Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GH-43946: [C++][Parquet] Guard against use of cleared decryptor/encryptor #43947

Merged
merged 2 commits into from
Sep 5, 2024

Conversation

pitrou
Copy link
Member

@pitrou pitrou commented Sep 4, 2024

This is to get a clearer error rather than an obscure crash, see #43057 for an example.

@pitrou pitrou requested a review from wgtmac as a code owner September 4, 2024 09:38
Copy link

github-actions bot commented Sep 4, 2024

⚠️ GitHub issue #43946 has been automatically assigned in GitHub to PR creator.

@pitrou pitrou force-pushed the gh43946-decryptor-wipeout branch from f206c0a to b253529 Compare September 4, 2024 09:40
@pitrou pitrou changed the title GH-43946: [C++][Parquet] Guard against use of decryptor/encryptor after wipeout GH-43946: [C++][Parquet] Guard against use of cleared decryptor/encryptor Sep 4, 2024
@pitrou pitrou force-pushed the gh43946-decryptor-wipeout branch from b253529 to 58b5daf Compare September 4, 2024 09:42
@pitrou
Copy link
Member Author

pitrou commented Sep 4, 2024

@github-actions crossbow submit -g cpp

This comment was marked as outdated.

@pitrou
Copy link
Member Author

pitrou commented Sep 4, 2024

@adamreeve Does this look good to you?

@pitrou
Copy link
Member Author

pitrou commented Sep 4, 2024

We have a nice example of the guard being triggered here:
https://github.com/ursacomputing/crossbow/actions/runs/10699204038/job/29660230356#step:7:3575

This was a sporadic crash before:
#43057

@pitrou pitrou requested a review from felipecrv September 4, 2024 09:58
@github-actions github-actions bot added awaiting committer review Awaiting committer review and removed awaiting review Awaiting review labels Sep 4, 2024
@adamreeve
Copy link
Contributor

This looks good to me, impressive work tracking down the cause of the segfault!

@wgtmac
Copy link
Member

wgtmac commented Sep 5, 2024

We have a nice example of the guard being triggered here: https://github.com/ursacomputing/crossbow/actions/runs/10699204038/job/29660230356#step:7:3575

This was a sporadic crash before: #43057

Does it mean that DatasetEncryptionTest.WriteReadDatasetWithEncryption test case does not run in the regular CI? Or is it nondeterministic when the decryptor is cleared?

@@ -413,6 +423,12 @@ class AesDecryptor::AesDecryptorImpl {
}

private:
void CheckValid() {
if (ctx_ == nullptr) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ctx_ == nullptr) {
if (ARROW_PREDICT_FALSE(ctx_ == nullptr)) {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was under the impression that compilers automatically treated branches that throw an exception to be unlikely, but I can't find a reference. @felipecrv Do you know about that?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, judging from https://www.youtube.com/watch?v=T84swS6DCRo (at 29:00), the gcc compiler already uses such a heuristic.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CheckValid should be const?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point @mapleFU

@@ -89,6 +89,12 @@ class AesEncryptor::AesEncryptorImpl {
}

private:
void CheckValid() {
if (ctx_ == nullptr) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ctx_ == nullptr) {
if (ARROW_PREDICT_FALSE(ctx_ == nullptr)) {

@pitrou
Copy link
Member Author

pitrou commented Sep 5, 2024

Does it mean that DatasetEncryptionTest.WriteReadDatasetWithEncryption test case does not run in the regular CI? Or is it nondeterministic when the decryptor is cleared?

It seems to be non-deterministic in this particular test, as the dataset reading is multi-threaded (you can see this in the stack traces above).

@pitrou pitrou force-pushed the gh43946-decryptor-wipeout branch from 58b5daf to 0fb9ee6 Compare September 5, 2024 08:52
@pitrou
Copy link
Member Author

pitrou commented Sep 5, 2024

@github-actions crossbow submit -g cpp

Copy link

github-actions bot commented Sep 5, 2024

Revision: 0fb9ee6

Submitted crossbow builds: ursacomputing/crossbow @ actions-0c32dece8e

Task Status
test-alpine-linux-cpp GitHub Actions
test-build-cpp-fuzz GitHub Actions
test-conda-cpp GitHub Actions
test-conda-cpp-valgrind GitHub Actions
test-cuda-cpp GitHub Actions
test-debian-12-cpp-amd64 GitHub Actions
test-debian-12-cpp-i386 GitHub Actions
test-fedora-39-cpp GitHub Actions
test-ubuntu-20.04-cpp GitHub Actions
test-ubuntu-20.04-cpp-bundled GitHub Actions
test-ubuntu-20.04-cpp-minimal-with-formats GitHub Actions
test-ubuntu-20.04-cpp-thread-sanitizer GitHub Actions
test-ubuntu-22.04-cpp GitHub Actions
test-ubuntu-22.04-cpp-20 GitHub Actions
test-ubuntu-22.04-cpp-emscripten GitHub Actions
test-ubuntu-22.04-cpp-no-threading GitHub Actions
test-ubuntu-24.04-cpp GitHub Actions
test-ubuntu-24.04-cpp-gcc-13-bundled GitHub Actions
test-ubuntu-24.04-cpp-gcc-14 GitHub Actions

@pitrou pitrou merged commit 032e6a4 into apache:main Sep 5, 2024
34 of 35 checks passed
@pitrou pitrou removed the awaiting committer review Awaiting committer review label Sep 5, 2024
@pitrou pitrou deleted the gh43946-decryptor-wipeout branch September 5, 2024 09:47
Copy link

After merging your PR, Conbench analyzed the 4 benchmarking runs that have been run so far on merge-commit 032e6a4.

There were no benchmark performance regressions. 🎉

The full Conbench report has more details. It also includes information about 3 possible false positives for unstable benchmarks that are known to sometimes produce them.

zanmato1984 pushed a commit to zanmato1984/arrow that referenced this pull request Sep 6, 2024
…/encryptor (apache#43947)

This is to get a clearer error rather than an obscure crash, see apache#43057 for an example.

* GitHub Issue: apache#43946

Authored-by: Antoine Pitrou <[email protected]>
Signed-off-by: Antoine Pitrou <[email protected]>
khwilson pushed a commit to khwilson/arrow that referenced this pull request Sep 14, 2024
…/encryptor (apache#43947)

This is to get a clearer error rather than an obscure crash, see apache#43057 for an example.

* GitHub Issue: apache#43946

Authored-by: Antoine Pitrou <[email protected]>
Signed-off-by: Antoine Pitrou <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants