Request exclusive access when crashing via fatal()

When loading the configuration fails, there might be already other tasks
running and calling OpenSSL library functions.  The OpenSSL on_exit
handler is called when exiting the main process and there's a timing
race between the on_exit function that destroys OpenSSL allocated
resources (threads, locks, ...) and other tasks accessing the very same
resources leading to a crash in the system threading library. Therefore,
the fatal() function needs to request exlusive access to the task
manager to finish the already running tasks and exit only when no other
tasks are running.

diff --git a/bin/named/server.c b/bin/named/server.c
index 55663d515b0640aeaf8b297f9d3a96b4e47f3dbe..487acdcf08fb0b90741d652ff65ceab3af0c0077 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -201,8 +201,8 @@
 
 #define CHECKFATAL(op, msg) \
        do { result = (op);                                       \
-              if (result != ISC_R_SUCCESS)                       \
-                       fatal(msg, result);                       \
+               if (result != ISC_R_SUCCESS)                      \
+                       fatal(server, msg, result);               \
        } while (0)                                               \
 
 /*%
@@ -431,7 +431,8 @@ const char *empty_zones[] = {
 };
 
 ISC_PLATFORM_NORETURN_PRE static void
-fatal(const char *msg, isc_result_t result) ISC_PLATFORM_NORETURN_POST;
+fatal(named_server_t *server,const char *msg, isc_result_t result)
+ISC_PLATFORM_NORETURN_POST;
 
 static void
 named_server_reload(isc_task_t *task, isc_event_t *event);
@@ -9805,7 +9806,7 @@ named_server_create(isc_mem_t *mctx, named_server_t **serverp) {
        named_server_t *server = isc_mem_get(mctx, sizeof(*server));
 
        if (server == NULL)
-               fatal("allocating server object", ISC_R_NOMEMORY);
+               fatal(server, "allocating server object", ISC_R_NOMEMORY);
 
        server->mctx = mctx;
        server->task = NULL;
@@ -10016,7 +10017,15 @@ named_server_destroy(named_server_t **serverp) {
 }
 
 static void
-fatal(const char *msg, isc_result_t result) {
+fatal(named_server_t *server, const char *msg, isc_result_t result) {
+       if (server != NULL) {
+               /*
+                * Prevent races between the OpenSSL on_exit registered
+                * function and any other OpenSSL calls from other tasks
+                * by requesting exclusive access to the task manager.
+                */
+               (void)isc_task_beginexclusive(server->task);
+       }
        isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
                      NAMED_LOGMODULE_SERVER, ISC_LOG_CRITICAL,
                      "%s: %s", msg, isc_result_totext(result));