Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 5390: Non-POD SquidConfig::ssl_client::sslContext exit crash #1952

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Bug 5390: Non-POD SquidConfig::ssl_client::sslContext exit crash #1952

wants to merge 4 commits into from
+10 −6

Conversation

eduard-bagdasaryan
Copy link
Contributor

Squid may crash when the SquidConfig global is auto-destructed after
main() ends. Since SquidConfig global is used by cleanup code, we should
keep its fields alive, essentially emulating "No New Globals" policy
effects. This surgical fix will be followed up with more changes to
address general OpenSSL cleanup problems exposed by this bug.

This bug fix facilitates backporting by using FuturePeerContext shim.

@eduard-bagdasaryan
Bug 5390: Non-POD SquidConfig::ssl_client::sslContext exit crash
e6f30ce 
Squid may crash when SquidConfig global destruction is initiated by
exit() handlers. The problem is that when its non-POD
ssl_client::sslContext field is destructed and and SSL_CTX_free()
cleanup starts, some of the required SSL environment may be already
unavailable. Now we avoid these problems by allocating
ssl_client::sslContext dynamically and ensuring that its destructor
never starts.
@eduard-bagdasaryan
Refactored initialization and simplified
03fa6e2
@eduard-bagdasaryan
Keep delete/assignment paired
6d4463f
@eduard-bagdasaryan
Marked Config.ssl_client.sslContext as obsolete/internal
dc66a68
@yadij
Copy link
Contributor

yadij commented Nov 22, 2024

It looks to me like there is something bigger going wrong. This smart-pointer still holding onto memory is just a symptom.

Ensuring that configFreeMemory() gets called during shutdown, somewhere after the Runners and before main() exits, would solve this along with quite a lot of other potential issues.

@eduard-bagdasaryan
Copy link
Contributor Author

Ensuring that configFreeMemory() gets called during shutdown

I did not research whether we should do this (probably in a separate PR?) but this PR is about maintaining the existing SquidConfig invariant: keeping its members POD. The violation if this invariant caused the bug.

@rousskov
Copy link
Contributor

Amos: It looks to me like there is something bigger going wrong.

Yes, there is. PR description explicitly talks about "general OpenSSL cleanup problems" that we will be addressing in followup PRs.

This smart-pointer still holding onto memory is just a symptom.

To be more precise, this smart pointer is not just a symptom: The pointer is a "SquidConfig should be a POD" rule violation (a problem this PR fixes), and it helped expose "general OpenSSL cleanup problems" (to be addressed in followup PRs).

Ensuring that configFreeMemory() gets called during shutdown, somewhere after the Runners and before main() exits, would solve this along with quite a lot of other potential issues.

I disagree that we should go back to that model: Long-term, configFreeMemory() should not exist at all. We are moving away from a flawed design where Squid code is supposed to work essentially without Config (or equivalent). INitial configuration and reconfiguration events may change Squid configuration, but that configuration should always be available/valid; freeing low-level pointers and resetting other low-level fields like current configFreeMemory() does causes more problems than it solves. We need to remove the last configFreeMemory() call, not restore another such call. More on that in 2022 commit 3a85184 message.

Eduard: this PR is about maintaining the existing SquidConfig invariant: keeping its members POD. The violation if this invariant caused the bug.

I agree that this minimal PR should be viewed that way, leaving other, more complex problems for other PRs to attack.

@rousskov rousskov added M-cleared-for-merge https://github.com/measurement-factory/anubis#pull-request-labels S-could-use-an-approval An approval may speed this PR merger (but is not required) labels Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rousskov rousskov rousskov approved these changes

Assignees
No one assigned
Labels
M-cleared-for-merge https://github.com/measurement-factory/anubis#pull-request-labels S-could-use-an-approval An approval may speed this PR merger (but is not required)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eduard-bagdasaryan @yadij @rousskov