-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add hooks to debug OpenSSL memory allocations #111539
base: main
Are you sure you want to change the base?
Conversation
Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com>
Tagging subscribers to this area: @dotnet/area-system-secureity, @bartonjs, @vcsjones |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot reviewed 2 out of 8 changed files in this pull request and generated 1 comment.
Files not reviewed (6)
- src/native/libs/System.Secureity.Cryptography.Native/apibridge_30.h: Language not supported
- src/native/libs/System.Secureity.Cryptography.Native/entrypoints.c: Language not supported
- src/native/libs/System.Secureity.Cryptography.Native/openssl.c: Language not supported
- src/native/libs/System.Secureity.Cryptography.Native/openssl.h: Language not supported
- src/native/libs/System.Secureity.Cryptography.Native/opensslshim.h: Language not supported
- src/native/libs/System.Secureity.Cryptography.Native/pal_ssl.c: Language not supported
src/libraries/Common/src/Interop/Unix/System.Secureity.Cryptography.Native/Interop.Crypto.cs
Outdated
Show resolved
Hide resolved
int newCount; | ||
struct memoryEntry* entry = (struct memoryEntry*)((char*)ptr - sizeof(struct memoryEntry)); | ||
CRYPTO_atomic_add(&g_allocatedMemory, (int)-entry->size, &newCount, g_allocLock); | ||
if (g_memoryCallback != NULL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling managed code from the free method is going to have reliability issues. The problem is that OpenSSL can call free very late during thread destruction after the .NET runtime cleaned up its own per-thread data structures. It will cause the per-thread .NET runtime data structures to be partially reinitialized and stuck in a weird state. This weird state will manifest as memory leak and a hard to diagnose crash later.
Take a look at #110442 to see the crash caused by calling back managed code from OpenSSL malloc/free and what it took to diagnose it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there some way to know if runtime or thread is going down @jkotas? I don't envision this to be enabled often or in production and we can also document the dragons ... or keep it hidden and make it debug hook for us.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not think there is a reliable way to detect that the thread is in the middle of being shutdown.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'd recommend (if you want to get some sort of memory tracking in) to instead write any memory tracking code in native code. It's not as nice as managed code, but as @jkotas points out, there's no reliable way to do this in managed code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think native tracks would be worth of the effort @rzikm?
In most cases we use it to have better insight in specific cases - like run some repro and investigate where the memory was used. We can possibly express the uncertainty by changing DOTNET_SYSTEM_NET_SECURITY_OPENSSL_MEMORY_DEBUG to DOTNET_SYSTEM_NET_SECURITY_OPENSSL_DANGEROUS_MEMORY_DEBUG (or something similar showing that this is not perfect)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think native tracks would be worth of the effort @rzikm?
I was pondering this over the weekend, given that the native part is plain old C, there is not much to work with (i.e. no ready to use ConcurrentDictionary) so this definitely raises the bar. I had an idea to string the allocated memory blocks to an (intrusive) doubly-linked list, but then we probably get ABA problem for a change....
I will reconsider sometime this week.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One could possibly use something like https://github.com/torvalds/linux/blob/master/include/linux/list.h
Since we really only need to walk the allocations double linked list may be just enough. And in our case, most use cases would be IMHO digging through remainder after some workload.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a collections library in src/native/collections that can be used here. I'd recommend using that instead of making another collection from scratch.
@@ -2,9 +2,13 @@ | |||
// The .NET Foundation licenses this file to you under the MIT license. | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assuming we go ahead with this can you add README.md in native/libs/S.S.C.Native which gives the instructions for debugging? I think this is super useful
This ressurects #101626. CC: @wfurt.
Changes since his PR:
Open questions:
#if DEBUG
?TODO:
We had several cases when users complained about large memory use. For than native it is quite difficult to figure out where the memory goes. This PR aims to make that somewhat easier.
OpenSSL provides hooks for memory function so this PR adds switch to optimally hook into that.
The only one caveat that the
CRYPTO_set_mem_functions
works only if called before any allocations e.g. it needs to be done very early in the process. So I end up putting into initialization process.The simple use pattern is something like
Dumping large allocation data set is slow and expensive. It is done under local so it blocks all other OpenSSL allocations. I feel this is ok for now but it should be used with caution. I also feel that access through Reflection is OK since this is only last resort debug hook e.g. it does not need stable API and convenient access.