no way to get past the "Enter passphrase"
prompt at startup.

I've verified this on both AArch64 and x86-64.  To reproduce:

1. Ensure the "cryptsetup" package is installed in your profile and that
   "cryptsetup-static", the statically-linked equivalent added to the
   initrd and used during startup, is available on your system:

     guix install cryptsetup
     guix build --verbosity=2 cryptsetup-static

2. Create a file containing a dummy LUKS2 volume:

     truncate -s 32M ./dummy-luks-volume
     cryptsetup luksFormat --type luks2 ./dummy-luks-volume

   Make sure the Argon2i PBKDF algorithm was selected during formatting:

     cryptsetup luksDump ./dummy-luks-volume | grep argon

   This should output "PBKDF: argon2i".

3. Verify the volume can be opened using the regular cryptsetup tool:

     sudo cryptsetup open --type luks ./dummy-luks-volume dummy-volume
     ls /dev/mapper/dummy-volume
     sudo cryptsetup close /dev/mapper/dummy-volume

4. Now try opening the volume using the statically-linked cryptsetup:

     sudo `guix build cryptsetup-static`/sbin/cryptsetup open \
       --type luks ./dummy-luks-volume dummy-volume
     ls /dev/mapper/dummy-volume

You should find (on most runs, at least) after you enter the passphrase
the tool exits with "Aborted" and with no entry added beneath
/dev/mapper.

-- 
Simon South
simon@HIDDEN




Acknowledgement sent to Simon South <simon@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#53005; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 12 Jan 2022 21:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.