Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
On systems running libssl 1.1+, the compile flag TLS_PTHREAD_MUTEX_SHARED is set to avoid an issue with deadlocks. However, if the system does not have pkg-config installed, the build completes successfully without setting this compile flag. As such, users with this particular configuration are at risk of TLS-related deadlocks.
This scenario arose for me when I experienced suspected TLS-related deadlocks in Kamailio 5.4.1. Particularly, in a simple configuration, multiple UDP workers were using t_relay to near-simultaneously connect to the same TLS host. After some time, the UDP workers stopped responding while executing this simple route block. I cannot definitively conclude this issue was the same deadlock bug. The compile flag TLS_PTHREAD_MUTEX_SHARED was not set and pkg-config was not installed.
I found this mailing list thread discussing TLS deadlocks and the build process and the user was running Kamailio 5.3.1, libssl 1.1 but did not have TLS_PTHREAD_MUTEX_SHARED set. This issue may explain how this user ended up in that situation.
Tested against Kamailio 5.4.1 and latest master.
On a system with libssl 1.1+, build (including the tls module) with pkg-config installed and run kamailio -I. TLS_PTHREAD_MUTEX_SHARED flag is set.
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
Uninstall pkg-config and rebuild. TLS_PTHREAD_MUTEX_SHARED flag is not set.
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES
When pkg-config is not installed, the build also outputs the following log lines, however the build does not fail.
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
Some thoughts about options:
pkg-config, so potentially support libssl 1.1+ detection without pkg-config.pkg-config on build and fail without it.TLS_PTHREAD_MUTEX_SHARED by default as I assume most people are running libssl 1.1+ these days, and disable it if libssl < 1.1 detected.Personally I have installed pkg-config and rebuilt, however I think for the safety of others building from source that the compile flag should be correctly set or the build should fail.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Linux debian-kamailio 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.