Delete |pthread_key_t| on dlclose.

When OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY is defined during the build,
this change adds a destructor function that is called when BoringSSL is
unloaded via |dlclose| or during process exit. Using |dlclose| with
BoringSSL is not supported and will leak memory, but this change allows
some code that is already doing it to survive longer.

Change-Id: Ifc6d6aae61ed0f15d61cd3dbb4ea9f8006e43dba
Reviewed-on: https://boringssl-review.googlesource.com/25784
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Fred Gylys-Colwell <fredgc@google.com>

crypto/thread_pthread.c

@@ -94,6 +94,8 @@ void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) {
 static pthread_mutex_t g_destructors_lock = PTHREAD_MUTEX_INITIALIZER;
 static thread_local_destructor_t g_destructors[NUM_OPENSSL_THREAD_LOCALS];
 
+// thread_local_destructor is called when a thread exits. It releases thread
+// local data for that thread only.
 static void thread_local_destructor(void *arg) {
   if (arg == NULL) {
     return;
@@ -119,16 +121,44 @@ static void thread_local_destructor(void *arg) {
 
 static pthread_once_t g_thread_local_init_once = PTHREAD_ONCE_INIT;
 static pthread_key_t g_thread_local_key;
-static int g_thread_local_failed = 0;
+static int g_thread_local_key_created = 0;
+
+// OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY can be defined to cause
+// |pthread_key_delete| to be called in a destructor function. This can be
+// useful for programs that dlclose BoringSSL.
+//
+// Note that dlclose()ing BoringSSL is not supported and will leak memory:
+// thread-local values will be leaked as well as anything initialised via a
+// once. The |pthread_key_t| is destroyed because they run out very quickly,
+// while the other leaks are slow, and this allows code that happens to use
+// dlclose() despite all the problems to continue functioning.
+//
+// This is marked "dangerous" because it can cause multi-threaded processes to
+// crash (even if they don't use dlclose): if the destructor runs while other
+// threads are still executing then they may end up using an invalid key to
+// access thread-local variables.
+//
+// This may be removed after February 2020.
+#if defined(OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY) && \
+    (defined(__GNUC__) || defined(__clang__))
+// thread_key_destructor is called when the library is unloaded with dlclose.
+static void thread_key_destructor(void) __attribute__((destructor, unused));
+static void thread_key_destructor(void) {
+  if (g_thread_local_key_created) {
+    g_thread_local_key_created = 0;
+    pthread_key_delete(g_thread_local_key);
+  }
+}
+#endif
 
 static void thread_local_init(void) {
-  g_thread_local_failed =
-      pthread_key_create(&g_thread_local_key, thread_local_destructor) != 0;
+  g_thread_local_key_created =
+      pthread_key_create(&g_thread_local_key, thread_local_destructor) == 0;
 }
 
 void *CRYPTO_get_thread_local(thread_local_data_t index) {
   CRYPTO_once(&g_thread_local_init_once, thread_local_init);
-  if (g_thread_local_failed) {
+  if (!g_thread_local_key_created) {
     return NULL;
   }
 
@@ -142,7 +172,7 @@ void *CRYPTO_get_thread_local(thread_local_data_t index) {
 int CRYPTO_set_thread_local(thread_local_data_t index, void *value,
                             thread_local_destructor_t destructor) {
   CRYPTO_once(&g_thread_local_init_once, thread_local_init);
-  if (g_thread_local_failed) {
+  if (!g_thread_local_key_created) {
     destructor(value);
     return 0;
   }