talloc & threads in rlm_eap

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jun 20 10:02:05 CEST 2014


On 19 Jun 2014, at 17:39, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:

> I'm wondering if we're breaking the talloc() threading restrictions in rlm_eap / main/tls.c somewhere?
> 
> Specifically, I think tls_new_session can be called from multiple threads at the same time, and that calls talloc with a context of "conf" i.e. the module config, which is not per-thread. The talloc docs say each thread must use a separate context (or, presumably, lock).
> 
> I wonder if this is what's triggering the corruption?
> 
> Ditto cbtls_new_session (though OpenSSL locking might protect that) and I think a few other places.

OpenSSL really shouldn't be putting the call to the callback inside the critical section
in case it blocks or does something else bad. So we probably have to assume callbacks are
not serialised, and we have to protect them.

We also need to protect frees as well as allocs, which doesn't always seem to be done now.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140620/71fdc932/attachment.pgp>


More information about the Freeradius-Devel mailing list