MT#58875 tls fixes from upstream 5.7 branch

Change-Id: Iedac6977dfaf2587602778d3a1f8518450061f8b (cherry picked from commit 5cce2f8c3c) (cherry picked from commit bf6ae8f3e5)
1 year ago · 3cc96c9730
parent 301495738c
commit 3cc96c9730
4 changed files with 260 additions and 0 deletions
--- a/debian/patches/series
+++ b/debian/patches/series
@ -35,6 +35,9 @@ sipwise/sca-add-pai_avp-parameter.patch
 upstream/tls-Add-and-apply-tls_openssl_clear_errors-function.patch
 upstream/tls-include-file-to-fix-warning-about-tls_openssl_cl.patch
 upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch
+upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch
+upstream/tls-init-early-the-local-lock-for-memory.patch
+upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch
 ## upstream master
 upstream/pv_headers-compare-result-of-pvh_set_xavi-with-NULL-.patch
 sipwise/presence-active_watcher-cleanup-timer.patch
--- a/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch
+++ b/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch
@ -0,0 +1,30 @@
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Fri, 8 Dec 2023 22:10:36 +0100
+Subject: core: parse privacy recompute lenght of rest to parse
+
+(cherry picked from commit 804ee651b45498727196886c97cb55d20b254c4a)
+---
+ src/core/parser/parse_privacy.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/parser/parse_privacy.c b/src/core/parser/parse_privacy.c
+index cfc009a..4b683cb 100644
+--- a/src/core/parser/parse_privacy.c
+++ b/src/core/parser/parse_privacy.c
+@@ -177,14 +177,13 @@ int parse_privacy(struct sip_msg *msg)
+ 
+     values = 0;
+     p = next.s;
+-    len = next.len;
+-    beyond = p + len;
+    beyond = next.s + next.len;
+ 
+     while (p < beyond) {
+			len = beyond - p;
+ 	if((val_len = parse_priv_value(p, len, &value)) != 0) {
+ 	    values |= value;
+ 	    p = p + val_len;
+-	    len = len - val_len;
+ 	} else {
+ 	    LM_ERR("invalid privacy value\n");
+ 	    return -1;
--- a/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch
+++ b/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch
@ -0,0 +1,49 @@
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Fri, 8 Dec 2023 12:34:56 +0100
+Subject: tls: init early the local lock for memory
+
+- needed to done before mod param init_mode is set
+- runtime uses the modparam to do lock/unlock
+- #3668
+
+(cherry picked from commit 1a9b0b63617afebcee2aecb3b2240d7684ecabc2)
+---
+ src/modules/tls/tls_init.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
+index e7ffa90..9466bdf 100644
+--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
+@@ -79,7 +79,7 @@ int ksr_tls_lock_init(void)
+ {
+ 	pthread_mutexattr_t attr;
+ 
+-	if(!(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)) {
+	if(ksr_tls_lock_shm != NULL) {
+ 		return 0;
+ 	}
+ 	ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t));
+@@ -718,6 +718,11 @@ int tls_pre_init(void)
+ 	LM_INFO("libssl linked mode: static\n");
+ #endif
+ 
+	if(ksr_tls_lock_init() < 0) {
+		LM_ERR("failed to init local lock\n");
+		return -1;
+	}
+
+ 	/*
+ 	 * this has to be called before any function calling CRYPTO_malloc,
+ 	 * CRYPTO_malloc will set allow_customize in openssl to 0
+@@ -765,6 +770,10 @@ int tls_h_mod_pre_init_f(void)
+ 		LM_DBG("already mod pre-initialized\n");
+ 		return 0;
+ 	}
+	if(ksr_tls_lock_init() < 0) {
+		LM_ERR("failed to init local lock\n");
+		return -1;
+	}
+ 	LM_DBG("preparing tls env for modules initialization\n");
+ #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
--- a/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch
+++ b/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch
@ -0,0 +1,178 @@
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Thu, 7 Dec 2023 13:00:50 +0100
+Subject: tls: rework init mode 1 to set PTHREAD_PROCESS_SHARED
+
+- pthread mutex set in shm
+- GH #3635
+
+(cherry picked from commit 4b068f49b618dca5fa85a1687bd9054c1d98ae6a)
+---
+ src/modules/tls/tls_init.c | 46 +++++++++++++++++++++++++++++++++++-----------
+ src/modules/tls/tls_mod.c  |  8 ++++----
+ 2 files changed, 39 insertions(+), 15 deletions(-)
+
+diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
+index ae06e85..e7ffa90 100644
+--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
+@@ -70,20 +70,31 @@ static int tls_mod_preinitialized = 0;
+ static int tls_mod_initialized = 0;
+ 
+ extern int ksr_tls_init_mode;
+-pthread_mutex_t ksr_tls_lock_shm;
+static pthread_mutex_t *ksr_tls_lock_shm = NULL;
+ 
+ /**
+  *
+  */
+ int ksr_tls_lock_init(void)
+ {
+	pthread_mutexattr_t attr;
+
+ 	if(!(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)) {
+ 		return 0;
+ 	}
+-    if (pthread_mutex_init(&ksr_tls_lock_shm, NULL) != 0) {
+	ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t));
+	if(ksr_tls_lock_shm == NULL) {
+		LM_ERR("mutex allocation failed\n");
+		return -1;
+	}
+	pthread_mutexattr_init(&attr);
+	pthread_mutexattr_setpshared(&attr, PTHREAD_PROCESS_SHARED);
+	if(pthread_mutex_init(ksr_tls_lock_shm, &attr) != 0) {
+		pthread_mutexattr_destroy(&attr);
+         LM_ERR("mutex init failed\n");
+         return -1;
+     }
+	pthread_mutexattr_destroy(&attr);
+ 	return 0;
+ }
+ 
+@@ -95,7 +106,8 @@ void ksr_tls_lock_destroy(void)
+ 	if(!(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)) {
+ 		return;
+ 	}
+-    pthread_mutex_destroy(&ksr_tls_lock_shm);
+	pthread_mutex_destroy(ksr_tls_lock_shm);
+	shm_free(ksr_tls_lock_shm);
+ 	return;
+ }
+ 
+@@ -245,7 +257,7 @@ static void* ser_malloc(size_t size, const char* file, int line)
+ #endif
+ 
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 
+ #ifdef RAND_NULL_MALLOC
+ 	/* start random null returns only after
+@@ -288,7 +300,7 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
+ #endif
+ 
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 
+ #ifdef RAND_NULL_MALLOC
+ 	/* start random null returns only after
+@@ -321,6 +333,18 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
+ 
+ 	return p;
+ }
+
+static void ser_free(void *ptr, const char *fname, int fline)
+{
+	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
+		pthread_mutex_lock(ksr_tls_lock_shm);
+	if(ptr) {
+		shm_free(ptr);
+	}
+	if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM)
+		pthread_mutex_unlock(ksr_tls_lock_shm);
+}
+
+ #endif /* LIBRESSL_VERSION_NUMBER */
+ 
+ #else /*TLS_MALLOC_DBG */
+@@ -333,7 +357,7 @@ static void* ser_malloc(size_t size)
+ 	void *p;
+ 
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 	p = shm_malloc(size);
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+ 		pthread_mutex_unlock(&ksr_tls_lock_shm);
+@@ -345,7 +369,7 @@ static void* ser_realloc(void *ptr, size_t size)
+ {
+ 	void *p;
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 	p = shm_realloc(ptr, size);
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+ 		pthread_mutex_unlock(&ksr_tls_lock_shm);
+@@ -356,7 +380,7 @@ static void* ser_malloc(size_t size, const char *fname, int fline)
+ {
+ 	void *p;
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 	p = shm_malloc(size);
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+ 		pthread_mutex_unlock(&ksr_tls_lock_shm);
+@@ -368,7 +392,7 @@ static void* ser_realloc(void *ptr, size_t size, const char *fname, int fline)
+ {
+ 	void *p;
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 	p = shm_realloc(ptr, size);
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+ 		pthread_mutex_unlock(&ksr_tls_lock_shm);
+@@ -389,7 +413,7 @@ static void ser_free(void *ptr)
+ 	 * here in the wrapper function.
+ 	 */
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 	if (ptr) {
+ 		shm_free(ptr);
+ 	}
+@@ -400,7 +424,7 @@ static void ser_free(void *ptr)
+ static void ser_free(void *ptr, const char *fname, int fline)
+ {
+ 	if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)
+-		pthread_mutex_lock(&ksr_tls_lock_shm);
+		pthread_mutex_lock(ksr_tls_lock_shm);
+ 	if (ptr) {
+ 		shm_free(ptr);
+ 	}
+diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
+index e57a98c..a3f4e9a 100644
+--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
+@@ -401,10 +401,6 @@ static int mod_init(void)
+ 	if (tls_check_sockets(*tls_domains_cfg) < 0)
+ 		goto error;
+ 
+-	if (ksr_tls_lock_init() < 0) {
+-		goto error;
+-	}
+-
+ 	LM_INFO("use OpenSSL version: %08x\n", (uint32_t)(OPENSSL_VERSION_NUMBER));
+ #ifndef OPENSSL_NO_ECDH
+ 	LM_INFO("With ECDH-Support!\n");
+@@ -670,6 +666,10 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
+ 	if(!shm_initialized() && init_shm()<0)
+ 		return -1;
+ 
+	if(ksr_tls_lock_init() < 0) {
+		return -1;
+	}
+
+ 	if(tls_pre_init()<0)
+ 		return -1;
+