[libvirt] [PATCH] daemon: Move TLS initialization to virInitialize

Daniel P. Berrange berrange at redhat.com
Wed Aug 24 15:09:12 UTC 2011 

On Wed, Aug 24, 2011 at 09:05:48AM -0600, Eric Blake wrote:
> On 08/24/2011 08:58 AM, Daniel P. Berrange wrote:
> >>Either we need a virDeinitialize which does the virNetTLSDeinit, and
> >>libvirtd calls virDeinitialize; or you can just drop all calls to
> >>virNetTLSDeinit.
> >
> >deinitialize is really a waste of time, or even wrong. Some
> >other libraries libvirt links to might also use TLS, so we
> >can't ever be sure it is safe to deinitialize. Even in the
> >daemon i think it is pretty pointless.
> 
> If init and deinit are reference counted, then deinit makes sense -
> reduce the reference count when our library is done using it without
> unloading it from any other library, and if our library was the last
> client, then reclaim the resources.  But if this is the case, then
> the client that is using us as a library has to have symmetric
> access points - if virInitialize added a reference count to tls,
> then virDeinitialize needs to reduce it.
> 
> But I don't know if tls deinit is reference counted - if it is not
> counted in a thread-safe manner, then I agree that the only safe
> course of action is to never deinit tls.  And even if tls deinit is
> safe, it is a waste of time to deinit in libvirtd, when we know we
> are about to exit(), except in the case where we are trying to
> silence valgrind.

It is reference counted, but they don't protect it with any
mutex, so you can't rely on that being safe :-(

The API docs recommend that users of gnutls_global_init acquire
a mutex before calling it, but that advice is useless if the
callers are spread across different shared libraries linked
into one application :-(

So, IMHO,  gnutls_global_deinit() can never be safely used.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list