Gearman

uuid_generate calls system rng (not thread safe?)

Bug #1005878 reported by Kevin Martin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gearman
Fix Released
Medium
Brian Aker
Gearman 0.36

Bug Description

Hi,

libgearman calls uuid_generate from libuuid which uses the system pseudo rng. See the below stack trace. It might be helpful to add some documentation that this happens - it's certainly caused us a few days of being baffled.

Also, given that uuid_generate uses the system RNG, it does not seem thread safe. Does this affect the thread safety of libgearman?

In libuuid, uuid_generate in gen_uuid.c calls random_get_bytes(). This is implemented in lib/randutils.c which is where the calls to the system rng are:

https://github.com/karelzak/util-linux/blob/master/lib/randutils.c (lines 41, 51, 89)

Note rand() and srand() may be #defined in https://github.com/karelzak/util-linux/blob/master/include/randutils.h

Thanks,
Kevin

Stack trace is from Gearman 0.29 I think, but I checked the latest trunk and uuid_generate is called on line 158

Breakpoint 1, 0x00007ffff1daace0 in srandom () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff1daace0 in srandom () from /lib/libc.so.6
#1 0x00007ffff067f866 in ?? () from /lib/libuuid.so.1
#2 0x00007ffff0680729 in uuid_generate () from /lib/libuuid.so.1
#3 0x00007ffff4a5f515 in add_task (client=..., task=0x7fffffffd770,
    context=0x0, command=GEARMAN_COMMAND_SUBMIT_JOB, function=..., unique=...,
    workload=..., when=0, actions=...) at libgearman/add.cc:180
#4 0x00007ffff4a60237 in _client_do (client=0x721ab0,
    command=GEARMAN_COMMAND_SUBMIT_JOB,
    function_name=0x71bbd8 "convscript_retrieve", unique=0x0,
    workload_str=0x71b028, workload_size=37, result_size=0x7fffffffdae8,
    ret_ptr=0x7fffffffdae4) at libgearman/client.cc:147
#5 0x00007ffff4a60ea0 in gearman_client_do (client=0x721ab0,
    function=0x71bbd8 "convscript_retrieve", unique=0x0, workload=0x71b028,
    workload_size=37, result_size=0x7fffffffdae8, ret_ptr=0x7fffffffdae4)
    at libgearman/client.cc:598

Revision history for this message
Brian Aker (brianaker) wrote :

Thanks. The uuid call is not technically required, I'll add an option to make it optional.

Changed in gearmand:
assignee: nobody → Brian Aker (brianaker)
Revision history for this message
Brian Aker (brianaker) wrote :

I spoke to the author of libuuid and he confirmed that there is an issue with libuuid and thread safety. He mentioned a solution using the uuidd daemon. I am asking him for more details about this.

Thanks,
    -Brian

Changed in gearmand:
status: New → Confirmed
Revision history for this message
Brian Aker (brianaker) wrote :

The fix will be to use uuid_generate_time_safe(), and document that the uuidd daemon needs to be running.

Revision history for this message
Kevin Martin (kev82) wrote :

Ok, that's great. Thankyou.

Brian Aker (brianaker)
Changed in gearmand:
importance: Undecided → Medium
status: Confirmed → Fix Committed
milestone: none → 0.36
Brian Aker (brianaker)
Changed in gearmand:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.