-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
data race in Curl_ossl_seed #7296
Comments
We can not unconditionally use pthreads, its not a dependency we always use/have. Is this race really harmful? Does it actually matter? I believe the seeding isn't necessary for OpenSSL >= 1.1.1. If that's true, maybe we should just #ifdef the code accordingly... |
Yes, that was a quick hack, I saw that there is an internal alias for mutexes. Problem occurred with boringssl (version is a few years old, don't have the version at hand at the moment). |
Which problem was that exactly? |
The problem is described above. There is a race condition since the variable |
Yes, but the result of the race is just that it gets seeded twice, isn't it? |
Ok, how about always seeding it? If I understand you correctly, the condition is not happening frequently anyway? |
We should make it so, but probably only once per handle.
The race or the seeding? The seeding will be done once per process (that uses libcurl) as it works right now. |
Avoid the race condition risk by instead storing the "seeded" flag in the multi handle. Modern OpenSSL versions handle the seeding itself so doing the seeding once per multi-handle instead of once per process is less of an issue. Reported-by: Gerrit Renker Fixes #7296
Thanks for looking into this. |
Avoid the race condition risk by instead storing the "seeded" flag in the multi handle. Modern OpenSSL versions handle the seeding itself so doing the seeding once per multi-handle instead of once per process is less of an issue. Reported-by: Gerrit Renker Fixes #7296
Thread sanitizer found a data race in seeding openssl state.
I did this
Ran AWS SDK with
curl
as its client, using the thead sanitizer.curl/libcurl version
7.67.0
operating system
5.4.0-1049-aws #51~18.04.1-Ubuntu SMP Fri May 14 18:38:46 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Problem description
The thread sanitizer produced the following trace:
This points to the following code:
Either of the following fixes the problem (the first needs to be cleaned up, since it only works on Linux):
Without static variable:
The text was updated successfully, but these errors were encountered: