bump up v8: fix GLIBC err.

[yokofly]

only happen in linux amd64. and we just make this feature disable as a workaround, the upstream already upgraded(but we have not).

Found only in SSL crypto operations and V8's memory protection
Core issue: V8's dynamic loading via dlsym for pkey functions requires GLIBC 2.27

Options:

• Disable V8 pkey support (immediate fix)
• Upgrade v8-cmake (future consideration)

Impact assessment: Low risk

• pkey support is optional in upstream V8
• disabling only affects memory protection optimization

see v8/v8@1872607#diff-b6929ffe2ee2f4fbaccb9b2407e4d21f76fca8f17f5388affa4e1ff8690d83c1L20

analyze:

1. we find which symbol asks for GLIBC_2.27

root@f8681cd090f0:/work/sub# objdump -T ../proton-server | grep GLIBC_2 | grep 27
0000000000000000  w   DF *UND*  0000000000000000  GLIBC_2.27  pkey_alloc
0000000000000000  w   DF *UND*  0000000000000000  GLIBC_2.27  pkey_free

2. continue dig into which component asks for pkey

root@f8681cd090f0:/work/sub# nm ../proton-server | grep pkey
0000000013ada300 T EVP_PKEY_CTX_get0_pkey
0000000013b817a0 T PKCS8_pkey_get0
0000000013b81720 T PKCS8_pkey_set0
00000000156d31b0 b _ZN2v84base12_GLOBAL__N_110pkey_allocE
00000000156d31c0 b _ZN2v84base12_GLOBAL__N_113pkey_mprotectE
00000000156d31c8 b _ZN2v84base12_GLOBAL__N_18pkey_getE
00000000156d31d0 b _ZN2v84base12_GLOBAL__N_18pkey_setE
00000000156d31b8 b _ZN2v84base12_GLOBAL__N_19pkey_freeE
0000000013886880 T _ZN4bssl20ssl_parse_cert_chainEPhPNSt3__110unique_ptrI22stack_st_CRYPTO_BUFFERNS_8internal7DeleterIS3_EEEEPNS2_I11evp_pkey_stNS5_IS9_EEEES0_P6cbs_stP21crypto_buffer_pool_st
0000000013895c40 T _ZN4bssl21ssl_public_key_verifyEP6ssl_stNS_4SpanIKhEEtP11evp_pkey_stS4_
0000000013886f20 T _ZN4bssl26ssl_cert_check_private_keyEPKNS_4CERTEPK11evp_pkey_st
0000000013887620 T _ZN4bssl26ssl_check_leaf_certificateEPNS_13SSL_HANDSHAKEEP11evp_pkey_stPK16crypto_buffer_st
00000000138858c0 T _ZN4bssl28ssl_cipher_auth_mask_for_keyEPK11evp_pkey_st
0000000013886e60 T _ZN4bssl34ssl_compare_public_and_private_keyEPK11evp_pkey_stS2_
000000001387a0e0 T _ZN4bssl35tls1_get_legacy_signature_algorithmEPtPK11evp_pkey_st
00000000138963c0 t _ZN4bsslL12ssl_set_pkeyEPNS_4CERTEP11evp_pkey_st
0000000013887bc0 t _ZN4bsslL22cert_set_chain_and_keyEPNS_4CERTEPKP16crypto_buffer_stmP11evp_pkey_stPK25ssl_private_key_method_st
0000000013896020 t _ZN4bsslL23pkey_supports_algorithmEPK6ssl_stP11evp_pkey_stt
0000000013886700 t _ZN4bsslL27check_leaf_cert_and_privkeyEP16crypto_buffer_stP11evp_pkey_st
0000000013895940 t _ZN4bsslL9setup_ctxEP6ssl_stP13env_md_ctx_stP11evp_pkey_sttb
0000000013b7efe0 t do_pk8pkey
00000000153e9670 D ec_pkey_meth
00000000153e9778 D ed25519_pkey_meth
0000000013ada080 t evp_pkey_ctx_new
                 w pkey_alloc
0000000013b83b40 t pkey_cb
0000000013adb4c0 t pkey_ec_cleanup
0000000013adb460 t pkey_ec_copy
0000000013adb7e0 t pkey_ec_ctrl
0000000013adb6a0 t pkey_ec_derive
0000000013adb420 t pkey_ec_init
0000000013adb4e0 t pkey_ec_keygen
0000000013adb760 t pkey_ec_paramgen
0000000013adb5a0 t pkey_ec_sign
0000000013adb660 t pkey_ec_verify
0000000013adc960 t pkey_ed25519_copy
0000000013adc980 t pkey_ed25519_keygen
0000000013adca20 t pkey_ed25519_sign_message
0000000013adcac0 t pkey_ed25519_verify_message
                 w pkey_free
0000000013add380 t pkey_rsa_cleanup
0000000013add2a0 t pkey_rsa_copy
0000000013addb40 t pkey_rsa_ctrl
0000000013add9e0 t pkey_rsa_decrypt
0000000013add8a0 t pkey_rsa_encrypt
0000000013add240 t pkey_rsa_init
0000000013add3c0 t pkey_rsa_keygen
0000000013add460 t pkey_rsa_sign
0000000013add580 t pkey_rsa_verify
0000000013add6c0 t pkey_rsa_verify_recover
0000000005e18de0 r pkey_rsa_verify_recover.kDummyHash
0000000013ade5e0 t pkey_x25519_copy
0000000013ade7c0 t pkey_x25519_ctrl
0000000013ade6a0 t pkey_x25519_derive
0000000013ade600 t pkey_x25519_keygen
00000000153e9880 D rsa_pkey_meth
00000000153e9988 D x25519_pkey_meth


root@f8681cd090f0:/work/sub# (gdb) info functions pkey
All functions matching regular expression "pkey":

Non-debugging symbols:
0x000000001387a0e0  bssl::tls1_get_legacy_signature_algorithm(unsigned short*, evp_pkey_st const*)
0x00000000138858c0  bssl::ssl_cipher_auth_mask_for_key(evp_pkey_st const*)
0x0000000013886700  bssl::check_leaf_cert_and_privkey(crypto_buffer_st*, evp_pkey_st*)
0x0000000013886880  bssl::ssl_parse_cert_chain(unsigned char*, std::__1::unique_ptr<stack_st_CRYPTO_BUFFER, bssl::internal::Deleter<stack_st_CRYPTO_BUFFER> >*, std::__1::unique_ptr<evp_pkey_st, bssl::internal::Deleter<evp_pkey_st> >*, unsigned char*, cbs_st*, crypto_buffer_pool_st*)
0x0000000013886e60  bssl::ssl_compare_public_and_private_key(evp_pkey_st const*, evp_pkey_st const*)
0x0000000013886f20  bssl::ssl_cert_check_private_key(bssl::CERT const*, evp_pkey_st const*)
0x0000000013887620  bssl::ssl_check_leaf_certificate(bssl::SSL_HANDSHAKE*, evp_pkey_st*, crypto_buffer_st const*)
0x0000000013887bc0  bssl::cert_set_chain_and_key(bssl::CERT*, crypto_buffer_st* const*, unsigned long, evp_pkey_st*, ssl_private_key_method_st const*)
0x0000000013895940  bssl::setup_ctx(ssl_st*, env_md_ctx_st*, evp_pkey_st*, unsigned short, bool)
0x0000000013895c40  bssl::ssl_public_key_verify(ssl_st*, bssl::Span<unsigned char const>, unsigned short, evp_pkey_st*, bssl::Span<unsigned char const>)
0x0000000013896020  bssl::pkey_supports_algorithm(ssl_st const*, evp_pkey_st*, unsigned short)
0x00000000138963c0  bssl::ssl_set_pkey(bssl::CERT*, evp_pkey_st*)
0x0000000013ada080  evp_pkey_ctx_new
0x0000000013ada300  EVP_PKEY_CTX_get0_pkey
0x0000000013adb420  pkey_ec_init
0x0000000013adb460  pkey_ec_copy
0x0000000013adb4c0  pkey_ec_cleanup
0x0000000013adb4e0  pkey_ec_keygen
0x0000000013adb5a0  pkey_ec_sign
0x0000000013adb660  pkey_ec_verify
0x0000000013adb6a0  pkey_ec_derive
0x0000000013adb760  pkey_ec_paramgen
0x0000000013adb7e0  pkey_ec_ctrl
0x0000000013adc960  pkey_ed25519_copy
0x0000000013adc980  pkey_ed25519_keygen
0x0000000013adca20  pkey_ed25519_sign_message
0x0000000013adcac0  pkey_ed25519_verify_message
0x0000000013add240  pkey_rsa_init
0x0000000013add2a0  pkey_rsa_copy
0x0000000013add380  pkey_rsa_cleanup
0x0000000013add3c0  pkey_rsa_keygen
0x0000000013add460  pkey_rsa_sign
0x0000000013add580  pkey_rsa_verify
0x0000000013add6c0  pkey_rsa_verify_recover
0x0000000013add8a0  pkey_rsa_encrypt
0x0000000013add9e0  pkey_rsa_decrypt
0x0000000013addb40  pkey_rsa_ctrl
0x0000000013ade5e0  pkey_x25519_copy
0x0000000013ade600  pkey_x25519_keygen
0x0000000013ade6a0  pkey_x25519_derive
0x0000000013ade7c0  pkey_x25519_ctrl
0x0000000013b7efe0  do_pk8pkey
0x0000000013b81720  PKCS8_pkey_set0
0x0000000013b817a0  PKCS8_pkey_get0
0x0000000013b83b40  pkey_cb
0x0000000014f28c50  pkey_alloc@plt
0x0000000014f28c60  pkey_free@plt
(gdb)

[yokofly]

edit: add screenshot

test on ubuntu 1604 GLIBC 2.23 docker internal

[chenziliang]

We can’t disable V8 universally.

[yokofly]

sry I overlooked it, even with the upstream commit, the build machine already tells the linker symbol(build machine and running machine diff). So it does not work under lower one.

Updating to the latest versions of V8 and V8-CMake doesn’t resolve this problem as well.

I will continue with the current solution, as the change appears to be harmless.

[yokofly]

CI fail seems unrelated.
first time: ut passed, smoke fail, stateless fail, stateful passed
second time: ut failed, smoke passed, stateless passed, stateful passed.