Confusing abort if omit zbox::init_env

vi commented 4 years ago

$ grep '' Cargo.toml src/main.rs
Cargo.toml:[package]
Cargo.toml:name = "zboxtest"
Cargo.toml:version = "0.1.0"
Cargo.toml:authors = ["Vitaly _Vi Shukela <vi0oss@gmail.com>"]
Cargo.toml:edition = "2018"
Cargo.toml:
Cargo.toml:[dependencies]
Cargo.toml:zbox = "0.8.8"
src/main.rs:fn main() {
src/main.rs:    let mut ro = zbox::RepoOpener::new();
src/main.rs:    ro.create(true);
src/main.rs:    let _ = ro.open("mem://1", "123").unwrap();
src/main.rs:}

$ cargo +stable run
   Compiling zboxtest v0.1.0 (/tmp/zboxtest)
    Finished dev [unoptimized + debuginfo] target(s) in 2.78s
     Running `target/debug/zboxtest`
Aborted

$ rust-gdb target/debug/zboxtest
...
Reading symbols from target/debug/zboxtest...done.
(gdb) set pagination off
(gdb) r
Starting program: /tmp/zboxtest/target/debug/zboxtest
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7d23535 in __GI_abort () at abort.c:79
#2  0x00007ffff7f18baa in ?? () from /usr/lib/x86_64-linux-gnu/libsodium.so.23
#3  0x00007ffff7f30f6d in sodium_malloc () from /usr/lib/x86_64-linux-gnu/libsodium.so.23
#4  0x000055555581723a in zbox::base::crypto::SafeBox<T>::new_empty () at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/base/crypto.rs:163
#5  0x0000555555597c0d in zbox::volume::storage::storage::Storage::new (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/volume/storage/storage.rs:155
#6  0x0000555555800ccc in zbox::volume::volume::Volume::new (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/volume/volume.rs:42
#7  0x0000555555589519 in zbox::fs::fs::Fs::exists (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/fs/fs.rs:117
#8  0x000055555568d9b5 in zbox::repo::Repo::exists (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/repo.rs:690
#9  0x000055555568d702 in zbox::repo::RepoOpener::open (self=0x7fffffffde60, uri=..., pwd=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/repo.rs:255
#10 0x0000555555583c6a in zboxtest::main () at src/main.rs:4

(gdb) bt full
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = {__val = {0, 93824995295795, 140737350978536, 9017741398554141237, 7317851294820925299, 9017741398554141236, 7317851294820925299, 93824995295020, 0, 9017741398554141237, 140737350978536, 7317851294820925299, 9017741398554141236, 7317851294820925299, 140737350978536, 8}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
#1  0x00007ffff7d23535 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x55555593bb00, sa_sigaction = 0x55555593bb00}, sa_mask = {__val = {93824994950420, 93824996326144, 93824996326144, 93824996326144, 93824993490596, 93824996326144, 93824996326144, 93824996326144, 93824992490148, 93824996326144, 93824996326144, 93824996326144, 93824993288182, 140737488343024, 93824996326144, 93824996326144}}, sa_flags = 1, sa_restorer = 0x1}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff7f18baa in ?? () from /usr/lib/x86_64-linux-gnu/libsodium.so.23
No symbol table info available.
#3  0x00007ffff7f30f6d in sodium_malloc () from /usr/lib/x86_64-linux-gnu/libsodium.so.23
No symbol table info available.
#4  0x000055555581723a in zbox::base::crypto::SafeBox<T>::new_empty () at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/base/crypto.rs:163
        size = 32
#5  0x0000555555597c0d in zbox::volume::storage::storage::Storage::new (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/volume/storage/storage.rs:155
        frame_cache = zbox::base::lru::Lru<usize, alloc::vec::Vec<u8>, zbox::volume::storage::storage::FrameCacheMeter, zbox::base::lru::PinChecker<alloc::vec::Vec<u8>>> {capacity: 4194304, used: 0, map: linked_hash_map::LinkedHashMap<usize, alloc::vec::Vec<u8>, std::collections::hash::map::RandomState> {map: std::collections::hash::map::HashMap<linked_hash_map::KeyRef<usize>, *mut linked_hash_map::Node<usize, alloc::vec::Vec<u8>>, std::collections::hash::map::RandomState> {base: hashbrown::map::HashMap<linked_hash_map::KeyRef<usize>, *mut linked_hash_map::Node<usize, alloc::vec::Vec<u8>>, std::collections::hash::map::RandomState> {hash_builder: std::collections::hash::map::RandomState {k0: 9017741398554141236, k1: 7317851294820925299}, table: hashbrown::raw::RawTable<(linked_hash_map::KeyRef<usize>, *mut linked_hash_map::Node<usize, alloc::vec::Vec<u8>>)> {bucket_mask: 0, ctrl: core::ptr::non_null::NonNull<u8> {pointer: 0x555555880b00 '\377' <repeats 16 times>, "\000"}, data: core::ptr::non_null::NonNull<(linked_hash_map::KeyRef<usize>, *mut linked_hash_map::Node<usize, alloc::vec::Vec<u8>>)> {pointer: 0x8}, growth_left: 0, items: 0, marker: core::marker::PhantomData<(linked_hash_map::KeyRef<usize>, *mut linked_hash_map::Node<usize, alloc::vec::Vec<u8>>)>}}}, head: 0x0, free: 0x0}, meter: zbox::volume::storage::storage::FrameCacheMeter, pin_ckr: zbox::base::lru::PinChecker<alloc::vec::Vec<u8>> {_marker: core::marker::PhantomData<alloc::vec::Vec<u8>>}}
        depot = zbox::volume::storage::Box<Storable> {pointer: 0x55555593ba80 "`\272\223UUU\000", vtable: 0x555555926220}
#6  0x0000555555800ccc in zbox::volume::volume::Volume::new (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/volume/volume.rs:42
        info = zbox::volume::volume::Info {id: zbox::trans::eid::Eid ([0 <repeats 32 times>]), ver: zbox::base::version::Version {major: 0, minor: 0, patch: 0}, uri: "mem://1", compress: false, cost: zbox::base::crypto::Cost {ops_limit: zbox::base::crypto::OpsLimit::Interactive, mem_limit: zbox::base::crypto::MemLimit::Interactive}, cipher: zbox::base::crypto::Cipher::Xchacha, ctime: zbox::base::time::Time (core::time::Duration {secs: 0, nanos: 0})}
#7  0x0000555555589519 in zbox::fs::fs::Fs::exists (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/fs/fs.rs:117
No locals.
#8  0x000055555568d9b5 in zbox::repo::Repo::exists (uri=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/repo.rs:690
No locals.
#9  0x000055555568d702 in zbox::repo::RepoOpener::open (self=0x7fffffffde60, uri=..., pwd=...) at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/repo.rs:255
No locals.
#10 0x0000555555583c6a in zboxtest::main () at src/main.rs:4
        ro = zbox::repo::RepoOpener {cfg: zbox::fs::Config {cost: zbox::base::crypto::Cost {ops_limit: zbox::base::crypto::OpsLimit::Interactive, mem_limit: zbox::base::crypto::MemLimit::Interactive}, cipher: zbox::base::crypto::Cipher::Xchacha, compress: false, opts: zbox::fs::Options {version_limit: 1, dedup_chunk: false}}, create: true, create_new: false, read_only: false, force: false}

$ rustc +stable --version
rustc 1.39.0 (4560ea788 2019-11-04)
$ apt policy libsodium23
libsodium23:
  Installed: 1.0.17-1

vi commented 4 years ago

Also happens with zbox = {version = "0.8.8", features=["libsodium-bundled"]}:

#1  0x00007ffff7d7a535 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x555555977b00, sa_sigaction = 0x555555977b00}, sa_mask = {__val = {93824996571904, 93824996571904, 93824994973876, 93824996571904, 93824996571904, 93824996571904, 93824993494580, 93824996571904, 93824996571904, 93824996571904, 93824992494356, 93824996571904, 93824996571904, 93824996571904, 93824993294774, 140737488343024}}, sa_flags = 1435990784, sa_restorer = 0x555555977b00}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x0000555555584245 in sodium_misuse () at sodium/core.c:199
        handler = <optimized out>
#3  0x0000555555826bfd in _sodium_malloc (size=<optimized out>) at sodium/utils.c:578
        user_ptr = <optimized out>
        base_ptr = <optimized out>
        total_size = <optimized out>
        canary_ptr = <optimized out>
        unprotected_ptr = <optimized out>
        size_with_canary = <optimized out>
        unprotected_size = <optimized out>
        user_ptr = <optimized out>
        base_ptr = <optimized out>
        canary_ptr = <optimized out>
        unprotected_ptr = <optimized out>
        size_with_canary = <optimized out>
        total_size = <optimized out>
        unprotected_size = <optimized out>
        __PRETTY_FUNCTION__ = "_sodium_malloc"
#4  sodium_malloc (size=<optimized out>) at sodium/utils.c:610
        ptr = <optimized out>
#5  0x000055555581d29a in zbox::base::crypto::SafeBox<T>::new_empty () at /home/vi/.cargo/registry/src/github.com-1ecc6299db9ec823/zbox-0.8.8/src/base/crypto.rs:163
        size = 32

$ cc --version
cc (Debian 8.3.0-6) 8.3.0

vi commented 4 years ago

Found out about sodium_init, then about zbox::init_env. Now it works.

Is an abort (but not undefined behaviour) guranteed if trying to use Zbox without init_env? Otherwise RepoOpener::open should be an unsafe fn.

I think there should be assert! or debug_assert! (or even just a regular Err from RepoOpener::open) to render better error message in this case.

burmecia commented 4 years ago

As init_env is part of the basic API contract, I'd prefer use debug_assert!. Thank you for your advice.

vi commented 4 years ago

Why init_env isn't done automatically on each RepoOpener::open?

vi commented 4 years ago

As init_env is part of the basic API contract, I'd prefer use debug_assert!

Can the function that is called to start using ZboxFS remain safe (non-unsafe) in this case? What properties are guranteed when using libsodium without sodium_init?

burmecia commented 4 years ago

Why init_env isn't done automatically on each RepoOpener::open?

That's because RepoOpener::open is not the only one entry point. If we call init_env in that place, we might need to do the same and add it everywhere in all the other possible entry points. That is superfluous, so I'd prefer to leave it as a contract of the API.

burmecia commented 4 years ago

As init_env is part of the basic API contract, I'd prefer use debug_assert!

Can the function that is called to start using ZboxFS remain safe (non-unsafe) in this case? What properties are guranteed when using libsodium without sodium_init?

If sodium_init is not called, the behavior is not specified in libsodium document but most likely it will crash as I've seen it many times in different environments. Also, maybe you can ask libsodium author directly in this issue: https://github.com/jedisct1/libsodium/issues/908

zboxfs / zbox

Confusing abort if omit zbox::init_env #64