1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
[[!meta copyright="Copyright © 2011, 2012, 2013 Free Software Foundation,
Inc."]]
[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
is included in the section entitled [[GNU Free Documentation
License|/fdl]]."]]"""]]
[[!tag open_issue_hurd]]
The dbus problems are due to missing scm credentials [[sendmsg_scm_creds]] and socket credentials
[[pflocal_socket_credentials_for_local_sockets]]. There was also a problem with short timeout in
[[select]], but that has been solved in Debian by setting a minimum timeout of 1ms.
[[!toc]]
# IRC, freenode, #hurd, 2011-11-26
<antrik> BTW, how much effort is necessary to fix dbus?
<pinotree> basically, have pflocal know who's the sender
(pid/uid/gid/groups) in the socket send op
# IRC, freenode, #hurd, 2011-12-16
<braunr> pinotree: what's the problem with dbus ?
<pinotree> braunr: select() returning 0 changed fd's with very short (eg <
1ms) timeouts when there are actually events;
[[select]].
<pinotree> and missing socket credentials
[[sendmsg_scm_creds]].
<braunr> oh
<braunr> which socket creds interface ?
<pinotree> bsd, i.e. with SCM_CREDENTIALS payload for cmsg on
{recv,send}msg()
<braunr> ok
<braunr> SCM_RIGHTS too ?
<braunr> the select issue seems weird though
<pinotree> hm no, that's for passing fd's to other processes
<braunr> is it specific to pflocal or does dbus use pfinet too ?
<pinotree> iirc on very short timeouts the application has no time waiting
for the reply of servers
<braunr> i see
<pinotree> braunr: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=79358
<braunr> thanks
<pinotree> (the interesting messages are from #53 and on)
<braunr> 2000 eh ... :)
<braunr> hm i agree with neal, i don't understand why the timeout is given
to the kernel as part of the mach_msg call
# IRC, freenode, #hurd, 2011-12-20
<braunr> hm, i don't see any occurrence of SCM_CREDENTIALS in dbus
<braunr> only SCM_RIGHTS
<pinotree> braunr: yes, that one
<braunr> oh
<braunr> i thought you said the opposite last time
<pinotree> dbus/dbus-sysdeps-unix.c, write_credentials_byte and
_dbus_read_credentials_socket (with #define HAVE_CMSGCRED)
<braunr> hm
<braunr> which version ?
<braunr> i don't see anything in 1.4.16
<pinotree> 1.4.16
<braunr> grmbl
<braunr> ah, i see
<braunr> SCM_CREDS
<pinotree> if you want, i have a simplier .c source with it
<braunr> no i'm just gathering info
<pinotree> ok
<braunr> what's the deal with SCM_CREDS and SCM_CREDENTIALS ?
<braunr> bsd vs sysv ?
<braunr> oh, http://lists.debian.org/debian-hurd/2002/03/msg00135.html
<braunr> so we actually do want both SCM_CREDS and SCM_RIGHTS for debus
<braunr> dbus
<pinotree> SCM_RIGHTS is a different matter, it is for passing fd's
<braunr> yes
<braunr> but it's used by dbus
<braunr> so if we can get it, it should help too
<pinotree> there's a preliminary patch for it done by emilio time ago, and
iirc it's applied to debian's glibc
<braunr> ah, he changed the libc
<braunr> right, that's the only sane way
<pinotree> iirc roland didn't like one or more parts of it (but i could be
wrong)
<braunr> ok
# IRC, freenode, #hurd, 2013-07-17
<teythoon> btw pinotree, what happened to your efforts to make dbus work?
<pinotree> not much, my initial patch was just a crude hack, a better
solution requires more thinkering and work
<teythoon> yes, ive seen that
<teythoon> but that was only a tiny patch against the libc, surely there
must be more to that?
<pinotree> not really
<teythoon> and the proper fix is to patch pflocal to query the auth server
and add the credentials?
<pinotree> possibly
<teythoon> that doesn't sound to bad, did you give it a try?
<pinotree> not really, got caught in other stuff
# IRC, freenode, #hurd, 2013-09-02
<gnu_srs1> something is wrong with libc0.3 since the switch to 2.17. dbus
does not run any longer when rebuilt
<gnu_srs1> the latest build of dbus was with 2.13: libc0.3-dev: already
installed (2.13-38)
<pinotree> debug it
<gnu_srs1> Yes, I will. Maybe somebody could rebuild it and verify my
findings?
<pinotree> gnu_srs1: your finding is "doesn't work", which is generic and
does not help without investigation
<gnu_srs1> just rebuild it and: e.g. ./build-debug/bus/dbus-daemon --system
(--nofork)
<pinotree> gnu_srs1: please, debug it
<gnu_srs1> I have partially already. But maybe the problems only shows on
my box. I'll rebuild on another box before continuing debugging.
<pinotree> gnu_srs1: are you, by chance, running a libc or something else
with your scm_creds work?
<gnu_srs1> I did, but I've backed to 2.17-92 right now.
<gnu_srs1> sane problem with dbus on another box, something's fishy:-(
<gnu_srs1> braunr: any good way to find out if the dbus problems are with
libpthread? Setting a breakpoint with libc0.3-dbg installed.
<braunr> gnu_srs1: i don't know
See [[glibc]], *Missing interfaces, amongst many more*, *`SOCK_CLOEXEC`*.
# IRC, freenode, #hurd, 2013-09-04
<gnu_srs> Hi, looks like dbus requires abstract socket namespace: #undef
HAVE_ABSTRACT_SOCKETS What's missing?
<pinotree> uh?
<pinotree> abstract unix sockets are a Linux feature, and surely it is not
mandatory for dbus
<gnu_srs> Looks like dbus exits if they are not supported:
<gnu_srs> dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, "Operating
system does not support abstract socket namespace\n"); _dbus_close
(listen_fd, NULL); 1061 return -1;
<pinotree> that is enclosed in a if (abstract)
<pinotree> and that parameter is set to true in other places (eg
dbus/dbus-server-unix.c) only when HAVE_ABSTRACT_SOCKETS is defined
<pinotree> so no, abstract sockets are not mandatory
<gnu_srs> Well this code is executed e.g. when running emacs remotely in
X. Have to dig deeper then to see why.
<pinotree> maybe it could have to do the fact that your dbus server is
running in linux and runs by default using such sockets type
<pinotree> but yes, you need to dig better
<gnu_srs> pinotree: You are right. when running natively the problem is:
<pinotree> *drums*
<gnu_srs> Manually: Process /usr/lib/at-spi2-core/at-spi-bus-launcher
exited with status 1
<pinotree> eh?
<gnu_srs> Error retrieving accessibility bus address:
org.freedesktop.DBus.Error.Spawn.ChildExited: ^
<pinotree> most probably that service does not start due to the lack of
socket credentials which affects dbus
<pinotree> uninstall or disable those additional services, they are not
your problem
<gnu_srs> credentials is enabled. which services to remove?
<pinotree> dunno
# IRC, freenode, #hurd, 2013-09-11
<gnu_srs> Hi, looks like frebsd had (2008) the same problem as hurd when
sending credentials over PF_INET:
<gnu_srs>
http://lists.freebsd.org/pipermail/freebsd-hackers/2008-May/024577.html
<gnu_srs> Since the dbus code is about the same now (2013), maybe they
added support?
<gnu_srs> The next message in the thread confirms that the dbus code is
invalid, does anybody have pointers?
<pinotree> from what i've seen so far, socket credentials are done only for
local sockets (ie PF_UNIX)
<pinotree> i don't see how things like uid/gid/pid of the socket endpoint
can have anything to do with AF_INET
<pinotree> and socket credentials in dbus are used only in the [local]
socket transport, so there's no issue
# IRC, freenode, #hurd, 2013-09-12
<gnu_srs> pinotree: Yes, there is an issue with dbus and AF_INET, see
test/corrupt.c: tests /corrupt/tcp and /corrupt/byte-order/tcp:-/
<pinotree> gnu_srs: what's wrong with those? they are just testing the
connection over a tcp socket
<pinotree> as said above, socket credentials shouldn't be used in such
cases
<gnu_srs> They are, see also test/relay.c: /relay and /limit tests:-(
<pinotree> how are they?
<pinotree> please be more specifc...
<gnu_srs> Just run the tests yourself with DBUS_VERBOSE=1
<pinotree> you are claiming there is a problem, so please specify what is
the actual issue
<gnu_srs> DBUS_VERBOSE=1 build-debug/test/test-relay
<pinotree> you are claiming there is a problem, so please specify what is
the actual issue
<gnu_srs> same with test-corrupt
<gnu_srs> look at the verbose output: Failed to write credentials: Failed
to write credentials byte: Invalid argument
<gnu_srs> coming from pfinet since PF_INET is used.
<pinotree> check what it does on linux then
<pinotree> put an abort() at the start of the read/write socket credential
functions in dbus-sysdeps-unix.c and see whether it is triggered also on
linux
<gnu_srs> SO_PEERCRED is used for linux and LOCAL_CREDS is used for
kfreebsd, so we are on our own here:-/
<pinotree> and linux' SO_PEERCRED works also on AF_INET sockets? i'd doubt
it
<gnu_srs>
http://stackoverflow.com/questions/10037086/so-peercred-vs-scm-credentials-why-there-are-both-of-them
<pinotree> yes, i know the difference, but please read what i asked again
<gnu_srs> I'll check to be sure...
<braunr> gnu_srs: user credentials are not supposed to be passed through an
AF_INET socket
<braunr> how hard is that to understand ?
<gnu_srs> OK, linux use send since CMSGCREDS is not defined to write
credentials. Working on how they are received.
<gnu_srs> braunr: I do understand, but the dbus code tries to do that for
Hurd:-(
<pinotree> then it should do that on linux too
<pinotree> (since the local socket credentials code is isolated in own
functions, and they are called only for the unix transport)
<gnu_srs> Happiness:-D, almost all dbus tests pass!
<gnu_srs> 17(17) dbus tests pass:)
<braunr> gnu_srs: hopefully your patch does things right
<gnu_srs> which patch
<braunr> adding credentials through unix socket
<braunr> isn't that what you're doing ?
<gnu_srs> the mail to MLs is from the stock installed packages.
<braunr> ?
<gnu_srs> the test reports are with the SCM_CREDS patches, but I stumbled
on the SCM_RIGHTS issues reported to MLs
<gnu_srs> no patches applied, just test the attached file yourself.
<braunr> so what's your work about ?
<gnu_srs> I'm working on SCM_CREDS, yes, and created patches for dbus,
glib2.0 and libc.
<gnu_srs> the mail was about some bug in the call to io_restrict_auth in
sendmsg.c: without any of my patches applied (another image)
<teythoon> gnu_srs: you have to give us more context, how are we supposed
to know how to find this sendmsg.c file?
<pinotree> (it's in glibc, but otherwise the remark is valid)
<pinotree> s/otherwise/anyway/
|