Dlopening MKL on Windows gives "Access is denied" error

[giordano]

Just using MKL_jll on Windows should reproduce the error. This is from tests in FFTW.jl:

ERROR: LoadError: LoadError: InitError: could not load library "C:\Users\runneradmin\.julia\artifacts\6de083f4770c1a6b49d179e2aa0f30c4bffde4a4\bin\mkl_core.dll"
Access is denied. 
Stacktrace:
  [1] dlopen(s::String, flags::UInt32; throw_error::Bool)
    @ Base.Libc.Libdl .\libdl.jl:114
  [2] dlopen
    @ .\libdl.jl:114 [inlined]
  [3] __init__()
    @ MKL_jll ~\.julia\packages\MKL_jll\ZCoyO\src\wrappers\x86_64-w64-mingw32.jl:56
  [4] _include_from_serialized(path::String, depmods::Vector{Any})
    @ Base .\loading.jl:670
  [5] _require_search_from_serialized(pkg::Base.PkgId, sourcepath::String)
    @ Base .\loading.jl:756
  [6] _require(pkg::Base.PkgId)
    @ Base .\loading.jl:994
  [7] require(uuidkey::Base.PkgId)
    @ Base .\loading.jl:910
  [8] require(into::Module, mod::Symbol)
    @ Base .\loading.jl:897
  [9] include(mod::Module, _path::String)
    @ Base .\Base.jl:386
 [10] include(x::String)
    @ FFTW D:\a\FFTW.jl\FFTW.jl\src\FFTW.jl:1
 [11] top-level scope
    @ D:\a\FFTW.jl\FFTW.jl\src\FFTW.jl:20
 [12] include
    @ .\Base.jl:386 [inlined]
 [13] include_package_for_output(pkg::Base.PkgId, input::String, depot_path::Vector{String}, dl_load_path::Vector{String}, load_path::Vector{String}, concrete_deps::Vector{Pair{Base.PkgId, UInt64}}, source::String)
    @ Base .\loading.jl:1209
 [14] top-level scope
    @ none:1
 [15] eval
    @ .\boot.jl:369 [inlined]
 [16] eval(x::Expr)
    @ Base.MainInclude .\client.jl:453
 [17] top-level scope
    @ none:1
during initialization of module MKL_jll
in expression starting at D:\a\FFTW.jl\FFTW.jl\deps\deps.jl:1
in expression starting at D:\a\FFTW.jl\FFTW.jl\src\FFTW.jl:1
ERROR: LoadError: Failed to precompile FFTW [7a1cc6ca-52ef-59f5-83cd-3a7055c09341] to C:\Users\runneradmin\.julia\compiled\v1.7\FFTW\jl_6DF4.tmp.
Stacktrace:
 [1] error(s::String)
   @ Base .\error.jl:33
 [2] compilecache(pkg::Base.PkgId, path::String, internal_stderr::IOContext{Base.PipeEndpoint}, internal_stdout::IOContext{Base.PipeEndpoint})
   @ Base .\loading.jl:1356
 [3] compilecache(pkg::Base.PkgId, path::String)
   @ Base .\loading.jl:1302
 [4] _require(pkg::Base.PkgId)
   @ Base .\loading.jl:1017
 [5] require(uuidkey::Base.PkgId)
   @ Base .\loading.jl:910
 [6] require(into::Module, mod::Symbol)
   @ Base .\loading.jl:897
 [7] include(fname::String)
   @ Base.MainInclude .\client.jl:451
 [8] top-level scope
   @ none:6
in expression starting at D:\a\FFTW.jl\FFTW.jl\test\runtests.jl:2

This is a regression from v1.5.

[musm]

Might be the same underlying issue as #38411

[musm]

Does it happen on 1.5.2?

[giordano]

This is a regression from v1.5.

[giordano]

I suspect this is not an issue in Julia but in the JLL package (not 100% sure though): JuliaPackaging/BinaryBuilder.jl#982 might fix it in BinaryBuilder.jl, and rebuilding the JLL after that PR is merged should fix the issue for MKL

[maleadt]

Also running into this with CUDA.jl on Windows 10 using Julia 1.6:

julia> using CUDA
[ Info: Precompiling CUDA [052768ef-5323-5732-b1bb-66c8b64840ba]

  Downloaded artifact: CUDA112
┌ Error: Error during initialization of CUDA.jl
│   exception =
│    could not load library "C:\Users\Tim\.julia\artifacts\1aecead5cc57a9388d3b46929549edb0ef99912f\bin\cublas64_11.dll"
│    Access is denied.
│    Stacktrace:
│      [1] dlopen(s::String, flags::UInt32; throw_error::Bool)
│        @ Base.Libc.Libdl .\libdl.jl:114
│      [2] dlopen
│        @ .\libdl.jl:114 [inlined]
│      [3] use_artifact_cuda()
│        @ CUDA ~\.julia\dev\CUDA\deps\bindeps.jl:193

shell> ls -la "C:\Users\Tim\.julia\artifacts\1aecead5cc57a9388d3b46929549edb0ef99912f\bin\cublas64_11.dll"
-rwxr-xr-x 1 Tim 197121 107368448 Jan  6 16:05 'C:\Users\Tim\.julia\artifacts\1aecead5cc57a9388d3b46929549edb0ef99912f\bin\cublas64_11.dll'

CUDA.jl doesn't use a JLL for its artifacts, and is using LazyArtifacts already, so that PR doesn't seem like it would help.

EDIT: this happens on 1.5 too!? Did anything change with how BinaryBuilder postprocesses libraries, maybe?

[maleadt]

On a suggestion by @KristofferC, reinstalling on 1.5 fixes the issue there. So this is still 1.6 only; adding it back to the milestone.

               _
   _       _ _(_)_     |  Documentation: https://docs.julialang.org
  (_)     | (_) (_)    |
   _ _   _| |_  __ _   |  Type "?" for help, "]?" for Pkg help.
  | | | | | | |/ _` |  |
  | | |_| | | | (_| |  |  Version 1.5.2 (2020-09-23)
 _/ |\__'_|_|_|\__'_|  |  Official https://julialang.org/ release
|__/                   |

julia> using Pkg

julia> using Pkg.Artifacts

julia> artifact"MKL"
"C:\\Users\\Tim\\.julia\\artifacts\\16b430c39e14696365ac62dbd091da0e54556817"

julia> using Libdl

julia> Libdl.dlopen("C:\\Users\\Tim\\.julia\\artifacts\\16b430c39e14696365ac62dbd091da0e54556817\\bin\\mkl_core.1.dll")
Ptr{Nothing} @0x00007ff9bf9a0000

julia> stat("C:\\Users\\Tim\\.julia\\artifacts\\16b430c39e14696365ac62dbd091da0e54556817\\bin\\mkl_core.1.dll")
StatStruct(mode=0o100666, size=128026480)

               _
   _       _ _(_)_     |  Documentation: https://docs.julialang.org
  (_)     | (_) (_)    |
   _ _   _| |_  __ _   |  Type "?" for help, "]?" for Pkg help.
  | | | | | | |/ _` |  |
  | | |_| | | | (_| |  |  Version 1.6.0-DEV.1815 (2021-01-05)
 _/ |\__'_|_|_|\__'_|  |  release-1.6/2ed26a04de (fork: 93 commits, 28 days)
|__/                   |

julia> using LazyArtifacts

julia> artifact"MKL"
  Downloaded artifact: MKL
"C:\\Users\\Tim\\.julia\\artifacts\\16b430c39e14696365ac62dbd091da0e54556817"

julia> using Libdl

julia> Libdl.dlopen("C:\\Users\\Tim\\.julia\\artifacts\\16b430c39e14696365ac62dbd091da0e54556817\\bin\\mkl_core.1.dll")
ERROR: could not load library "C:\Users\Tim\.julia\artifacts\16b430c39e14696365ac62dbd091da0e54556817\bin\mkl_core.1.dll"
Access is denied.
Stacktrace:
 [1] dlopen(s::String, flags::UInt32; throw_error::Bool)
   @ Base.Libc.Libdl .\libdl.jl:114
 [2] dlopen
   @ .\libdl.jl:114 [inlined]
 [3] top-level scope
   @ REPL[4]:1

julia> stat("C:\\Users\\Tim\\.julia\\artifacts\\16b430c39e14696365ac62dbd091da0e54556817\\bin\\mkl_core.1.dll")
StatStruct(mode=0o100666, size=128026480)

Although the stat looks identical, the advanced permissions aren't:

1.5:

1.6:

[giordano]

reinstalling on 1.5 fixes the issue there

So the difference is maybe how the artifact is unpacked?

[maleadt]

Unsurprisingly bisected to a Pkg.jl/Tar.jl bump, #38678, which includes this change: JuliaIO/Tar.jl@1b63f2a. Reverting this hunk allows me to dlopen these artifacts again. I couldn't find specific ACL requirements in the Windows API docs, but it looks like LoadLibraryEx needs the execute bit. Quite a roundabout way to get to this conclusion, but I'm pretty unfamiliar with Windows.

Anyway, this looks like something BinaryBuilder should fix (both MKL_jll and CUDA_jll's libraries are chmodded 644 instead of 755), but of course breaks loading artifacts that used to load fine. Tentatively adding the "regression" label because of that.

cc @StefanKarpinski @staticfloat

[staticfloat]

Hmmm, yeah, I think the proper fix here is to just have BB generate the artifacts with the proper permissions; this seems like things are finally working as intended. It is unfortunate that MKL and CUDA both have incorrectly-chmod'ded files, perhaps we need to add an audit pass to BB to auto-chmod stuff in bin and lib?

[giordano]

We don't run autofix on MKL for Windows at the moment: https://github.com/JuliaPackaging/Yggdrasil/blob/e17db19b1fba946c256e875639c23db2446f282f/M/MKL/build_tarballs.jl#L55-L57. I'm looking forward to finding what bugs we discover with that.

[maleadt]

Fixing the CUDA artifacts, JuliaPackaging/Yggdrasil@aabb21c, has resolved this. I think we can close this then (but MKL_jll still needs fixing).

[islent]

Also running into this with CUDA.jl on Windows 10 using Julia 1.6:

julia> using CUDA
[ Info: Precompiling CUDA [052768ef-5323-5732-b1bb-66c8b64840ba]

  Downloaded artifact: CUDA112
┌ Error: Error during initialization of CUDA.jl
│   exception =
│    could not load library "C:\Users\Tim\.julia\artifacts\1aecead5cc57a9388d3b46929549edb0ef99912f\bin\cublas64_11.dll"
│    Access is denied.
│    Stacktrace:
│      [1] dlopen(s::String, flags::UInt32; throw_error::Bool)
│        @ Base.Libc.Libdl .\libdl.jl:114
│      [2] dlopen
│        @ .\libdl.jl:114 [inlined]
│      [3] use_artifact_cuda()
│        @ CUDA ~\.julia\dev\CUDA\deps\bindeps.jl:193

shell> ls -la "C:\Users\Tim\.julia\artifacts\1aecead5cc57a9388d3b46929549edb0ef99912f\bin\cublas64_11.dll"
-rwxr-xr-x 1 Tim 197121 107368448 Jan  6 16:05 'C:\Users\Tim\.julia\artifacts\1aecead5cc57a9388d3b46929549edb0ef99912f\bin\cublas64_11.dll'

CUDA.jl doesn't use a JLL for its artifacts, and is using LazyArtifacts already, so that PR doesn't seem like it would help.

EDIT: this happens on 1.5 too!? Did anything change with how BinaryBuilder postprocesses libraries, maybe?

Got same error when using CUDA in Julia 1.7 (and 1.6.0-DEV). However, CUDA works well in Julia 1.5.2.

[maleadt]

There hasn't been a release of CUDA.jl with the new artifacts yet. Use the master branch (or include JuliaGPU/CUDA.jl@749d7e0) if you need to use Julia 1.6.

[PetrKryslUCSD]

A file in an artifact that should be executable isn't: sglyon/PlotlyBase.jl#40, with Julia 1.6.

[giordano]

As I explained on discourse, the issue is that the creator of the tarball put a file with the wrong file permissions. It isn't a Julia issue.

[PetrKryslUCSD]

I see, somehow I gathered that the tarball was unpacked incorrectly. So, you're saying that the file was put into the ball without the proper permissions? Got it.

[BioTurboNick]

@giordano - I think this diagnosis is incorrect. I can reproduce the problem shown by @maleadt without any artifacts at all. It appears to be introduced by create_artifact()'s use of chmod().

We encountered this here: JuliaGraphics/Gtk.jl#605

The issue can be reproduced simply:

dir = "mydir\\"

mkdir(dir)
# Check Properties > Security; note SYSTEM, <current user>, Administrators, all have Full Control

chmod(dir, filemode(dir))
# Check Properties > Security; note Everyone added, both Everyone and <current user> have only Read, Write, Special permissions

[BioTurboNick]

Hmm...

Base.Filesystem.filemode_string(stat(dir))

produces "drw-rw-rw-" even though the current user and the user's group both should have execute permissions and Everyone should have no permissions set.

There seems to be some issues mapping Windows ACL to Linux mode values.

filemode(dir) seems to always indicate the mode is 666, even if you just used chmod to set it to 777.

And then here's what chmod does; how it treats the current user/owner and Everyone seems odd:

chmod(dir, 0x770) denies the current user ability to create or delete files, but otherwise has read/write/execute permissions; Everyone is not present.

chmod(dir, 0x771) denies the current user ability to create or delete files, but otherwise has read/write/execute permissions; adds Everyone with only traverse / execute permissions.

chmod(dir, 0x772) denies the current user ability to create or delete files, but otherwise has read/write/execute permissions; adds Everyone with ability to create or delete files, but not traverse / execute.

chmod(dir, 0x773) denies the current user ability to create or delete files or to traverse / execute, but otherwise has read/write permissions; adds Everyone with ability to create or delete files and traverse / execute.

chmod(dir, 0x774) denies the current user ability to create or delete files, but otherwise has read/write/execute permissions; adds Everyone with ability to read.

chmod(dir, 0x775) denies the current user ability to create or delete files or to traverse / execute, but otherwise has read/write permissions; adds Everyone with ability to read and traverse / execute.

chmod(dir, 0x776) denies the current user ability to create or delete files, but otherwise has read/write/execute permissions; adds Everyone with ability to read and write.

chmod(dir, 0x777) denies the current user ability to create or delete files or to traverse / execute, but otherwise has read/write permissions; adds Everyone with ability to read, write, and execute.

[BioTurboNick]

I guess this is an unsolved problem in libuv? libuv/libuv#2838