Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Free thread-local OpenSSL state on thread exit #122

Merged
merged 1 commit into from
Jan 11, 2024

Conversation

corhere
Copy link
Contributor

@corhere corhere commented Sep 28, 2023

OpenSSL 1.0.x automatically allocates a per-thread error queue as needed, but requires that the application call ERR_remove_thread_state() when terminating a thread to prevent the memory from leaking. As the Go runtime may create and terminate threads arbitrarily, the amount of memory leaked has the potential to grow unbounded.

Clean up the OpenSSL error queue for a thread upon thread exit. Use the native threading APIs to arrange a callback on thread exit as the Go runtime does not provide any similar facilities itself.

No explicit thread-exit handling is needed for OpenSSL 1.1.0 and above as it automatically deallocates thread-local resources without application assistance. See the OPENSSL_thread_stop(3) man page for more information.

@corhere corhere force-pushed the err-remove-thread-state branch from 6b21efd to 42b8376 Compare September 28, 2023 23:20
OpenSSL 1.0.x automatically allocates a per-thread error queue as
needed, but requires that the application call ERR_remove_thread_state()
when terminating a thread to prevent the memory from leaking. As the Go
runtime may create and terminate threads arbitrarily, the amount of
memory leaked has the potential to grow unbounded.

Clean up the OpenSSL error queue for a thread upon thread exit. Use the
native threading APIs to arrange a callback on thread exit as the Go
runtime does not provide any similar facilities itself.

No explicit thread-exit handling is needed for OpenSSL 1.1.0 and above
as it automatically deallocates thread-local resources without
application assistance. See the OPENSSL_thread_stop(3) man page for more
information.

Signed-off-by: Cory Snider <csnider@mirantis.com>
@corhere corhere force-pushed the err-remove-thread-state branch from 42b8376 to 7e2df1a Compare September 28, 2023 23:37
@derekparker
Copy link
Contributor

cc @ueno

Copy link
Collaborator

@ueno ueno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the patch. It looks good to me.

Copy link
Contributor

@derekparker derekparker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@qmuntal qmuntal merged commit 7eb5b52 into golang-fips:v2 Jan 11, 2024
@corhere corhere deleted the err-remove-thread-state branch January 19, 2024 18:53
@qmuntal qmuntal mentioned this pull request Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants