Welcome! Log In Create A New Profile

Advanced

Re: question about nginx start & stop

Previous Message Next Message
Forum List Message List New Topic Print View
Zhangfei Gao
April 20, 2022 11:58PM
On Tue, Apr 19, 2022 at 10:01 PM Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> Hello!
>
> On Tue, Apr 19, 2022 at 12:13:45PM +0800, Zhangfei Gao wrote:
>
> > Hi, Maxim
> >
> > Thanks for the reply.
> >
> > On Sun, Apr 17, 2022 at 10:14 AM Maxim Dounin <mdounin@mdounin.ru> wrote:
> > >
> > > Hello!
> > >
> > > On Fri, Apr 15, 2022 at 03:58:52PM +0800, Zhangfei Gao wrote:
> > >
> > > > Hi,
> > > >
> > > > I have questions about nginx start and stop
> > > > I am using
> > > > // start
> > > > sudo sbin/nginx
> > > > //stop
> > > > sudo sbin/nginx -s quit
> > > >
> > > > 1. openssl engine is init (ngx_ssl_init) twice, but openssl engine
> > > > destroy function is not called.
> > > > So start nginx and nginx -s quit, engine init twice but not called
> > > > engine destroy.
> > > > If we start and stop nginx many times, resource leakage will happen.
> > >
> > > OPENSSL_init_ssl manpage says:
> > >
> > > As of version 1.1.0 OpenSSL will automatically allocate all resources
> > > that it needs so no explicit initialisation is required. Similarly it
> > > will also automatically deinitialise as required.
> > >
> > > If there is a resource leak, this is a bug in the OpenSSL engine
> > > you are testing with. It's probably up to the OpenSSL development
> > > docs how to fix this properly.
> >
> > The openssl engine is registered with
> > IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
> > bind_fn()
> > {
> > ENGINE_set_destroy_function(e, destroy)
> > ENGINE_set_finish_function(e, finish)
> > }
> >
> > What I found is.
> > /sbin/nginx
> > -> bind_fn
> > /sbin/nginx -s quit
> > -> bind_fn
> > So bind_fn is called twice, but destroy and finish are not called at all.
> >
> > src/core/nginx.c
> > main
> > ngx_ssl_init(log) -> call engine: bind_fn
> > if (ngx_signal)
> > return ngx_signal_process(cycle, ngx_signal);
> > -> gx_os_signal_process(cycle, sig, pid) // send signal to kill
> > worker process
> >
> > For openssl engine, what should I do to match the nginx stop.
> >
> > By the way, bind_fn and destroy are matched if testing with openssl
> > application itself, no leakage.
> >
> > Any suggestions?
>
> The bind function is called when loading a dynamic engine and
> is not expected to be matched by neither destroy nor finish.
>
> The finish function is called when releasing a functional
> reference obtained with init (ENGINE_init() + ENGINE_finish()).
> The destroy function is called when releasing a structural
> reference (ENGINE_new() + ENGINE_free()).
>
> You shouldn't allocate resources in the bind function, but rather
> only set appropriate init function to do so when needed.

Thanks Maxim

You are right, it is our openssl-engine issue.
I found that if we registered rsa: ENGINE_set_RSA in bind_fn, destroy
will not be called when nginx -s quit.
Still in check.

We alloc some hardware resources in bind_fn for better performance.
Since the init function will be called every time.

Thanks
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Reply Quote
RSS
Subject Author Views Posted

question about nginx start & stop

Zhangfei Gao 526 April 15, 2022 04:02AM

Re: question about nginx start & stop

Maxim Dounin 98 April 16, 2022 10:16PM

Re: question about nginx start & stop

Zhangfei Gao 89 April 19, 2022 12:16AM

Re: question about nginx start & stop

Maxim Dounin 89 April 19, 2022 10:04AM

Re: question about nginx start & stop

Zhangfei Gao 136 April 20, 2022 11:58PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 163
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready