-
ofrnxmr[m]1
-
ofrnxmr[m]1
It does appear to be a DNS issue (perhaps only people using custom DNS/vpn?).... (full message at
libera.ems.host/_matrix/media/r0/do…72c18a5d6898247e40025f4e9c15fd02ddc)
-
r4v3r23[m]
any update on the multisig audit?
-
r4v3r23[m]
a third party going dark and holding up a release isnt a good look
-
ofrnxmr[m]1
Onion
-
ofrnxmr[m]1
Cake / 3m30s / 2m30s
-
ofrnxmr[m]1
Monerujo / 3m39s / 3m30s
-
selsta
r4v3r23[m]: currently waiting to hear back from trezor when they will release their firmware update
-
selsta
-
selsta
-
r4v3r23[m]
<selsta> "r4v3r23: currently waiting to..." <- so v0.18 won't be dependent on multisig then?
-
selsta
no
-
selsta
it would have been nice if the audit was finished before then but if it won't it also won't hold up the release for an indefinite amount of time
-
selsta
but hardware wallets are important for end users, and that means we have to depend on the availability of external companies
-
r4v3r23[m]
selsta: ok I see, that trezor PR has to be included in v0.18. its not just a trezor-side firmware update
-
selsta
yes, but that trezor PR is ready and can be merged any time, the firmware update is out of our control
-
selsta
jberman did the integration for Ledger, but they also have to do internal testing and I don't know how long that will take
-
selsta
we notified Ledger almost 2 months ago, they did start looking at it until a couple days ago
-
selsta
didn't*
-
r4v3r23[m]
so realistically tag v0.18 when trezor PR gets merged and deal with MS in a .1 update or something
-
selsta
we need to know when Trezor will be available to do the firmware update, we can't put out a release now and then put out a second release with a different fork height, that will split the network unnecessarily
-
r4v3r23[m]
ah ok. got it. id really love to see DIY hwws take over and reduce reliance on these third parties
-
ofrnxmr[m]1
<selsta> "ofrnxmr:
status...." <- Fwiw, for me its been 2+mins on onions for at least 6+ months
-
ofrnxmr[m]1
Get_info loads quicklt
-
selsta
ofrnxmr[m]1: my test Tor tx yesterday was < 2 minutes, but I don't want to do further testing now if the Tor network itself might not be a normal speeds
-
selsta
does this look like some broken system library?
paste.debian.net/hidden/a57cf264
-
selsta
suddenly getting SIGSEGV (Address boundary error) when closing monerod and monero-wallet-cli, but it's not due to a change in monero codebase
-
moneromooo
Looks like it could be dtor ordering.
-
selsta
I didn't have this last week and it suddenly showed up after recompiling from scratch, no code changed
-
moneromooo
Same compiler ?
-
selsta
I updated my compiler 1-2 weeks ago so that's what I suspect currently
-
moneromooo
I'd run with asan and see if anything coes up before that. Like use after free.
-
moneromooo
You'd have to do that with openssl too though.
-
selsta
openssl did have an update today
-
ooo123ooo1234567
is it reproducible ?
-
selsta
yes, happens every time on exit
-
moneromooo
You could also try some small program like... make-mutlisig-something or monero-check-dns, see if that triggers it. If so, simplify till it stops.
-
selsta
will try a couple things (downgrade openssl and compiler) first
-
moneromooo
Or check with monerod --help
-
ooo123ooo1234567
github.com/boostorg/asio/blob/devel…sl/detail/impl/openssl_init.ipp#L90, it's an error within isolated class that init/free openssl for boost::asio
-
selsta
moneromooo: also reproducible with --help
-
moneromooo
That's good. It means you can simplify a whole lot already.
-
ooo123ooo1234567
stackoverflow.com/questions/2984552…ow-to-properly-uninitialize-openssl, in theory it could be something like bad order of init/free functions
-
moneromooo
Try just "return 0;" as first line in main. If that also breaks, it's almost certainly a lgobal scope var somewhere.
-
ooo123ooo1234567
` static boost::asio::detail::shared_ptr<do_init> init(new do_init);` try to create isolated test.cpp that creates this shared_ptr
-
ooo123ooo1234567
`boost::asio::asio::ssl::detail::openssl_init_base::do_init` this object
-
ooo123ooo1234567
s/asio:://
-
ooo123ooo1234567
is it x86_64 mac ?
-
selsta
no, arm mac
-
ooo123ooo1234567
-
selsta
will try
-
selsta
so it does not show up with openssl1.1
-
selsta
seems to be related to openssl 3.0.4 that I installed today
-
ooo123ooo1234567
will you bisect it further to confirm and report openssl bug ?
-
selsta
it can still be some wrong order in our code that only now started to make issues? but yes I'll try to bisect
-
ooo123ooo1234567
selsta: still no isolated test.cpp ?
-
selsta
not yet
-
selsta
confirmed 3.0.3 -> no issues, 3.0.4 -> issues, trying to start bisecting now (had some weird signing issue otherwise i would be further)
-
selsta
-
selsta
-
ooo123ooo1234567
openssl/openssl f9f3096, yes only this one is somehow related to init/free
-
ooo123ooo1234567
-
selsta
another thing i can test it compile openssl-3.0 branch to see if they fixed it already
-
ooo123ooo1234567
-
ooo123ooo1234567
what code do you use for testing ?
-
selsta
monero code or openssl code?
-
selsta
same issue with openssl master
-
ooo123ooo1234567
do you have debug build of openssl ?
-
ooo123ooo1234567
-
ooo123ooo1234567
hmm, was it sigsegv with nullptr ?
-
selsta
-
selsta
this is with openssl debug build
-
ooo123ooo1234567
so it's nullptr
-
ooo123ooo1234567
check when that lock was freed
-
ooo123ooo1234567
is it obvious how to do ?
-
selsta
module_list_lock this pointer? will try to figure it out
-
ooo123ooo1234567
module_lists_free, add breakpoint on this function
-
ooo123ooo1234567
it must be called somewhere before CONF_modules_unload
-
selsta
ooo123ooo1234567:
gui.xmr.pm/files/step.txt say if you need more steps
-
ooo123ooo1234567
github.com/openssl/openssl/blob/master/crypto/conf/conf_mod.c#L524, CONF_modules_unload -> conf_modules_finish_int -> CRYPTO_THREAD_write_lock(module_list_lock)
-
ooo123ooo1234567
`bt`
-
selsta
now, or after every step?
-
ooo123ooo1234567
what is calling OPENSSL_cleanup
-
selsta
-
ooo123ooo1234567
ok, set breakpoint on CONF_modules_unload and continue
-
ooo123ooo1234567
and `bt`
-
ooo123ooo1234567
it's expected that the order is module_lists_free -> CONF_modules_unload, is it true ?
-
selsta
-
ooo123ooo1234567
-
ooo123ooo1234567
openssl/openssl #18226, so there were trying to fix race condition during deinit with lock that can be already freed at that time
-
ooo123ooo1234567
wow
-
ooo123ooo1234567
openssl/openssl f9f3096, this patch should be changed to be sure that lock is always available during deinit of openssl
-
selsta
should I open an issue in openssl repo or is it easy to fix?
-
ooo123ooo1234567
-
ooo123ooo1234567
`g++ -g -std=c++11 /tmp/test.cpp -o test.elf -lcrypto && ./test.elf`
-
selsta
trying to figure out the includes currently
-
ooo123ooo1234567
it's just copy/paste from boost header
-
selsta
-
ooo123ooo1234567
add openssl libs on mac to clang args
-
selsta
I did add -I ~/dev/openssl/include -L ~/dev/openssl
-
selsta
ok
-
selsta
done
-
selsta
does not crash
-
ooo123ooo1234567
paste.debian.net/hidden/eafa61d8, `g++ -g /tmp/test.cpp -o test.elf -lssl -lcrypto && ./test.elf`
-
ooo123ooo1234567
and this ?
-
selsta
also no crash
-
ooo123ooo1234567
ossl_config_modules_free, CONF_modules_unload
-
ooo123ooo1234567
check whether these functions were called and what was the order
-
selsta
first or second test you sent?
-
ooo123ooo1234567
2nd
-
selsta
added breakpoint for both, and it just runs and exits
-
ooo123ooo1234567
indeed
-
ooo123ooo1234567
-
selsta
-
ooo123ooo1234567
different order ?
-
selsta
what order should i change? sorry I'm confused
-
selsta
-
ooo123ooo1234567
-
selsta
also no fail
-
ooo123ooo1234567
hmm
-
ooo123ooo1234567
ossl_config_modules_free, CONF_modules_unload, both are called ?
-
selsta
no, only CONF_modules_unload is called
-
ooo123ooo1234567
OPENSSL_cleanup, check why this function didn't reach ossl_config_modules_free
-
selsta
353 /* If we've not been inited then no need to deinit */ related?
-
selsta
it returns early here
-
ooo123ooo1234567
`OPENSSL_init_ssl(0, NULL);` at the beginning in main
-
ooo123ooo1234567
* `OPENSSL_init_ssl(0, NULL);` add it at the
-
selsta
-
ooo123ooo1234567
-
selsta
yes
-
ooo123ooo1234567
is it 0 ?
-
ooo123ooo1234567
`module_list_lock`
-
selsta
it returns 1
-
selsta
(CRYPTO_RWLOCK *) $0 = 0x0000600003904000
-
ooo123ooo1234567
ossl_config_modules_free, module_lists_free, do_init_module_list_lock, conf_modules_finish_int; track how changed value of that lack between these calls
-
ooo123ooo1234567
it should be 0 at least once
-
ooo123ooo1234567
otherwise there is huge problem in understanding
-
ooo123ooo1234567
* ossl_config_modules_free, module_lists_free, do_init_module_list_lock, conf_modules_finish_int; track how changed value of that lock between these calls
-
selsta
-
» selsta afk for a bit
-
ooo123ooo1234567
paste.debian.net/hidden/fbd1d73d, yes, but for some reason that lock isn't zero after module_lists_free
-
selsta
sorry i messed up
-
selsta
fish: Job 1, './test3.elf' terminated by signal SIGSEGV (Address boundary error)
-
ooo123ooo1234567
wow
-
ooo123ooo1234567
what was the problem ?
-
ooo123ooo1234567
different executable ?
-
selsta
i added the init in the wrong place
-
ooo123ooo1234567
can you share this ?
-
selsta
I had it above the return
-
ooo123ooo1234567
create issue in openssl with that POC
-
selsta
ok will do
-
ooo123ooo1234567
openssl/openssl #18331, it's interesting what exactly all those reviewers checked in the patch
-
ooo123ooo1234567
openssl.org/community/committers.html, " These are the people who can commit changes to the OpenSSL source tree, with appropriate code reviews. ", indeed, appropriate review
-
ooo123ooo1234567
openssl/openssl #18455, that wasn't the only problem with that commit
-
selsta
ooo123ooo1234567: does it look good or what text should i add?
usercontent.irccloud-cdn.com/file/I4z5Tagq/123.png
-
ooo123ooo1234567
paste.debian.net/hidden/79ec99c3, put it into test.c and add output from `gcc -fsanitize=address /tmp/test.c -o test.elf -lcrypto -lssl && ./test.elf`
-
ooo123ooo1234567
but overall it will not help them to fix poor review process
-
ooo123ooo1234567
hmm, why so small stack trace with clang ?
-
selsta
that's what shows up here
-
ooo123ooo1234567
is there gcc for mac ?
-
ooo123ooo1234567
interesting how soon it will be fixed
-
selsta
tried with gcc, it complains about missing -lasan
-
selsta
whatever they can try it themselves
-
ooo123ooo1234567
-fno-omit-frame-pointer
-
ooo123ooo1234567
-
selsta
looks the same
-
ooo123ooo1234567
it's better to use gcc and linux then for more verbose output
-
ooo123ooo1234567
-
ooo123ooo1234567
funny
