> > 3) You cannot link to the pthreads library and still use fork, and
> David, you absolutely cannot link with pthreads and still use fork()
> It doesn't work except in a few very simplistic scenarios.
> -paul
What you are saying just doesn't make any sense. I agree that it is
difficult
> So you had a bug in your code. So what?
No bug - read this:
http://www.unix.org/version2/whatsnew/threadspaper.ps :
Registration of fork handlers (pthread_atfork( )). The fork handlers are
routines that are to
be executed in association with calls to the fork( ) function. There are
three c
Any argument which begins with "on Linux" or (generalized) "on
[platform]" is automatically suspect, regardless of whether there is
any currently-extant platform which violates the assumptions put
forward.
For an example of why this is a problem, remember the assumption on 32-
bit platform
> On FreeBSD/OpenBSD my program outright core dumped and I could not
> figure out why for days and days.
So you had a bug in your code. So what?
> Now I have two separate builds - one built
> with "-D_REENTRANT -DTHREADS ... -lpthread" and one without.
> Only with Linux do you have the freedom o
On Tue, Jan 29, 2008 at 10:22:16PM +0200, Paul Sheer wrote:
> >
> >
> > I find it hard to believe that there exists a platform where:
> >
>
> On FreeBSD/OpenBSD my program outright core dumped and I could not
> figure out why for days and days. Now I have two separate builds - one built
> with "-D
>
>
> I find it hard to believe that there exists a platform where:
>
On FreeBSD/OpenBSD my program outright core dumped and I could not
figure out why for days and days. Now I have two separate builds - one built
with "-D_REENTRANT -DTHREADS ... -lpthread" and one without.
Only with Linux do you
> Further, on some systems you can't link with libpthread
> if you intend to use fork(). I have two builds of my
> software, one that does fork()ing and one that does
> pthread_create()ing. So I am trying to avoid having to have two
> installations of OpenSSL on every build platform.
I find it h
Paul Sheer, 2008-01-29:
> "it's own data"?? - well this is exactly why I asked on this
> list :-) I wanted to get a better I idea about what "it's own
> data" actually means. I am growing toward a complete list
> of "it's own data" that does not appear to have any chance
> of races.
>
> The fact t
Leandro Santi, 2008-01-29:
> I won't argue with you about using the library in an
> undocumented manner; but I *do* think it'd be interesting
> to get some real quantitative data: we could use it as a
> basis to discuss possible future library modifications,
> more compatible with your requests.
O
> This behavior, by itself, does not necessary guarantee
> that your OpenSSL library code won't race against itself,
> won't corrupt its own data, or crash (hint: learn about
> the MySQL case, search the archives).
"it's own data"?? - well this is exactly why I asked on this
list :-) I wanted to
Paul Sheer, 2008-01-29:
> Let's say you have 1600 clients. Let's say that you have 40 threads, and
> each thread
> handles 40 connections. Now let's say that each thread initializes it's own
> SSL_CTX structure.
>
> The SSL_CTX structure contains most of the data required for SSL
> functionality.
>
Let's say you have 1600 clients. Let's say that you have 40 threads, and
each thread
handles 40 connections. Now let's say that each thread initializes it's own
SSL_CTX structure.
The SSL_CTX structure contains most of the data required for SSL
functionality.
Because each SSL_CTX structure has one
On Mon, Jan 28, 2008 at 02:22:09PM -0800, David Schwartz wrote:
>
> > errno is stored in Thread Local Storage (TLS). You can't link to the
> > global errno anymore.
>
> For a single-threaded process, there is no distinction between thread-local
> storage and a global variable. For a multi-thread
> errno is stored in Thread Local Storage (TLS). You can't link to the
> global errno anymore.
For a single-threaded process, there is no distinction between thread-local
storage and a global variable. For a multi-threaded process, there is.
The same code can have a different semantic meaning d
On Mon, Jan 21, 2008 at 05:34:43PM -0800, David Schwartz wrote:
> > - there is no difference between
> > multithreaded and non-multithreaded _compilation_ (surely not for errno
> > and malloc).
>
> Really? So 'errno' refers to a process global in both cases?! (Note that I
> said the "definition",
Tomas Mraz, 2008-01-24:
> So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
> that there won't be any static and/or global variables in the OpenSSL
> code called is 100% safe thing if the threads do not share any data
> manipulated within the OpenSSL library.
As mentioned in
Paul Sheer wrote:
Locking with no contention is not "pretty expensive", it's darn
near free.
Oh? If this is true it changes things somewhat.
But I must say that I believe that no-one has ever used OpenSSL with
10'000 concurrent SSL objects. So I'm not going to take the chance
that t
David Jacobson wrote:
> I'm only familiar with Solaris. In that system the real stuff
> in a mutex is a byte about 12 bytes into the lock structure.
> On SPARC the mutex_lock function accesses it with an LDSTUB
> instruction, which is a special atomic instruction that loads
> the old value into
On Thu, 2008-01-24 at 09:11 -0800, David Schwartz wrote:
> > > Really? So 'errno' refers to a process global in both cases?!
> > > (Note that I
> > > said the "definition", not the implementation.)
>
> > Maybe we didn't understand each other - I don't say, that glibc without
> > multithread suppo
I'm only familiar with Solaris. In that system the real stuff in a mutex is a
byte about 12 bytes into the lock structure. On SPARC the mutex_lock function
accesses it with an LDSTUB instruction, which is a special atomic instruction
that loads the old value into a register, and stores 0xff in
> > On systems with only one processor and nothing like hyperthreading.
>
> Did you miss the "with no contention" part?
No. I didn't realize you meant it as 'no possible contention.'
/r$
--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/
I'm replying to David's email off-list...
-paul
On Jan 24, 2008 8:44 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
> > But I must say that I believe that no-one has ever used OpenSSL
> > with 10'000 concurrent SSL objects.
>
> Umm, what?! We've last tested to almost 16,384. Our first test to 1
> > Locking with no contention is not "pretty expensive", it's darn near
> > free.
> On systems with only one processor and nothing like hyperthreading.
Did you miss the "with no contention" part? An uncontended lock costs about
the same on an SMP system as on an MP system. AFAIK, hyperthreading
> But I must say that I believe that no-one has ever used OpenSSL
> with 10'000 concurrent SSL objects.
Umm, what?! We've last tested to almost 16,384. Our first test to 10,000 was
many years ago, on servers with Pentium processors and 128MB of RAM. We've
tested on operating systems from Windows
> Locking with no contention is not "pretty expensive", it's darn near
free.
On systems with only one processor and nothing like hyperthreading.
/r$
--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/
__
>
> > So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
> > that there won't be any static and/or global variables in the OpenSSL
> > code called is 100% safe thing if the threads do not share any data
> > manipulated within the OpenSSL library.
>
> But that's not what he's d
> > Really? So 'errno' refers to a process global in both cases?!
> > (Note that I
> > said the "definition", not the implementation.)
> Maybe we didn't understand each other - I don't say, that glibc without
> multithread support and with it is the same. I say that linking single
> threaded libr
> So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
> that there won't be any static and/or global variables in the OpenSSL
> code called is 100% safe thing [>] if [<] the threads do not share
any data
> manipulated within the OpenSSL library.
Quite a big "if" there!
On Mon, 2008-01-21 at 17:34 -0800, David Schwartz wrote:
> > On Sun, 2008-01-20 at 11:59 -0800, David Schwartz wrote:
>
> > > Most definitely not. At a minimum, the definition of things
> > > like 'errno' and
> > > 'malloc' might be different between a multithreaded build and a
> > > non-multithr
> Removing all the problems you can find is simply not a reliable way to
> develop software. You have to design the software such that there aren't
> problems, then remove any that slipped through. You can't use testing as
the
> way to create the guarantee in the first place.
Heh :-)
I totally ag
> Guaranteed to work? Who's doing the indemnification?
The point of a guarantee is that it is much less likely to change on another
machine or if a library is upgraded and compatability is claimed. Of course,
things can still go wrong.
When bugs are fixed in a library or a new version claims co
>
> How are you sure of this ? Did you manually remove the object code from
> the library, or place an abort(); call at the points -DPURIFY is listed
> to you can be sure that execution never gets there.
>
Actually, I am trying to create an application that has one context per
thread,
where each
> IMO, writing security software by doing something that is specifically
not
> documented or guaranteed to work and then trying to fix every problem it
> creates (at least, that you can find) is completely insane.
Guaranteed to work? Who's doing the indemnification?
Security's all about trade-
>
> IMO, writing security software by doing something that is specifically not
> documented or guaranteed to work and then trying to fix every problem it
> creates (at least, that you can find) is completely insane.
>
Ok, I managed to "find" another problem: error setting/getting (eg.
ERR_clear_er
Paul Sheer wrote:
Well my hybrid threaded app now seems to be stable - even under extreme
loads.
2. Use my own RAND object (RAND_set_rand_method) so that
OpenSSL does
not try lock static globals.
How are you sure of this ? Did you manually remove the object code
> Am I doing anything completely insane here?
IMO, writing security software by doing something that is specifically not
documented or guaranteed to work and then trying to fix every problem it
creates (at least, that you can find) is completely insane.
DS
Well my hybrid threaded app now seems to be stable - even under extreme
loads.
Here is what I did for others to refer:
Comments *most* welcome.
These steps allow me to link both builds of my program with the same
non-threaded
OpenSSL build. I.e. both the fork() and pthread_create() builds of my
> On Sun, 2008-01-20 at 11:59 -0800, David Schwartz wrote:
> > Most definitely not. At a minimum, the definition of things
> > like 'errno' and
> > 'malloc' might be different between a multithreaded build and a
> > non-multithreaded build. There is no supported way to combine
> > multithreaded
>
On Mon, Jan 21, 2008 at 09:24:34AM +0100, Tomas Mraz wrote:
> On Sun, 2008-01-20 at 11:59 -0800, David Schwartz wrote:
> > > I should be able to create a multithreaded application using
> > > a non-multithreaded openssl build provided that I have an ssl
> > > context per thread.
> >
> > Most defin
On Sun, 2008-01-20 at 11:59 -0800, David Schwartz wrote:
> > I should be able to create a multithreaded application using
> > a non-multithreaded openssl build provided that I have an ssl
> > context per thread.
>
> Most definitely not. At a minimum, the definition of things like 'errno' and
> 'ma
ginal Message-
From: "David Schwartz" <[EMAIL PROTECTED]>
Date: Sun, 20 Jan 2008 11:59:00
To:
Subject: RE: Static global - bug? (Re: Two valgrind warnings in OpenSSL -
possible bug???)
> I should be able to create a multithreaded application using
> a non-multithreaded openss
> I should be able to create a multithreaded application using
> a non-multithreaded openssl build provided that I have an ssl
> context per thread.
Most definitely not. At a minimum, the definition of things like 'errno' and
'malloc' might be different between a multithreaded build and a
non-mul
> The reason he said he used his own pseudo
> random number generator is
> actually because of the PURIFY option
> that he didn't turn on.
Actually the reason I use my own random number generator is because the openssl
generator is not thread safe in the following way: I should be able to create
43 matches
Mail list logo
