Disable Fiddle test cases making use of FFI closure.

jackorp · jackorp · commit f315aba60fab · 2022-09-06T15:34:37.000+02:00
Fiddle::Closure object is making use of FFI closure from libffi. When such object is created (instantiated) in Ruby, and then the process forks on an SELinux-enabled system, the memory will become corrupted. That is usually not a problem until the The garbage collector sweeps the object and tries to free it, in which case the Ruby process will fail with signal SIGABRT. Tests in test/fiddle/test_closure.rb, test/fiddle/test_func.rb, and test/fiddle/test_function.rb use the `Fiddle::Closure` class directly and fiddle/test_import.rb use the class indirectly through `bind_function` method, therefore they are disabled to prevent introducing the problematic object into the Ruby GC during test suite execution instead of relying on that fork and subsequent garbage collection will not happen. If an FFI closure object is allocated in Ruby and the `fork` function is used afterward, the memory pointing to the closure gets corrupted, and if Ruby GC tries to collect the object in that state, a SIGABRT error occurs. The minimal Ruby reproducer for the issue is the following: ~~~ $ cat fiddle_fork.rb require 'fiddle/closure' require 'fiddle/struct' Fiddle::Closure.new(Fiddle::TYPE_VOID, []) fork { } GC.start ~~~ We allocate an unused Closure object, so it is free for the GC to pick up. Before we call `GC.start` we fork the process as that corrupts the memory. Running this with ruby-3.1.2-167.fc37.x86_64 on SELinux enabled system: ~~~ $ ruby fiddle_fork.rb Aborted (core dumped) ~~~ Such issues may appear at random (depending on the use of forking and GC) in larger applications that use Fiddle::Closure but can be spotted by the following functions appearing in the coredump backtrace: ~~~ 0x00007f6284d3e5b3 in dlfree (mem=<optimized out>) at ../src/dlmalloc.c:4350 0x00007f6284d6d0b1 in dealloc () from /usr/lib64/ruby/fiddle.so 0x00007f6295e432ec in finalize_list () from /lib64/libruby.so.3.1 0x00007f6295e43420 in finalize_deferred.lto_priv () from /lib64/libruby.so.3.1 0x00007f6295e4ff1c in gc_start_internal.lto_priv () from /lib64/libruby.so.3.1 ~~~ Possible solutions to prevent Ruby from crashing: * Do not use Fiddle::Closure. * Use the Fiddle::Closure object only in isolated subprocess that will not fork further. * Enable static trampolines in libffi as noted in bugzilla comment: <https://bugzilla.redhat.com/show_bug.cgi?id=2040380#c9> See related discussion on <https://bugzilla.redhat.com/show_bug.cgi?id=2040380> Ruby upstream ticket: <https://bugs.ruby-lang.org/issues/18914> Ruby Fiddle ticket: <ruby/fiddle#102>
diff --git a/ruby.spec b/ruby.spec
@@ -22,7 +22,7 @@
 %endif
 
 
-%global release 168
+%global release 169
 %{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory tree, since the
@@ -991,6 +991,9 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestReadline#test_interrupt_in_other_thread/"
 # other components are fixed.
 # https://bugzilla.redhat.com/show_bug.cgi?id=2040380
 mv test/fiddle/test_import.rb{,.disable}
+mv test/fiddle/test_closure.rb{,.disable}
+DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunc#test_qsort1/"
+DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/"
 
 # Give an option to increase the timeout in tests.
 # https://bugs.ruby-lang.org/issues/16921
@@ -1546,6 +1549,10 @@ mv test/fiddle/test_import.rb{,.disable}
 
 
 %changelog
+* Fri Sep 02 2022 Jarek Prokop <jprokop@redhat.com> - 3.1.2-169
+- Disable fiddle tests that use FFI closures.
+  Related: rhbz#2040380
+
 * Mon Aug 29 2022 Jun Aruga <jaruga@redhat.com> - 3.1.2-168
 - Make RDoc soft dependnecy in IRB.
   Resolves: rhbz#2119964
