Comments (8)
Hmmmm.....looking through the involved code, it doesn't seem like there's anything obviously non-multithread-safe. Though I also can't find documentation that the call to mbedtls_pk_sign
in the mbedtls C library is threadsafe. So possibly? It's possible that putting a lock in JSONCredentials
around the private_key
field might help; probably worth a shot.
HTTP.jl itself has had threadsafety issues in the 0.9 releases; the 1.0 release just came out that should resolve those, but I don't think GoogleCloud has updated for compatibility there yet (hopefully not too hard). But it doesn't look like this particular code path deals w/ HTTP.jl at all.
from mbedtls.jl.
Thanks for taking a look, @quinnj . I'm looking at GoogleCloud.jl/src/session.jl:26, and considering I have a shared global GoogleSession
object, I'm wondering if this can cause a problem. One attempt at using locks hasn't solved it, but maybe I need to change the approach. I'm not familiar with how TLS works, but maybe there's a random generator state that cannot be shared across threads? I'm not sure what parts of my code should go into a mutex in that case, or if I should have separate GoogleSession object. I'm not sure that'd be even even possible, so it's confusing.
And that might not be the whole story, because sometimes I get a segfault or a double-free error, the kind of thing we would really call non-thread-safe. But that's more difficult to reproduce.
from mbedtls.jl.
GoogleCloud.jl methods can take an optional session
argument, I believe using that with new sessions every thread has solved my problem. Thanks for the help!
from mbedtls.jl.
I thought the problem was gone after I started using separate session objects, but I've actually got the issue again. I'll try to come up with a minimal example...
from mbedtls.jl.
I have created a short script that reproduces the issue, here's how it goes:
using GoogleCloud
using MD5, Base64
goocredentials = JSONCredentials("mycreds-123443211234.json")
mybucket = "mybucket-1234"
mypaths = ["..." for n in 1:23] ## 54 different files
mydata = map(mypaths) do path
# begin
# @async begin
Threads.@spawn begin
goosession = GoogleSession(goocredentials, ["devstorage.full_control"])
data = storage(:Object, :get, mybucket, path, session=goosession)
end
end
allbytes = reduce(vcat, fetch.(mydata))
@show base64encode(md5(allbytes))
Running with julia -t1
it works, and using either begin
or @async begin
it works. With Threads.@spawn
it reliably breaks with julia -t2
.
I'm sorry I can't share my data, I can try to set up something public if it helps.
It's not always the same error. One of the errors I get is what I'm seeing most often in my real code, nested task error: MbedTLS error code -17280: RSA - The PKCS#1 verification failed
. Other than that, I get things that look like memory allocation errors such as free(): corrupted unsorted chunks
, signal (11): Segmentation fault
and malloc(): smallbin double linked list corrupted
This looks to me like something in MbedTLS not being thread-safe, even with separate GoogleSession
objects.
from mbedtls.jl.
I don't know why I didn't see this before, but there really seem to be known issues with MbedTLS in multiple threads:
Mbed-TLS/mbedtls#3391
Mbed-TLS/mbedtls#3263
I created a PR on GoogleCloud.jl, but should anything be done in this library? At least a warning in the documentation, perhaps?
from mbedtls.jl.
from mbedtls.jl.
Should have been fixed via #245
from mbedtls.jl.
Related Issues (20)
- MbedTLS_jll started failing to load HOT 10
- Cannot create SSLConfig from a single pfx file HOT 1
- Base.lock and Base.unlock not implemented for SSLContext HOT 5
- LoadError: InitError: could not load library "libmbedcrypto.so.5" HOT 1
- Delay after initial write
- No example or function to create an SSLConfig where you need a cert as a client
- TagBot trigger issue HOT 17
- Init error when running relocatable app HOT 1
- MbedTLS 1.1.1 breaks S3.put_object() HOT 17
- MbedTLS 1.1.1 causing issues for authentication on Azure HOT 14
- Cannot find cert.pem in compiled applications HOT 4
- possible performance issue: tiny packets? HOT 3
- possible performance issue: mbedtls_gcm_update CPU utilization HOT 2
- MbedException or IOError? HOT 1
- `encrypt` method mentioned in the documentation does not actually work
- CPU use skyrockets and program bricks when connection closed by server
- MethodError on findfirst instead of "Certificate verification failed" HOT 2
- MbedTLS changed ABI HOT 1
- Feature Request: add support for TLS PSK (pre-shared key)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mbedtls.jl.