GNU bug report logs - #20145
(guix build download) leaks file descriptor on TLS connections

Previous Next

Package: guix;

Reported by: ludo <at> gnu.org (Ludovic Courtès)

Date: Thu, 19 Mar 2015 18:17:01 UTC

Severity: normal

Merged with 38836, 38857

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 20145 in the body.
You can then email your comments to 20145 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#20145; Package guix. (Thu, 19 Mar 2015 18:17:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to ludo <at> gnu.org (Ludovic Courtès):
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Thu, 19 Mar 2015 18:17:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: bug-guix <at> gnu.org
Subject: (guix build download) leaks file descriptor on TLS connections
Date: Thu, 19 Mar 2015 19:16:24 +0100

When opening an HTTPS connection, the file descriptor beneath the port
returned by ‘tls-wrap’ is leaked.

This is not a problem in most cases (downloads) because the process is
left as soon as the download is over.

This is more problematic for ‘guix lint’, which may open a large number
of HTTPS connections for the ‘source’ and ‘home-page’ checkers when
working on all the packages.

Ludo’.
Reply sent to ludo <at> gnu.org (Ludovic Courtès):
You have taken responsibility. (Thu, 17 Mar 2016 22:58:02 GMT) Full text and rfc822 format available.
Notification sent to ludo <at> gnu.org (Ludovic Courtès):
bug acknowledged by developer. (Thu, 17 Mar 2016 22:58:02 GMT) Full text and rfc822 format available.

Message #10 received at 20145-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: 20145-done <at> debbugs.gnu.org
Subject: Re: bug#20145: (guix build download) leaks file descriptor on TLS
 connections
Date: Thu, 17 Mar 2016 23:57:45 +0100

ludo <at> gnu.org (Ludovic Courtès) skribis:

> When opening an HTTPS connection, the file descriptor beneath the port
> returned by ‘tls-wrap’ is leaked.
>
> This is not a problem in most cases (downloads) because the process is
> left as soon as the download is over.
>
> This is more problematic for ‘guix lint’, which may open a large number
> of HTTPS connections for the ‘source’ and ‘home-page’ checkers when
> working on all the packages.

This is essentially solved by commits
14d6ca3e4dd23ee92adb5e2fcf58546e67534631 and
097a951e96718a037dbfa6d579e2d26f7dab3e82.

One still needs to be careful, though, for instance because closing a
chunked encoding port (which is a custom binary input port wrapped
around the real socket port) still fails to close the raw socket port
that’s behind the TLS session record port.

Ludo’.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 15 Apr 2016 11:24:04 GMT) Full text and rfc822 format available.
bug unarchived. Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Thu, 02 Jan 2020 23:06:01 GMT) Full text and rfc822 format available.
Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 02 Jan 2020 23:06:01 GMT) Full text and rfc822 format available.
Merged 20145 38836 38857. Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Thu, 02 Jan 2020 23:09:01 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#20145; Package guix. (Thu, 02 Jan 2020 23:20:02 GMT) Full text and rfc822 format available.

Message #21 received at 20145 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 20145 <at> debbugs.gnu.org
Cc: Ricardo Wurmus <rekado <at> elephly.net>,
 Valentin Ignatev <valentignatev <at> gmail.com>
Subject: Re: bug#20145: (guix build download) leaks file descriptor on TLS
 connections
Date: Fri, 03 Jan 2020 00:19:19 +0100

Hi,

Back in 2015, I closed <https://issues.guix.gnu.org/issue/20145> saying:

> ludo <at> gnu.org (Ludovic Courtès) skribis:
>
>> When opening an HTTPS connection, the file descriptor beneath the port
>> returned by ‘tls-wrap’ is leaked.
>>
>> This is not a problem in most cases (downloads) because the process is
>> left as soon as the download is over.
>>
>> This is more problematic for ‘guix lint’, which may open a large number
>> of HTTPS connections for the ‘source’ and ‘home-page’ checkers when
>> working on all the packages.
>
> This is essentially solved by commits
> 14d6ca3e4dd23ee92adb5e2fcf58546e67534631 and
> 097a951e96718a037dbfa6d579e2d26f7dab3e82.
>
> One still needs to be careful, though, for instance because closing a
> chunked encoding port (which is a custom binary input port wrapped
> around the real socket port) still fails to close the raw socket port
> that’s behind the TLS session record port.

Unfortunately, the bug just reported by Valentin and by Ricardo are
instances of this problem (at least I checked with crates.io and it
uses chunked encoding, leading to a file descriptor leak):

  https://issues.guix.gnu.org/issue/38857
  https://issues.guix.gnu.org/issue/38836

To be continued…

Ludo’.
Information forwarded to bug-guix <at> gnu.org:
bug#20145; Package guix. (Fri, 03 Jan 2020 12:26:02 GMT) Full text and rfc822 format available.

Message #24 received at 20145 <at> debbugs.gnu.org (full text, mbox):

From: Valentin Ignatev <valentignatev <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Ricardo Wurmus <rekado <at> elephly.net>, 20145 <at> debbugs.gnu.org
Subject: Re: bug#20145: (guix build download) leaks file descriptor on TLS
 connections
Date: Fri, 3 Jan 2020 15:25:20 +0300

Hey Ludo, thanks for providing more info! I understand that the best
way is to fix the leak for good, but I wonder if there's some possible
quick workaround to mitigate the issue in case of a recursive import?
Like giving package definitions for packages that were followed before
exception happened so the person who packages something can go on from
that point, or something like that.

Valentin.
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Fri, 03 Jan 2020 15:13:01 GMT) Full text and rfc822 format available.
Notification sent to ludo <at> gnu.org (Ludovic Courtès):
bug acknowledged by developer. (Fri, 03 Jan 2020 15:13:02 GMT) Full text and rfc822 format available.

Message #29 received at 20145-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 20145-done <at> debbugs.gnu.org
Cc: Ricardo Wurmus <rekado <at> elephly.net>,
 Valentin Ignatev <valentignatev <at> gmail.com>
Subject: Re: bug#20145: (guix build download) leaks file descriptor on TLS
 connections
Date: Fri, 03 Jan 2020 16:12:11 +0100

Hello again!

Ludovic Courtès <ludo <at> gnu.org> skribis:

> Back in 2015, I closed <https://issues.guix.gnu.org/issue/20145> saying:
>
>> ludo <at> gnu.org (Ludovic Courtès) skribis:
>>
>>> When opening an HTTPS connection, the file descriptor beneath the port
>>> returned by ‘tls-wrap’ is leaked.
>>>
>>> This is not a problem in most cases (downloads) because the process is
>>> left as soon as the download is over.
>>>
>>> This is more problematic for ‘guix lint’, which may open a large number
>>> of HTTPS connections for the ‘source’ and ‘home-page’ checkers when
>>> working on all the packages.
>>
>> This is essentially solved by commits
>> 14d6ca3e4dd23ee92adb5e2fcf58546e67534631 and
>> 097a951e96718a037dbfa6d579e2d26f7dab3e82.
>>
>> One still needs to be careful, though, for instance because closing a
>> chunked encoding port (which is a custom binary input port wrapped
>> around the real socket port) still fails to close the raw socket port
>> that’s behind the TLS session record port.
>
> Unfortunately, the bug just reported by Valentin and by Ricardo are
> instances of this problem (at least I checked with crates.io and it
> uses chunked encoding, leading to a file descriptor leak):
>
>   https://issues.guix.gnu.org/issue/38857
>   https://issues.guix.gnu.org/issue/38836

Commit f4cde9ac4aedb516c050a30fd999673da434bfa0 fixes it for good it
seems!  (You can monitor /proc/PID/fd while ‘guix refresh’ or ‘guix
import crate -r’ is running.  :-))

There was also a CRAN-specific FD leak fixed in
af0aefd8c10701fa32341506e36297e5105f6143.

Let me know is anything is amiss!

Ludo’.
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Fri, 03 Jan 2020 15:13:02 GMT) Full text and rfc822 format available.
Notification sent to Ricardo Wurmus <rekado <at> elephly.net>:
bug acknowledged by developer. (Fri, 03 Jan 2020 15:13:02 GMT) Full text and rfc822 format available.
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Fri, 03 Jan 2020 15:13:02 GMT) Full text and rfc822 format available.
Notification sent to Valentin Ignatev <valentignatev <at> gmail.com>:
bug acknowledged by developer. (Fri, 03 Jan 2020 15:13:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 01 Feb 2020 12:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 79 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.