-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
px_proxy_factory_get_proxies not thread-safe #68
Comments
Time to revive the dbusify branch... |
Oh wow, I'm seeing a very different variant of this crash: https://retrace.fedoraproject.org/faf/reports/1728624/ Note the nearly 27,000 crash reports... that's an order of magnitude more than the worst I've seen reported in Fedora before. Wow. OK. Anyway, the problem is caused by glib-networking's libproxy-based GProxyResolver calling px_proxy_factory_get_proxies() in a thread. But here we are using the default mozjs38 backend. It just crashes in a similar way because both JS libraries have similar threading requirements. So this crash can be triggered by any application using GSockets. (Including WebKitGTK+ itself, even when libproxy is using the mozjs backend. Nice cyclic dependency there.) GNOME users almost never notice this because glib-networking goes to pains to ensure that libproxy is only used when running outside of GNOME. The exception is if proxy autoconfig is enabled. So I guess almost everyone hitting this crash will be people using GNOME apps in KDE or other desktops. OK, tangent time:
No kidding. On a related note, I'm seriously thinking that glib-networking needs to move its libproxy use beyond another D-Bus boundary. E.g. consider #71, now any gjs application is going to load two incompatible versions of mozjs if glib-networking dlopens libproxy (i.e. when running outside GNOME). I can't imagine that'd be good. Also consider https://blogs.gnome.org/mcatanzaro/2018/02/28/on-setenv-and-explosions/ where my inability to figure out how to safely configure libproxy is the motivation for the blog post. (That theoretical crasher is still unfixed, btw.) Of course, this is all at the glib-networking level. So let's say we create a glib-libproxy-helper binary that would be spoken to via D-Bus, and libproxy creates its own libproxy-javascript-helper binary that it would itself speak to via D-Bus... I guess the end result IPC would be: application -> (D-Bus) -> glib-libproxy-helper -> (D-Bus) -> libproxy-javascript-helper A wonderful special case of that, when using libproxy's JSC backend, would be: WebKitGTK+ -> (D-Bus) -> glib-libproxy-helper -> (D-Bus) -> libproxy-javascript-helper (WebKitGTK+) If that's not wild enough for you, consider the case where we don't create either of those helper processes -- the status quo -- where the application is using a newer or older version of the WebKitGTK+ API. That will result in a sure explosion due to the symbol conflicts, similar to the current case where gjs uses a different version of mozjs than libproxy. We've really got to think this through and stop dlopening each other unexpectedly. The root of the problem is that libproxy isn't prepared at all for the way it's used by GLib. It's not prepared at all to be dlopened by arbitrary applications, applications that don't know anything about libproxy, applications whose maintainers use GNOME and such don't realize that their applications dlopen libproxy when running outside of GNOME. To fix all the problems listed above, we'd need two new helper binaries at the glib-networking level (one for glib-pacrunner to spawn to run setenv(), one for GLibproxyResolver to spawn to use libproxy), in addition to the one that's already there (glib-pacrunner), plus one at the libproxy level (for using JavaScript). Spare me. |
Of course, that one could be avoidable by adding some new libproxy API to tell it to ignore all other configuration and just do proxy autoconfig. |
dbusify would avoid #76 as well |
BTW this issue should be renamed to "px_proxy_factory_get_proxies not thread-safe" |
Nope, we only need the libproxy one. All the problems glib-networking has with libproxy go away if libproxy moves the JavaScript out of process. However, libproxy would need to add new API to handle proxy autoconfig, since glib-pacrunner would no longer be possible (because it works currently by setting and unsetting environment variables, but the libproxy service would not see any of those changes). |
It's reported fixed by this patch:
which Fedora used for a while in the past. See: https://bugzilla.redhat.com/show_bug.cgi?id=1459779 |
Remove nonfunctional and crashy pacrunner caching
In order to reduce the number of environment manipulation for testing purpose, introduce a new config-option property to set config files for tests.
The documentation says:
But it isn't thread-safe. webkitgtk plugin can only be used from one thread, ever, since javascriptcoregtk will find a running GMainLoop and attach timers to it. If the PAC runner is then later run on another thread, bad things will happen.
I recommend that that plugin start a thread of its own and communicate with it.
Backtrace:
The text was updated successfully, but these errors were encountered: