Skip to content

Make memory roots actually meaningful #2705

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Mar 14, 2019
Merged

Make memory roots actually meaningful #2705

merged 11 commits into from
Mar 14, 2019
+91 −71

Conversation

layus
Copy link
Member

@layus layus commented Feb 27, 2019

Compare

$ sudo ./inst/bin/nix-store -q --roots /nix/store/5gvl89hjirkvq5akha7w3z9b78jpd96l-firefox-65.0.1                                                                 
/nix/var/nix/profiles/per-user/layus/profile-934-link
{/proc/1236/maps:221}
{/proc/1939/maps:201}
{/proc/5825/maps:143}
{/proc/6540/maps:204}

which can be eanigfully processed to find the culprits like this

$ sudo ./inst/bin/nix-store -q --roots /nix/store/5gvl89hjirkvq5akha7w3z9b78jpd96l-firefox-65.0.1 | grep proc | sed 's#/maps.*#/cmdline#' | tr -d "{" | xargs tail
==> /proc/1236/cmdline <==                                                                                                                                           
/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/bin/.firefox-wrapped
==> /proc/1939/cmdline <==
/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/lib/firefox/firefox-contentproc-childID3-isForBrowser-prefsLen4625-prefMapSize258651-schedulerPrefs0001,2-parentBuildID20190221223411-greomni/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/lib/firefox/omni.ja-appomni/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/lib/firefox/browser/omni.ja-appdir/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/lib/firefox/browser1236tab
==> /proc/5825/cmdline <==
/nix/store/f72ypmzx51myy345r15v1z0vw16qip72-thunderbird-60.5.1/lib/thunderbird/thunderbird
==> /proc/6540/cmdline <==
/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/lib/firefox/firefox-contentproc-childID12-isForBrowser-prefsLen11629-prefMapSize258651-schedulerPrefs0001,2-parentBuildID20190221223411-greomni/nix/store/gid9rhxibwr8mmsfaaygbl8c5wi7jwc8-firefox-unwrapped-65.0.1/lib/firefox/omni.ja-appomni/nix/store/gid9rhxibwr8mmsfaaygb

with the former

nix-store -q --roots /nix/store/5gvl89hjirkvq5akha7w3z9b78jpd96l-firefox-65.0.1
/nix/var/nix/profiles/per-user/layus/profile-934-link
{memory:182}
{memory:264}
{memory:55}

where the numbers look like pid's but are really just random numbers.

@edolstra
Copy link
Member

Note that this exposes information about other users, which is why we currently don't include pids in the memory roots.

@layus
Copy link
Member Author

layus commented Feb 28, 2019

Note that this exposes information about other users, which is why we currently don't include pids in the memory roots.

Oh, that's a feature then. We could stil enable this when nix runs as root (no deamon). It's a huge pain when something sticks in the store for no understandable reason.

@layus
Copy link
Member Author

layus commented Mar 1, 2019

Here is a new version with

  1. obfuscation of {memory:xxx} mappings in the daemon (the only place where root information can be leaked to non-root users, right ?)
  2. A refactor of the Roots data structure to std::map<Path, std::set<std::string>> mapping rooted paths to rooting symlinks or any description of the rooting authority. This change feels particularly right as it allows to remove the incremented int n used to make {memory:%1%} unique keys.

Mingled into this is also a change that prints the rooted path because it is not obvious why a {memory:32} roots a given path. By printing the actual root (like nix-store --gc --print-roots does) it is possible to intersect the root with the closure of paths depending on the one being looked up.

Showtime
  1. as root
$ sudo ./inst/bin/nix-store -q --roots /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1  | sed 's/ -> /\n-> /' | paste - - | expand -t 57 | sort -V
/nix/var/nix/profiles/per-user/gmaudoux/profile-174-link -> /nix/store/8b94rb1a4p020b7a1d56rj149hr6nhbr-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-175-link -> /nix/store/slvh02136glxa1rz4f6d6nl6ipmw8f31-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-176-link -> /nix/store/qsplpj8n6697j1bmq2d9qb935n0aixs3-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-177-link -> /nix/store/8b94rb1a4p020b7a1d56rj149hr6nhbr-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-178-link -> /nix/store/wr8863qrwnqc2q7s4p8hrx7861gywr8b-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-179-link -> /nix/store/i1hydd18qr81hn0y0gc5q216836l4f0r-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-180-link -> /nix/store/812542hvf5jwqffw4mmg4mzmar55m2cd-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-181-link -> /nix/store/0fg60rcqx0vp1l63cikw875mng42dn4i-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-182-link -> /nix/store/0szam8prw49xsngm3gsrh7xis2ksvp6x-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-183-link -> /nix/store/0fg60rcqx0vp1l63cikw875mng42dn4i-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-184-link -> /nix/store/k87d39riz07g7simv5piw7vz308r6qia-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-185-link -> /nix/store/1mn9kq3f2yh8wwlghw40rs3fnxc8crdf-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-186-link -> /nix/store/gr8lvf0hln1h0w9h1vwkd5nvcqb2mihs-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-187-link -> /nix/store/9ajl6j3zpbj120cfwxq50gx3mxy5pqjn-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-188-link -> /nix/store/3f2m65ak2rkscnqpann29z8x9sgd7byy-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-189-link -> /nix/store/l3fin2w6v9gndw5j3hq2i4h3qkmkpmy4-user-environment
{memory:/proc/1914/maps}                                 -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/1922/environ}                              -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/1922/maps}                                 -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/1925/maps}                                 -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/3756/environ}                              -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/4046/environ}                              -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/4046/maps}                                 -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/21420/environ}                             -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/21420/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/21474/environ}                             -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/21474/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/29390/environ}                             -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/29390/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/29530/environ}                             -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:/proc/29836/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/30478/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/30685/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/32025/maps}                                -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:/proc/32721/environ}                             -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
  1. through the daemon
$ ./inst/bin/nix-store -q --roots /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1  | sed 's/ -> /\n-> /' | paste - - | expand -t 57 | sort -V
/nix/var/nix/profiles/per-user/gmaudoux/profile-174-link -> /nix/store/8b94rb1a4p020b7a1d56rj149hr6nhbr-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-175-link -> /nix/store/slvh02136glxa1rz4f6d6nl6ipmw8f31-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-176-link -> /nix/store/qsplpj8n6697j1bmq2d9qb935n0aixs3-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-177-link -> /nix/store/8b94rb1a4p020b7a1d56rj149hr6nhbr-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-178-link -> /nix/store/wr8863qrwnqc2q7s4p8hrx7861gywr8b-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-179-link -> /nix/store/i1hydd18qr81hn0y0gc5q216836l4f0r-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-180-link -> /nix/store/812542hvf5jwqffw4mmg4mzmar55m2cd-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-181-link -> /nix/store/0fg60rcqx0vp1l63cikw875mng42dn4i-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-182-link -> /nix/store/0szam8prw49xsngm3gsrh7xis2ksvp6x-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-183-link -> /nix/store/0fg60rcqx0vp1l63cikw875mng42dn4i-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-184-link -> /nix/store/k87d39riz07g7simv5piw7vz308r6qia-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-185-link -> /nix/store/1mn9kq3f2yh8wwlghw40rs3fnxc8crdf-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-186-link -> /nix/store/gr8lvf0hln1h0w9h1vwkd5nvcqb2mihs-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-187-link -> /nix/store/9ajl6j3zpbj120cfwxq50gx3mxy5pqjn-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-188-link -> /nix/store/3f2m65ak2rkscnqpann29z8x9sgd7byy-user-environment
/nix/var/nix/profiles/per-user/gmaudoux/profile-189-link -> /nix/store/l3fin2w6v9gndw5j3hq2i4h3qkmkpmy4-user-environment
{memory:2977}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:2978}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:2979}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:2980}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:2981}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:2982}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:2983}                                            -> /nix/store/jhm6jw4p6mhc81za8hgh7dqxi49kcr0w-firefox-65.0.1
{memory:4632}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4633}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4634}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4635}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4636}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4637}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4638}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4639}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4640}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4641}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set
{memory:4642}                                            -> /nix/store/wskxj6pbjjw80n5rn43fnkyy7z2mwpms-gmaudoux-package-set

The best part being that this does not change at all the remote store protocol.

@layus
Copy link
Member Author

layus commented Mar 1, 2019

Not a proof of concept anymore, but not yet ready to merge...

@layus layus changed the title [POC] Make memory roots actually meaningful [WIP] Make memory roots actually meaningful Mar 1, 2019
layus and others added 11 commits March 10, 2019 00:56
@layus
detail memory roots

Verified

This commit was signed with the committer’s verified signature.
greg-1-anderson Greg Anderson
GPG key ID: ED613886A7C8119A
Verified
Learn about vigilant mode
43331d6
@layus
Obfuscate memory roots for non-root users
a17f86c
@layus
Make roots a map of store paths to pinning links
ebc8655 
This new structure makes more sense as there may be many sources rooting
the same store path. Many profiles can reference the same path but this
is even more true with /proc/<pid>/maps where distinct pids can and
often do map the same store path.
This implementation is also more efficient as the `Roots` map contains
only one entry per rooted store path.
@layus
fixup! Make roots a map of store paths to pinning links
8574b70
@layus
Also print rooted path in nix-store -q --roots
fc02b1b
@layus
Also obfuscate the number of memory roots
5c56570
@layus
require c++ 17
9d87e3f 
This fixes warnings about "structured binding declaration" requiring
"-std=c++1z".
@layus
unify naming of roots as links & targets
9d72211
@layus
Unify internal findRootsXxx() api
38ee16a
@layus
Fix warning about unused variable
4f43911
@layus
Update tests to the new --roots format
115e2c8
@layus layus force-pushed the verbose-memory-roots branch from f894716 to 115e2c8 Compare March 10, 2019 00:50
@layus layus changed the title [WIP] Make memory roots actually meaningful Make memory roots actually meaningful Mar 10, 2019
@layus
Copy link
Member Author

layus commented Mar 10, 2019

This looks finished to me. I am open to comments now ;-).

@edolstra do you think this is valuable enough to merge at some point in time ?

@edolstra edolstra merged commit 115e2c8 into NixOS:master Mar 14, 2019
@edolstra
Copy link
Member

Thanks, merged!

@layus
Copy link
Member Author

layus commented Mar 14, 2019

\o/ Thanks !

@layus layus deleted the verbose-memory-roots branch June 9, 2019 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@layus @edolstra