question about nginx start & stop

Maxim Dounin mdounin at mdounin.ru
Tue Apr 19 14:01:01 UTC 2022 

Hello!

On Tue, Apr 19, 2022 at 12:13:45PM +0800, Zhangfei Gao wrote:

> Hi, Maxim
> 
> Thanks for the reply.
> 
> On Sun, Apr 17, 2022 at 10:14 AM Maxim Dounin <mdounin at mdounin.ru> wrote:
> >
> > Hello!
> >
> > On Fri, Apr 15, 2022 at 03:58:52PM +0800, Zhangfei Gao wrote:
> >
> > > Hi,
> > >
> > > I have questions about nginx start and stop
> > > I am using
> > > // start
> > > sudo sbin/nginx
> > > //stop
> > > sudo sbin/nginx -s quit
> > >
> > > 1. openssl engine is init (ngx_ssl_init) twice, but openssl engine
> > > destroy function is not called.
> > > So start nginx and nginx -s quit, engine init twice but not called
> > > engine destroy.
> > > If we start and stop nginx many times, resource leakage will happen.
> >
> > OPENSSL_init_ssl manpage says:
> >
> >        As of version 1.1.0 OpenSSL will automatically allocate all resources
> >        that it needs so no explicit initialisation is required.  Similarly it
> >        will also automatically deinitialise as required.
> >
> > If there is a resource leak, this is a bug in the OpenSSL engine
> > you are testing with.  It's probably up to the OpenSSL development
> > docs how to fix this properly.
> 
> The openssl engine is registered with
> IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
> bind_fn()
> {
>      ENGINE_set_destroy_function(e, destroy)
>      ENGINE_set_finish_function(e, finish)
> }
> 
> What I found is.
> /sbin/nginx
> -> bind_fn
> /sbin/nginx -s quit
> -> bind_fn
> So bind_fn is called twice, but destroy and finish are not called at all.
> 
> src/core/nginx.c
> main
> ngx_ssl_init(log)  -> call engine: bind_fn
> if (ngx_signal)
>     return ngx_signal_process(cycle, ngx_signal);
>     -> gx_os_signal_process(cycle, sig, pid)    // send signal to kill
> worker process
> 
> For openssl engine, what should I do to match the nginx stop.
> 
> By the way, bind_fn and destroy are matched if testing with openssl
> application itself, no leakage.
> 
> Any suggestions?

The bind function is called when loading a dynamic engine and 
is not expected to be matched by neither destroy nor finish.

The finish function is called when releasing a functional 
reference obtained with init (ENGINE_init() + ENGINE_finish()).  
The destroy function is called when releasing a structural 
reference (ENGINE_new() + ENGINE_free()).

You shouldn't allocate resources in the bind function, but rather 
only set appropriate init function to do so when needed.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx-devel mailing list