p11-kit-proxy deadlock with OpenVPN

David Woodhouse dwmw2 at infradead.org
Fri May 1 09:32:22 PDT 2015 

It looks like the OpenSC pkcs11-helper library, as used by OpenVPN,
will call C_Initialize() at fork in the child process, for a module
which was loaded in the parent.

When this is p11-kit-proxy.so, we end up with the following deadlock:

#0  __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1  0x0000003841a0988d in __GI___pthread_mutex_lock (
    mutex=mutex at entry=0x3860c64840 <p11_library_mutex>)
    at ../nptl/pthread_mutex_lock.c:80
#2  0x0000003860a1e812 in managed_C_Finalize (self=0x12932b0, 
    reserved=<optimized out>) at p11-kit/modules.c:1546
#3  0x0000003860a396e0 in binding_C_Finalize (cif=<optimized out>, 
    ret=0x7ffdb6fc5280, args=<optimized out>, funcs=<optimized out>)
    at p11-kit/virtual.c:124
#4  0x0000003844205b9f in ffi_closure_unix64_inner (closure=0x7f5a87e0a048, 
    rvalue=0x7ffdb6fc5280, reg_args=0x7ffdb6fc51d0, 
    argp=0x7ffdb6fc52a0 "Pd)\001") at ../src/x86/ffi64.c:670
#5  0x0000003844205f18 in ffi_closure_unix64 () at ../src/x86/unix64.S:229
#6  0x0000003860a20ba1 in p11_kit_modules_finalize (modules=<optimized out>)
    at p11-kit/modules.c:2108
#7  0x0000003860a22132 in proxy_free (py=0x1296410) at p11-kit/proxy.c:193
#8  0x0000003860a22303 in proxy_C_Initialize (self=0x12961c0, 
    init_args=<optimized out>) at p11-kit/proxy.c:335
#9  0x0000003860a396c0 in binding_C_Initialize (cif=<optimized out>, 
    ret=0x7ffdb6fc54e0, args=<optimized out>, funcs=<optimized out>)
    at p11-kit/virtual.c:114
#10 0x0000003844205b9f in ffi_closure_unix64_inner (closure=0x7f5a87e0a550, 
    rvalue=0x7ffdb6fc54e0, reg_args=0x7ffdb6fc5430, 
---Type <return> to continue, or q <return> to quit---
    argp=0x7ffdb6fc5500 "`k)\001") at ../src/x86/ffi64.c:670
#11 0x0000003844205f18 in ffi_closure_unix64 () at ../src/x86/unix64.S:229
#12 0x00007f5a8798dd1e in C_Initialize (pInitArgs=0x0) at pkcs11-spy.c:378
#13 0x00007f5a87bb7299 in __pkcs11h_forkFixup (activate_slotevent=1)
    at pkcs11h-core.c:1330
#14 0x00000038412c84ef in __libc_fork () at ../sysdeps/nptl/fork.c:183
#15 0x0000003841a0f4a5 in __fork () at pt-fork.c:25
#16 0x0000000000428438 in openvpn_execve (a=a at entry=0x7ffdb6fc56d0, 
    es=es at entry=0x1328bb0, flags=flags at entry=2) at misc.c:308


We call p11_lock() in proxy_C_Initialize() (frame #8) right before
calling proxy_free(). And then when we call it again in
managed_C_Finalize() in frame #2 we deadlock.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20150501/74e00050/attachment.bin>

More information about the p11-glue mailing list