glibc: fix /etc/ld-nix.so.preload sharing #96289

ju1m · 2020-08-25T13:46:20Z

Untested by me yet (require too much rebuilds for my computer), but ready for reviews.

Motivation for this change

Sharing /etc/ld-nix.so.preload accross programs requiring different versions of glibc can break everything, including upgrading NixOS, as experienced there: https://discourse.nixos.org/t/nixos-rebuild-fails-because-bash-is-broken-dependency-issue-in-libpthread-so-0-undefined-symbol-nanosleep-nocancel/8494

For example, when using environment.memoryAllocator.provider = "scudo", as done in nixos/modules/profiles/hardened.nix, one could get a /etc/ld-nix.so.preload loading glibc-2.30:

# cat /etc/ld-nix.so.preload
/nix/store/in0cn8csqlx9al9ih5xj5j7gkw11ladd-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so

# ldd /nix/store/in0cn8csqlx9al9ih5xj5j7gkw11ladd-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
        linux-vdso.so.1 (0x0000694ebde48000)
        libgcc_s.so.1 => /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/libgcc_s.so.1 (0x0000694ebd54d000)
        libc.so.6 => /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/libc.so.6 (0x0000694ebd38e000)
        libdl.so.2 => /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/libdl.so.2 (0x0000694ebd389000)
        librt.so.1 => /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/librt.so.1 (0x0000694ebd37f000)
        libpthread.so.0 => /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/libpthread.so.0 (0x0000694ebd35e000)
        libstdc++.so.6 => /nix/store/rmn2n2sycqviyccnhg85zangw1qpidx0-gcc-9.3.0-lib/lib/libstdc++.so.6 (0x0000694ebd17d000)
        /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib64/ld-linux-x86-64.so.2 (0x0000694ebde49000)
        libm.so.6 => /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/libm.so.6 (0x0000694ebd03b000)

And then a nixos-rebuild switch would break when upgrading to a NixOS version using a bash built with glibc-2.31:

$ /nix/store/6737cq9nvp4k5r70qcgf61004r0l2g3v-bash-4.4-p23/bin/bash
/nix/store/6737cq9nvp4k5r70qcgf61004r0l2g3v-bash-4.4-p23/bin/bash: symbol lookup error: /nix/store/bqbg6hb2jsl3kvf6jgmgfdqy06fpjrrn-glibc-2.30/lib/libpthread.so.0: undefined symbol: __nanosleep_nocancel, version GLIBC_PRIVATE

Things done

Rename /etc/ld-nix.so.preload to /etc/ld-nix.${pkgs.glibc.src.outputHash}.so.preload
Fix incoming apparmor profile in apparmor: fix and improve the service #93457 . This patch being likely to me merged before the broader apparmor one, I'll fix it in the apparmor one if the present one is merged.

nixos-discourse · 2020-08-25T13:57:34Z

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nixos-rebuild-fails-because-bash-is-broken-dependency-issue-in-libpthread-so-0-undefined-symbol-nanosleep-nocancel/8494/4

bqv · 2020-08-25T15:42:36Z

nixos/modules/config/malloc.nix

-    environment.etc."ld-nix.so.preload".text = ''
+    # See comment in pkgs/development/libraries/glibc/common.nix
+    # for an explanation about the name of this file.
+    environment.etc."ld-nix.${pkgs.glibc.src.outputHash}.so.preload".text = ''


Perhaps just change target, so this attr has a predictable name?

vcunat

Sounds good in principle for this particular use case. I'm not at all sure about others.

If you want to replace (part of) glibc, you may want to do it based on its hash. If you want to replace (part of) some other library, you might want to do it based hash of that library.

Moreover, it depends on the nature of the preload – I've seen many preloads that are just thin API wrappers that are OK to use with basically any version of the library (e.g. any POSIX libc).

stale · 2021-07-21T00:12:07Z

I marked this as stale due to inactivity. → More info

glibc: fix /etc/ld-nix.so.preload sharing

64673bb

ofborg bot added 6.topic: nixos 8.has: module (update) labels Aug 25, 2020

bqv reviewed Aug 25, 2020

View reviewed changes

ofborg bot added the 10.rebuild-linux-stdenv label Aug 25, 2020

ofborg bot requested a review from edolstra August 25, 2020 16:28

ofborg bot added 10.rebuild-darwin: 11-100 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ labels Aug 25, 2020

vcunat reviewed Aug 26, 2020

View reviewed changes

ryantm added 2.status: merge conflict and removed 2.status: merge conflict labels Oct 3, 2020

ju1m mentioned this pull request Nov 16, 2020

environment.memoryAllocator may cause crashes #100799

Closed

SuperSandro2000 removed the 2.status: merge conflict label Jan 18, 2021

stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 21, 2021

wegank added the 2.status: merge conflict label Mar 20, 2024

stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 20, 2024

wegank marked this pull request as draft March 25, 2024 16:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

glibc: fix /etc/ld-nix.so.preload sharing #96289

glibc: fix /etc/ld-nix.so.preload sharing #96289

ju1m commented Aug 25, 2020

nixos-discourse commented Aug 25, 2020

bqv Aug 25, 2020

vcunat left a comment

stale bot commented Jul 21, 2021

glibc: fix /etc/ld-nix.so.preload sharing #96289

Are you sure you want to change the base?

glibc: fix /etc/ld-nix.so.preload sharing #96289

Conversation

ju1m commented Aug 25, 2020

Motivation for this change

Things done

nixos-discourse commented Aug 25, 2020

bqv Aug 25, 2020

Choose a reason for hiding this comment

vcunat left a comment

Choose a reason for hiding this comment

stale bot commented Jul 21, 2021