From 13935fca7e014c75ba31f50a7176f7030d30dba3 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 1 Jul 2024 20:05:39 +0200 Subject: [PATCH] ci: Add valgrind runs for all crypto backends The libgcrypt has a lot of reachable code so allowing it to fail Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- .gitlab-ci.yml | 24 ++++++++++++++++++----- tests/valgrind.supp | 46 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2c86f859..867f0205 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -226,11 +226,7 @@ fedora/openssl_3.0.x/x86_64/minimal: -DWITH_GEX=OFF .. && make -j$(nproc) -# The PKCS#11 support is turned off as it brings dozens of memory issues from -# engine_pkcs11 or openssl itself -fedora/valgrind: - variables: - CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=OFF +.valgrind: extends: .fedora stage: analysis script: @@ -239,6 +235,24 @@ fedora/valgrind: make test_memcheck - cat Testing/Temporary/MemoryChecker.*.log | wc -l | grep "^0$" +# The PKCS#11 support is turned off as it brings dozens of memory issues from +# engine_pkcs11 or openssl itself +fedora/valgrind/openssl: + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=OFF + extends: .valgrind + +fedora/valgrind/mbedtls: + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_MBEDTLS=ON + extends: .valgrind + +fedora/valgrind/libgcrypt: + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_GCRYPT=ON + extends: .valgrind + allow_failure: true + # Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite # so, this is only enabled for unit tests right now. # TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON diff --git a/tests/valgrind.supp b/tests/valgrind.supp index 2baa2ef9..90255ad4 100644 --- a/tests/valgrind.supp +++ b/tests/valgrind.supp @@ -151,3 +151,49 @@ fun:torture_run_tests fun:main } + +## libgcrypt +{ + Reachable allocations from libgcrypt + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + ... + fun:gcry_check_version + fun:ssh_crypto_init + fun:_ssh_init + fun:libssh_constructor + fun:call_init + fun:__libc_start_main@@GLIBC_2.34 + fun:(below main) +} +{ + randomize in libgcrypt keeps some memory around + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + ... + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize.lto_priv.0 + fun:_gcry_rngcsprng_randomize + fun:ssh_get_random + ... +} +{ + EC key operation allocs some reachable memory + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + ... + fun:_gcry_xmalloc + fun:_gcry_mpi_alloc + fun:_gcry_mpi_scan + fun:ec_p_init.lto_priv.0 + ... + fun:_gcry_mpi_ec_internal_new + fun:ecc_sign.lto_priv.0 + fun:_gcry_pk_sign + fun:gcry_pk_sign + ... +}