Module: kamailio
Branch: 5.7
Commit: c5a22a4bfc9310f41facf8dfe8aa9c610f432817
URL: https://github.com/kamailio/kamailio/commit/c5a22a4bfc9310f41facf8dfe8aa9c6…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2023-05-17T11:29:20+02:00
Makefile.defs: set LIBSSL_SET_MUTEX_SHARED by default to 1
- one can set LIBSSL_SET_MUTEX_SHARED=0 in make command line to switch
to detection mode if it is need to set it or not based on libssl
version
- GH #3458, GH #3384
(cherry picked from commit 5e0fb402a7755ea22c41c0b8fcefbdf9694442b8)
---
Modified: src/Makefile.defs
---
Diff: https://github.com/kamailio/kamailio/commit/c5a22a4bfc9310f41facf8dfe8aa9c6…
Patch: https://github.com/kamailio/kamailio/commit/c5a22a4bfc9310f41facf8dfe8aa9c6…
---
diff --git a/src/Makefile.defs b/src/Makefile.defs
index bd15e29269d..78a2dcc87ec 100644
--- a/src/Makefile.defs
+++ b/src/Makefile.defs
@@ -181,7 +181,7 @@ LD_EXTRA_OPTS ?=
# enable workaround for libssl 1.1+ to set shared mutex attribute
-LIBSSL_SET_MUTEX_SHARED ?=
+LIBSSL_SET_MUTEX_SHARED ?= 1
ifneq ($(LIBSSL_SET_MUTEX_SHARED), 1)
ifeq ($(CROSS_COMPILE),)
### Description
On systems running libssl 1.1+, the compile flag `TLS_PTHREAD_MUTEX_SHARED` is set to avoid an issue with deadlocks. However, if the system does not have `pkg-config` installed, the build completes successfully without setting this compile flag. As such, users with this particular configuration are at risk of TLS-related deadlocks.
### Troubleshooting
This scenario arose for me when I experienced suspected TLS-related deadlocks in Kamailio 5.4.1. Particularly, in a simple configuration, multiple UDP workers were using t_relay to near-simultaneously connect to the same TLS host. After some time, the UDP workers stopped responding while executing this simple route block. I cannot definitively conclude this issue was the same deadlock bug. The compile flag `TLS_PTHREAD_MUTEX_SHARED` was not set and `pkg-config` was not installed.
I found [this mailing list thread](https://lists.kamailio.org/pipermail/sr-users/2019-December/107759.… discussing TLS deadlocks and the build process and the user was running Kamailio 5.3.1, libssl 1.1 but did not have `TLS_PTHREAD_MUTEX_SHARED` set. This issue may explain how this user ended up in that situation.
#### Reproduction
Tested against Kamailio 5.4.1 and latest master.
On a system with libssl 1.1+, build (including the `tls` module) with `pkg-config` installed and run `kamailio -I`. `TLS_PTHREAD_MUTEX_SHARED` flag is set.
```
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
```
Uninstall `pkg-config` and rebuild. `TLS_PTHREAD_MUTEX_SHARED` flag is not set.
```
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES
```
When `pkg-config` is not installed, the build also outputs the following log lines, however the build does not fail.
```
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
```
### Possible Solutions
Some thoughts about options:
1. It looks like effort has been applied in other areas to support the absence of `pkg-config`, so potentially support libssl 1.1+ detection without `pkg-config`.
2. Require `pkg-config` on build and fail without it.
3. Enable `TLS_PTHREAD_MUTEX_SHARED` by default as I assume most people are running libssl 1.1+ these days, and disable it if libssl < 1.1 detected.
Personally I have installed `pkg-config` and rebuilt, however I think for the safety of others building from source that the compile flag should be correctly set or the build should fail.
### Operating System
```
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Linux debian-kamailio 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3384
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3384(a)github.com>
The current build of kamailio (master) does not set `TLS_PTHREAD_MUTEX_SHARED` when building with `--with-openssl11` on systems with multiple versions of OpenSSL installed resulting in deadlocks in the TLS module.
All module Makefiles look for the `SSL_BUILDER` environment variable to provide a `pkg-config` command to find the `libssl` to link against. The variable is set to `pkg-config libssl11` by the RPM build when specifying `--with-openssl11`. Unfortunately, in `src/Makefile.defs`, there is an alternative way to look for a similar `pkg-config` command. However, this one always uses the `pkg-config libssl`, which - on systems with multiple versions of OpenSSL - usually points to OpenSSL 1.0.x. In turn the build thinks it will link against OpenSSL 1.0.x and will not set `KSR_PTHREAD_MUTEX_SHARED`.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3458
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3458(a)github.com>