question about nginx start & stop

Zhangfei Gao zhangfei.gao at gmail.com
Tue Apr 19 04:13:45 UTC 2022 

Hi, Maxim

Thanks for the reply.

On Sun, Apr 17, 2022 at 10:14 AM Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> Hello!
>
> On Fri, Apr 15, 2022 at 03:58:52PM +0800, Zhangfei Gao wrote:
>
> > Hi,
> >
> > I have questions about nginx start and stop
> > I am using
> > // start
> > sudo sbin/nginx
> > //stop
> > sudo sbin/nginx -s quit
> >
> > 1. openssl engine is init (ngx_ssl_init) twice, but openssl engine
> > destroy function is not called.
> > So start nginx and nginx -s quit, engine init twice but not called
> > engine destroy.
> > If we start and stop nginx many times, resource leakage will happen.
>
> OPENSSL_init_ssl manpage says:
>
>        As of version 1.1.0 OpenSSL will automatically allocate all resources
>        that it needs so no explicit initialisation is required.  Similarly it
>        will also automatically deinitialise as required.
>
> If there is a resource leak, this is a bug in the OpenSSL engine
> you are testing with.  It's probably up to the OpenSSL development
> docs how to fix this properly.

The openssl engine is registered with
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
bind_fn()
{
     ENGINE_set_destroy_function(e, destroy)
     ENGINE_set_finish_function(e, finish)
}

What I found is.
/sbin/nginx
-> bind_fn
/sbin/nginx -s quit
-> bind_fn
So bind_fn is called twice, but destroy and finish are not called at all.

src/core/nginx.c
main
ngx_ssl_init(log)  -> call engine: bind_fn
if (ngx_signal)
    return ngx_signal_process(cycle, ngx_signal);
    -> gx_os_signal_process(cycle, sig, pid)    // send signal to kill
worker process

For openssl engine, what should I do to match the nginx stop.

By the way, bind_fn and destroy are matched if testing with openssl
application itself, no leakage.

Any suggestions?

Thanks



>
> > 2. Currently the nginx master process do ngx_ssl_init then ngx_daemon
> > start daemon and master process exit.
> > Now linux kernel has a patch to release resources in mm_put at process exit.
> > As a result ngx_ssl_init in the master process can not be used in daemon.
> > So is this behavior (release resources in mm_put) not expected?
> >
> > src/core/nginx.c
> > main:
> > ngx_ssl_init
> >     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)
> >     init openssl_engine: bind_fn
> > ngx_daemon
> >     start daemon and main process exit
>
> Forked processes are expected to match the original process on
> Unix systems in terms of available resources, such as allocated
> memory and open files.  If in your setup OpenSSL library becomes
> unusable after fork(), expect multiple issues.
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list -- nginx-devel at nginx.org
> To unsubscribe send an email to nginx-devel-leave at nginx.org

More information about the nginx-devel mailing list