[libvirt] [PATCH] daemon: Move TLS initialization to virInitialize
Daniel P. Berrange
berrange at redhat.com
Wed Aug 24 15:09:12 UTC 2011
On Wed, Aug 24, 2011 at 09:05:48AM -0600, Eric Blake wrote:
> On 08/24/2011 08:58 AM, Daniel P. Berrange wrote:
> >>Either we need a virDeinitialize which does the virNetTLSDeinit, and
> >>libvirtd calls virDeinitialize; or you can just drop all calls to
> >>virNetTLSDeinit.
> >
> >deinitialize is really a waste of time, or even wrong. Some
> >other libraries libvirt links to might also use TLS, so we
> >can't ever be sure it is safe to deinitialize. Even in the
> >daemon i think it is pretty pointless.
>
> If init and deinit are reference counted, then deinit makes sense -
> reduce the reference count when our library is done using it without
> unloading it from any other library, and if our library was the last
> client, then reclaim the resources. But if this is the case, then
> the client that is using us as a library has to have symmetric
> access points - if virInitialize added a reference count to tls,
> then virDeinitialize needs to reduce it.
>
> But I don't know if tls deinit is reference counted - if it is not
> counted in a thread-safe manner, then I agree that the only safe
> course of action is to never deinit tls. And even if tls deinit is
> safe, it is a waste of time to deinit in libvirtd, when we know we
> are about to exit(), except in the case where we are trying to
> silence valgrind.
It is reference counted, but they don't protect it with any
mutex, so you can't rely on that being safe :-(
The API docs recommend that users of gnutls_global_init acquire
a mutex before calling it, but that advice is useless if the
callers are spread across different shared libraries linked
into one application :-(
So, IMHO, gnutls_global_deinit() can never be safely used.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list