Bug #70490 Suppression is too strict on some systems
Submitted: 2 Oct 2013 12:24 Modified: 29 Jun 2017 12:32
Reporter: Sergei Glushchenko (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Encryption Severity:S3 (Non-critical)
Version:5.6.12, 5.7 OS:Linux
Assigned to: CPU Architecture:Any
Tags: openssl, valgrind

[2 Oct 2013 12:24] Sergei Glushchenko
Description:
valgrind.supp has an suppression which looks like

{
   OpenSSL still reachable.
   Memcheck:Leak
   fun:malloc
   fun:CRYPTO_malloc
   fun:sk_new
   fun:load_builtin_compressions
   fun:SSL_COMP_get_compression_methods
   fun:SSL_library_init
}

It however doesn't work everywhere. We saw valgrind errors as following:

==32338==
==32338== HEAP SUMMARY:
==32338== in use at exit: 75,876,624 bytes in 832 blocks
==32338== total heap usage: 32,498 allocs, 31,666 frees, 130,387,498 bytes allocated
==32338==
==32338== 32 bytes in 1 blocks are still reachable in loss record 1 of 296
==32338== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==32338== by 0x3417C5D9CD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0)
==32338== by 0x3417CB6F5E: sk_new (in /usr/lib64/libcrypto.so.1.0.0)
==32338== by 0x341C83D0E4: ??? (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0x341C83D308: SSL_COMP_get_compression_methods (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0x341C844651: SSL_library_init (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0xC798DB: ssl_start (viosslfactories.c:155)
==32338== by 0x625FD9: init_ssl() (mysqld.cc:4310)
==32338== by 0x630170: mysqld_main(int, char**) (mysqld.cc:5509)
==32338== by 0x340C41ECDC: (below main) (in /lib64/libc-2.12.so)
==32338==
==32338== 32 bytes in 1 blocks are still reachable in loss record 2 of 296
==32338== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==32338== by 0x3417C5D9CD: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.0)
==32338== by 0x3417CB6F7C: sk_new (in /usr/lib64/libcrypto.so.1.0.0)
==32338== by 0x341C83D0E4: ??? (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0x341C83D308: SSL_COMP_get_compression_methods (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0x341C844651: SSL_library_init (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0xC798DB: ssl_start (viosslfactories.c:155)
==32338== by 0x625FD9: init_ssl() (mysqld.cc:4310)
==32338== by 0x630170: mysqld_main(int, char**) (mysqld.cc:5509)
==32338== by 0x340C41ECDC: (below main) (in /lib64/libc-2.12.so)

Originally reported as https://bugs.launchpad.net/percona-server/+bug/1205196.

How to repeat:
Probably depends on environment.

Suggested fix:
Make suppression less strict.
[8 Oct 2013 18:18] Sveta Smirnova
Thank you for the report.

Please provide test case, demonstrating the problem.
[29 Oct 2013 3:55] Roel Van de Paar
Sveta, can we proceed without test case please?
[1 Nov 2013 19:45] Sveta Smirnova
Roel,

we can. But, please, at least specify which tests and on which platform did you run when you saw such errors?
[2 Dec 2013 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[20 Nov 2015 12:37] Laurynas Biveinis
This is still an issue. Server 5.7.9, built with -DWITH_SSL=system -DWITH_VALGRIND=ON, example testcase main.mysql_client_test, will produce on Ubuntu Trusty LTS and Ubuntu Wily the following:

32 bytes in 1 blocks are still reachable in loss record 2 of 4
   at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
   by 0x553DD87: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
   by 0x55F555E: sk_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
   by 0x52B5FF9: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
   by 0x52B80F8: SSL_COMP_get_compression_methods (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
   by 0x52BD7E2: SSL_library_init (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
   by 0x1DF2F67: ssl_start (viosslfactories.c:367)
   by 0xE8DBB7: init_ssl() (mysqld.cc:3323)
   by 0xE90B9D: mysqld_main(int, char**) (mysqld.cc:4725)
   by 0xE87EE5: main (main.cc:25)

The suppression for this is 

{
   OpenSSL still reachable.
   Memcheck:Leak
   fun:malloc
   fun:CRYPTO_malloc
   fun:sk_new
   fun:load_builtin_compressions
   fun:SSL_COMP_get_compression_methods
   fun:SSL_library_init
}

Note that sk_new is ??? above. This hinders any Valgrind testing on these platforms at least with -DWITH_SSL=system.
You have also observed this issue while verifying e.g. bug 78999.
[20 Nov 2015 12:38] Laurynas Biveinis
Err "load_builtin_compressions" not "sk_new"
[2 May 2017 15:39] MySQL Verification Team
Hi Laurynas,

I am going to try to repeat this on Oracle Linux, with latest 5.7, since I do not use Ubuntu Linux.

Would that be OK ???
[2 May 2017 18:36] MySQL Verification Team
I verified it with 5.7.18:

---------------

orker[1] Valgrind report from /home/smilivoj/ssl/mysql-5.7.18/mysql-test/var/log/mysqld.1.err after tests:
 main.mysql_client_test
--------------------------------------------------------------------------
HEAP SUMMARY:
    in use at exit: 64 bytes in 2 blocks
  total heap usage: 60,271 allocs, 60,269 frees, 153,093,454 bytes allocated

32 bytes in 1 blocks are still reachable in loss record 1 of 2
   at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x596C2D2: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e)
   by 0x59E4B2E: sk_new (in /usr/lib64/libcrypto.so.1.0.1e)
   by 0x56DE879: ??? (in /usr/lib64/libssl.so.1.0.1e)
   by 0x56E0828: SSL_COMP_get_compression_methods (in /usr/lib64/libssl.so.1.0.1e)
   by 0x56E61C8: SSL_library_init (in /usr/lib64/libssl.so.1.0.1e)
   by 0x1D9461A: ssl_start (viosslfactories.c:422)
   by 0xE645EB: init_ssl() (mysqld.cc:3381)
   by 0xE674BE: mysqld_main(int, char**) (mysqld.cc:4834)
   by 0xE5EA2F: main (main.cc:25)

32 bytes in 1 blocks are still reachable in loss record 2 of 2
   at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x596C2D2: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e)
   by 0x59E4B4C: sk_new (in /usr/lib64/libcrypto.so.1.0.1e)
   by 0x56DE879: ??? (in /usr/lib64/libssl.so.1.0.1e)
   by 0x56E0828: SSL_COMP_get_compression_methods (in /usr/lib64/libssl.so.1.0.1e)
   by 0x56E61C8: SSL_library_init (in /usr/lib64/libssl.so.1.0.1e)
   by 0x1D9461A: ssl_start (viosslfactories.c:422)
   by 0xE645EB: init_ssl() (mysqld.cc:3381)
   by 0xE674BE: mysqld_main(int, char**) (mysqld.cc:4834)
   by 0xE5EA2F: main (main.cc:25)

LEAK SUMMARY:
   definitely lost: 0 bytes in 0 blocks
   indirectly lost: 0 bytes in 0 blocks
     possibly lost: 0 bytes in 0 blocks
   still reachable: 64 bytes in 2 blocks
        suppressed: 0 bytes in 0 blocks

For counts of detected and suppressed errors, rerun with: -v
ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

valgrind_report                          [ fail ]
        Test ended at 2017-05-02 20:30:50

Valgrind reported failures at shutdown, see above

--------------------------------------------------------------------------
The servers were restarted 0 times
Spent 0.000 of 31 seconds executing testcases

Completed: Failed 1/1 tests, 0.00% were successful.
[3 May 2017 2:25] Laurynas Biveinis
Thanks Sinisa!
[29 Jun 2017 7:21] Shishir Jaiswal
Posted by developer:
 
Approved on RB
[29 Jun 2017 12:32] Paul DuBois
Posted by developer:
 
Fixed in 5.6.38, 5.7.20, 8.0.3.

Work was done for test suite. No changelog entry needed.