Re: [PATCH] fix race condition in libpq (related to ssl connections) - Mailing list pgsql-hackers

From Aleksander Alekseev
Subject Re: [PATCH] fix race condition in libpq (related to ssl connections)
Date
Msg-id CAJ7c6TN5KxKhCkHc=MJV=K3v9q98Pmfs=ZQ6pwTKMzRnikJfCQ@mail.gmail.com
Whole thread Raw
In response to [PATCH] fix race condition in libpq (related to ssl connections)  (Willi Mann <w.mann@celonis.de>)
Responses Re: [PATCH] fix race condition in libpq (related to ssl connections)
Re: [PATCH] fix race condition in libpq (related to ssl connections)
List pgsql-hackers
Hi,

> I've found a race condition in libpq. It is about the initialization of
> the my_bio_methods static variable in fe-secure-openssl.c, which is not
> protected by any lock. The race condition may make the initialization of
> the connection fail, and as an additional weird consequence, it might
> cause openssl call close(0), so stdin of the client application gets
> closed.

Thanks for the patch. Interestingly enough we have PQisthreadsafe()
[1], but it's current implementation is:

```
/* libpq is thread-safe? */
int
PQisthreadsafe(void)
{
    return true;
}
```

I wonder if we should just document that libpq is thread safe as of PG
v??? and deprecate PQisthreadsafe() at some point. Currently the
documentation gives an impression that the library may or may not be
thread safe depending on the circumstances.

> I've prepared a patch to protect the initialization of my_bio_methods
> from the race. This is my first patch submission to the postgresql
> project, so I hope I didn't miss anything. Any comments and suggestions
> are of course very welcome.
>
> I also prepared a testcase. In the testcase tarball, there is a patch
> that adds sleeps at the right positions to make the close(0) problem
> occur practically always. It also includes comments to explain how the
> race can end up calling close(0).
>
> Concerning the patch, it is only tested on Linux. I'm unsure about
> whether the simple initialization of the mutex would work nowadays also
> on Windows or whether the more complicated initialization also to be
> found for the ssl_config_mutex in the same source file needs to be used.
> Let me know whether I should adapt that.

Please add the patch to the nearest open commit fest [2]. The patch
will be automatically picked up by cfbot [3] and tested on different
platforms. Also this way it will not be lost among other patches.

The code looks OK but I would appreciate a second opinion from cfbot.
Also maybe a few comments before my_BIO_methods_init_mutex and/or
pthread_mutex_lock would be appropriate. Personally I am inclined to
think that the automatic test in this particular case is redundant.

[1]: https://www.postgresql.org/docs/current/libpq-threading.html
[2]: https://commitfest.postgresql.org/
[3]: http://cfbot.cputube.org/

-- 
Best regards,
Aleksander Alekseev



pgsql-hackers by date:

Previous
From: Aleksander Alekseev
Date:
Subject: Re: How to accurately determine when a relation should use local buffers?
Next
From: shveta malik
Date:
Subject: Re: Synchronizing slots from primary to standby