uringmachine 0.4 → 0.5.1

data/lib/uringmachine/ssl.rb

@@ -0,0 +1,394 @@
+# frozen_string_literal: true
+
+require 'open3'
+# need for Puma::MiniSSL::OPENSSL constants used in `HAS_TLS1_3`
+# use require, see https://github.com/puma/puma/pull/2381
+# require 'puma/puma_http11'
+
+require_relative '../uringmachine'
+
+class UringMachine
+  module SSL
+    # Define constant at runtime, as it's easy to determine at built time,
+    # but Puma could (it shouldn't) be loaded with an older OpenSSL version
+    # @version 5.0.0
+    HAS_TLS1_3 =
+        ((OPENSSL_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) != -1 &&
+         (OPENSSL_LIBRARY_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) !=-1)
+
+    class Socket
+      def initialize(socket, engine)
+        @socket = socket
+        @engine = engine
+        @peercert = nil
+        @reuse = nil
+      end
+
+      # @!attribute [r] to_io
+      def to_io
+        @socket
+      end
+
+      def closed?
+        @socket.closed?
+      end
+
+      # Returns a two element array,
+      # first is protocol version (SSL_get_version),
+      # second is 'handshake' state (SSL_state_string)
+      #
+      # Used for dropping tcp connections to ssl.
+      # See OpenSSL ssl/ssl_stat.c SSL_state_string for info
+      # @!attribute [r] ssl_version_state
+      # @version 5.0.0
+      #
+      def ssl_version_state
+        @engine.ssl_vers_st
+      end
+
+      # Used to check the handshake status, in particular when a TCP connection
+      # is made with TLSv1.3 as an available protocol
+      # @version 5.0.0
+      def bad_tlsv1_3?
+        HAS_TLS1_3 && ssl_version_state == ['TLSv1.3', 'SSLERR']
+      end
+      private :bad_tlsv1_3?
+
+      def readpartial(size)
+        while true
+          output = @engine.read
+          return output if output
+
+          data = @socket.readpartial(size)
+          @engine.inject(data)
+          output = @engine.read
+
+          return output if output
+
+          while neg_data = @engine.extract
+            @socket.write neg_data
+          end
+        end
+      end
+
+      def engine_read_all
+        output = @engine.read
+        while output and additional_output = @engine.read
+          output << additional_output
+        end
+        output
+      end
+
+      def read_nonblock(size, *_)
+        # *_ is to deal with keyword args that were added
+        # at some point (and being used in the wild)
+        while true
+          output = engine_read_all
+          return output if output
+
+          data = @socket.read_nonblock(size, exception: false)
+          if data == :wait_readable || data == :wait_writable
+            # It would make more sense to let @socket.read_nonblock raise
+            # EAGAIN if necessary but it seems like it'll misbehave on Windows.
+            # I don't have a Windows machine to debug this so I can't explain
+            # exactly whats happening in that OS. Please let me know if you
+            # find out!
+            #
+            # In the meantime, we can emulate the correct behavior by
+            # capturing :wait_readable & :wait_writable and raising EAGAIN
+            # ourselves.
+            raise IO::EAGAINWaitReadable
+          elsif data.nil?
+            raise SSLError.exception "HTTP connection?" if bad_tlsv1_3?
+            return nil
+          end
+
+          @engine.inject(data)
+          output = engine_read_all
+
+          return output if output
+
+          while neg_data = @engine.extract
+            @socket.write neg_data
+          end
+        end
+      end
+
+      def write(data)
+        return 0 if data.empty?
+
+        data_size = data.bytesize
+        need = data_size
+
+        while true
+          wrote = @engine.write data
+
+          enc_wr = +''
+          while (enc = @engine.extract)
+            enc_wr << enc
+          end
+          @socket.write enc_wr unless enc_wr.empty?
+
+          need -= wrote
+
+          return data_size if need == 0
+
+          data = data.byteslice(wrote..-1)
+        end
+      end
+
+      alias_method :syswrite, :write
+      alias_method :<<, :write
+
+      # This is a temporary fix to deal with websockets code using
+      # write_nonblock.
+
+      # The problem with implementing it properly
+      # is that it means we'd have to have the ability to rewind
+      # an engine because after we write+extract, the socket
+      # write_nonblock call might raise an exception and later
+      # code would pass the same data in, but the engine would think
+      # it had already written the data in.
+      #
+      # So for the time being (and since write blocking is quite rare),
+      # go ahead and actually block in write_nonblock.
+      #
+      def write_nonblock(data, *_)
+        write data
+      end
+
+      def flush
+        @socket.flush
+      end
+
+      def close
+        begin
+          unless @engine.shutdown
+            while alert_data = @engine.extract
+              @socket.write alert_data
+            end
+          end
+        rescue IOError, SystemCallError
+          Puma::Util.purge_interrupt_queue
+          # nothing
+        ensure
+          @socket.close
+        end
+      end
+
+      # @!attribute [r] peeraddr
+      def peeraddr
+        @socket.peeraddr
+      end
+
+      # OpenSSL is loaded in `MicroSSL::ContextBuilder` when
+      # `MicroSSL::Context#verify_mode` is not `VERIFY_NONE`.
+      # When `VERIFY_NONE`, `MicroSSL::Engine#peercert` is nil, regardless of
+      # whether the client sends a cert.
+      # @return [OpenSSL::X509::Certificate, nil]
+      # @!attribute [r] peercert
+      def peercert
+        return @peercert if @peercert
+
+        raw = @engine.peercert
+        return nil unless raw
+
+        @peercert = OpenSSL::X509::Certificate.new raw
+      end
+    end
+
+    class Context
+      attr_accessor :verify_mode
+      attr_reader :no_tlsv1, :no_tlsv1_1
+
+      def initialize
+        @no_tlsv1   = false
+        @no_tlsv1_1 = false
+        @key = nil
+        @cert = nil
+        @key_pem = nil
+        @cert_pem = nil
+        @reuse = nil
+        @reuse_cache_size = nil
+        @reuse_timeout = nil
+      end
+
+      def check_file(file, desc)
+        raise ArgumentError, "#{desc} file '#{file}' does not exist" unless File.exist? file
+        raise ArgumentError, "#{desc} file '#{file}' is not readable" unless File.readable? file
+      end
+
+        # non-jruby Context properties
+        attr_reader :key
+        attr_reader :key_password_command
+        attr_reader :cert
+        attr_reader :ca
+        attr_reader :cert_pem
+        attr_reader :key_pem
+        attr_accessor :ssl_cipher_filter
+        attr_accessor :ssl_ciphersuites
+        attr_accessor :verification_flags
+
+        attr_reader :reuse, :reuse_cache_size, :reuse_timeout
+
+        def key=(key)
+          check_file key, 'Key'
+          @key = key
+        end
+
+        def key_password_command=(key_password_command)
+          @key_password_command = key_password_command
+        end
+
+        def cert=(cert)
+          check_file cert, 'Cert'
+          @cert = cert
+        end
+
+        def ca=(ca)
+          check_file ca, 'ca'
+          @ca = ca
+        end
+
+        def cert_pem=(cert_pem)
+          raise ArgumentError, "'cert_pem' is not a String" unless cert_pem.is_a? String
+          @cert_pem = cert_pem
+        end
+
+        def key_pem=(key_pem)
+          raise ArgumentError, "'key_pem' is not a String" unless key_pem.is_a? String
+          @key_pem = key_pem
+        end
+
+        def check
+          raise "Key not configured" if @key.nil? && @key_pem.nil?
+          raise "Cert not configured" if @cert.nil? && @cert_pem.nil?
+        end
+
+        # Executes the command to return the password needed to decrypt the key.
+        def key_password
+          raise "Key password command not configured" if @key_password_command.nil?
+
+          stdout_str, stderr_str, status = Open3.capture3(@key_password_command)
+
+          return stdout_str.chomp if status.success?
+
+          raise "Key password failed with code #{status.exitstatus}: #{stderr_str}"
+        end
+
+        # Controls session reuse.  Allowed values are as follows:
+        # * 'off' - matches the behavior of Puma 5.6 and earlier.  This is included
+        #   in case reuse 'on' is made the default in future Puma versions.
+        # * 'dflt' - sets session reuse on, with OpenSSL default cache size of
+        #   20k and default timeout of 300 seconds.
+        # * 's,t' - where s and t are integer strings, for size and timeout.
+        # * 's' - where s is an integer strings for size.
+        # * ',t' - where t is an integer strings for timeout.
+        #
+        def reuse=(reuse_str)
+          case reuse_str
+          when 'off'
+            @reuse = nil
+          when 'dflt'
+            @reuse = true
+          when /\A\d+\z/
+            @reuse = true
+            @reuse_cache_size = reuse_str.to_i
+          when /\A\d+,\d+\z/
+            @reuse = true
+            size, time = reuse_str.split ','
+            @reuse_cache_size = size.to_i
+            @reuse_timeout = time.to_i
+          when /\A,\d+\z/
+            @reuse = true
+            @reuse_timeout = reuse_str.delete(',').to_i
+          end
+        end
+      end
+
+      # disables TLSv1
+      # @!attribute [w] no_tlsv1=
+      def no_tlsv1=(tlsv1)
+        raise ArgumentError, "Invalid value of no_tlsv1=" unless ['true', 'false', true, false].include?(tlsv1)
+        @no_tlsv1 = tlsv1
+      end
+
+      # disables TLSv1 and TLSv1.1.  Overrides `#no_tlsv1=`
+      # @!attribute [w] no_tlsv1_1=
+      def no_tlsv1_1=(tlsv1_1)
+        raise ArgumentError, "Invalid value of no_tlsv1_1=" unless ['true', 'false', true, false].include?(tlsv1_1)
+        @no_tlsv1_1 = tlsv1_1
+      end
+
+    VERIFY_NONE = 0
+    VERIFY_PEER = 1
+    VERIFY_FAIL_IF_NO_PEER_CERT = 2
+
+    # https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
+    # /* Certificate verify flags */
+    VERIFICATION_FLAGS = {
+      "USE_CHECK_TIME"       => 0x2,
+      "CRL_CHECK"            => 0x4,
+      "CRL_CHECK_ALL"        => 0x8,
+      "IGNORE_CRITICAL"      => 0x10,
+      "X509_STRICT"          => 0x20,
+      "ALLOW_PROXY_CERTS"    => 0x40,
+      "POLICY_CHECK"         => 0x80,
+      "EXPLICIT_POLICY"      => 0x100,
+      "INHIBIT_ANY"          => 0x200,
+      "INHIBIT_MAP"          => 0x400,
+      "NOTIFY_POLICY"        => 0x800,
+      "EXTENDED_CRL_SUPPORT" => 0x1000,
+      "USE_DELTAS"           => 0x2000,
+      "CHECK_SS_SIGNATURE"   => 0x4000,
+      "TRUSTED_FIRST"        => 0x8000,
+      "SUITEB_128_LOS_ONLY"  => 0x10000,
+      "SUITEB_192_LOS"       => 0x20000,
+      "SUITEB_128_LOS"       => 0x30000,
+      "PARTIAL_CHAIN"        => 0x80000,
+      "NO_ALT_CHAINS"        => 0x100000,
+      "NO_CHECK_TIME"        => 0x200000
+    }.freeze
+
+    class Server
+      def initialize(socket, ctx)
+        @socket = socket
+        @ctx = ctx
+        @eng_ctx = IS_JRUBY ? @ctx : SSLContext.new(ctx)
+      end
+
+      def accept
+        @ctx.check
+        io = @socket.accept
+        engine = Engine.server @eng_ctx
+        Socket.new io, engine
+      end
+
+      def accept_nonblock
+        @ctx.check
+        io = @socket.accept_nonblock
+        engine = Engine.server @eng_ctx
+        Socket.new io, engine
+      end
+
+      # @!attribute [r] to_io
+      def to_io
+        @socket
+      end
+
+      # @!attribute [r] addr
+      # @version 5.0.0
+      def addr
+        @socket.addr
+      end
+
+      def close
+        @socket.close unless @socket.closed?       # closed? call is for Windows
+      end
+
+      def closed?
+        @socket.closed?
+      end
+    end
+  end
+end

data/lib/uringmachine/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class UringMachine
-  VERSION = '0.4'
+  VERSION = '0.5.1'
 end

data/lib/uringmachine.rb

@@ -1,17 +1,41 @@
 # frozen_string_literal: true
 
 require_relative './um_ext'
+require_relative 'uringmachine/dns_resolver'
 
 UM = UringMachine
 
 class UringMachine
+  @@fiber_map = {}
+
+  def fiber_map
+    @@fiber_map
+  end
+
   def spin(value = nil, &block)
-    Fiber.new do |resume_value| 
+    f = Fiber.new do |resume_value|
       block.(resume_value)
     rescue Exception => e
-      raise RuntimeError, "Unhandled fiber exception: #{e.inspect}"
+      STDERR.puts "Unhandled fiber exception: #{e.inspect}"
+      STDERR.puts e.backtrace.join("\n")
+      exit
     ensure
+      @@fiber_map.delete(f)
+      # yield control
       self.yield
-    end.tap { |f| schedule(f, value) }
+      p :bad_bad_bad
+    end
+    schedule(f, value)
+    @@fiber_map[f] = true
+    f
+  end
+
+  def resolve(hostname, type = :A)
+    @resolver ||= DNSResolver.new(self)
+    @resolver.resolve(hostname, type)
+  end
+
+  def ssl_accept(fd, ssl_ctx)
+    SSL::Connection.new(self, fd, ssl_ctx)
   end
 end

data/supressions/ruby.supp

@@ -0,0 +1,71 @@
+{
+  On platforms where memcpy is safe for overlapped memory, the compiler will sometimes replace memmove with memcpy. Valgrind may report a false positive.
+  Memcheck:Overlap
+  fun:__memcpy_chk
+  fun:memmove
+  ...
+}
+{
+  Requiring a file will add it to the loaded features, which may be reported as a leak.
+  Memcheck:Leak
+  ...
+  fun:require_internal
+  ...
+}
+{
+  recursive_list_access creates a hash called `list` that is stored on the threadptr_recursive_hash. This is reported as a memory leak.
+  Memcheck:Leak
+  ...
+  fun:rb_ident_hash_new
+  fun:recursive_list_access
+  fun:exec_recursive
+  ...
+}
+{
+  "Invalid read of size 8" when marking the stack of fibers
+  Memcheck:Addr8
+  fun:each_location*
+  ...
+}
+{
+  Rust probes for statx(buf), will be fixed in Valgrind >= 3.1.6.0
+  Memcheck:Param
+  statx(buf)
+  ...
+  fun:*try_statx*
+  ...
+}
+{
+  Rust probes for statx(file_name), will be fixed in Valgrind >= 3.1.6.0
+  Memcheck:Param
+  statx(file_name)
+  ...
+  fun:*try_statx*
+  ...
+}
+{
+  strscan_do_scan in strscan.c will sometimes replace the ptr of the regex, which can be reported as a memory leak if the regex is stored in an iseq. https://github.com/ruby/ruby/pull/8136
+  Memcheck:Leak
+  ...
+  fun:rb_reg_prepare_re
+  fun:strscan_do_scan
+  ...
+}
+{
+  The callcache table (RCLASS_CC_TBL) is lazily created, so it is allocated when the first method that gets cached. If this happens in a native extension, it may be reported as a memory leak.
+  Memcheck:Leak
+  ...
+  fun:rb_id_table_create
+  ...
+  fun:rb_callable_method_entry
+  ...
+}
+{
+  The date library lazily initializes Regexps using static local variables through the function `regcomp`. The Regexp will end up being reported as a memory leak.
+  Memcheck:Leak
+  ...
+  fun:rb_enc_reg_new
+  ...
+  fun:date__parse
+  ...
+}

data/test/helper.rb

@@ -51,6 +51,12 @@ module Minitest::Assertions
 end
 
 class UMBaseTest < Minitest::Test
+  # pull in UM constants
+  UM.constants.each do |c|
+    v = UM.const_get(c)
+    const_set(c, v) if v.is_a?(Integer)
+  end
+
   attr_accessor :machine
   
   def setup

data/test/test_async_op.rb

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+require_relative 'helper'
+require 'socket'
+
+class AsyncOpTest < UMBaseTest
+  def setup
+    super
+    @t0 = monotonic_clock
+    @op = machine.prep_timeout(0.05)
+  end
+
+  def test_async_op_await
+    assert_equal 1, machine.pending_count
+    res = @op.await
+    t1 = monotonic_clock
+    assert_in_range 0.04..0.08, t1 - @t0
+    assert_equal 0, machine.pending_count
+    assert_equal (-ETIME), res
+    assert_equal true, @op.done?
+    assert_equal false, @op.cancelled?
+  end
+
+  def test_async_op_join
+    assert_equal 1, machine.pending_count
+    res = @op.join
+    t1 = monotonic_clock
+    assert_in_range 0.04..0.08, t1 - @t0
+    assert_equal 0, machine.pending_count
+    assert_equal (-ETIME), res
+    assert_equal true, @op.done?
+    assert_equal false, @op.cancelled?
+  end
+
+  def test_async_op_cancel
+    machine.sleep(0.01)
+    assert_equal 1, machine.pending_count
+    @op.cancel
+    assert_equal false, @op.done?
+    
+    machine.sleep(0.01)
+  
+    assert_equal 0, machine.pending_count
+    assert_equal true, @op.done?
+    assert_equal (-ECANCELED), @op.result
+    assert_equal true, @op.cancelled?
+  end
+
+  def test_async_op_await_with_cancel
+    machine.spin do
+      @op.cancel
+    end
+
+    res = @op.await
+  
+    assert_equal 0, machine.pending_count
+    assert_equal true, @op.done?
+    assert_equal (-ECANCELED), res
+    assert_equal true, @op.cancelled?
+  end
+
+  class TOError < RuntimeError; end
+
+  def test_async_op_await_with_timeout
+    e = nil
+  
+    begin
+      machine.timeout(0.01, TOError) do
+        @op.await
+      end
+    rescue => e
+    end
+
+    assert_equal 0, machine.pending_count
+    assert_kind_of TOError, e
+    assert_equal true, @op.done?
+    assert_equal (-ECANCELED), @op.result
+    assert_equal true, @op.cancelled?
+  end
+
+  def test_async_op_await_with_timeout2
+    e = nil
+  
+    begin
+      machine.timeout(0.1, TOError) do
+        @op.await
+      end
+    rescue => e
+    end
+
+    # machine.timeout is cancelled async, so CQE is not yet reaped
+    assert_equal 1, machine.pending_count
+    assert_nil e
+    assert_equal true, @op.done?
+    assert_equal (-ETIME), @op.result
+    assert_equal false, @op.cancelled?
+
+    # wait for timeout cancellation
+    machine.sleep(0.01)
+    assert_equal 0, machine.pending_count
+  end
+end
+
+class PrepTimeoutTest < UMBaseTest
+  def test_prep_timeout
+    op = machine.prep_timeout(0.03)
+    assert_kind_of UM::AsyncOp, op
+    assert_equal :timeout, op.kind
+
+    assert_equal false, op.done?
+    assert_nil op.result
+
+    machine.sleep(0.05)
+
+    assert_equal true, op.done?
+    assert_equal (-ETIME), op.result
+    assert_equal false, op.cancelled?
+  end
+end