Closed
Bug 1381154
Opened 7 years ago
Closed 7 years ago
remove smartcard insertion/removal monitoring threads
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox58 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Keywords: stale-bug)
Attachments
(1 file)
Currently, if the user has any PKCS#11 modules loaded and smartcard devices with removal tokens attached, Firefox will spin up a thread for each such module to monitor insertion and removal events. However, the only functionality provided by this non-trivial infrastructure is to refresh the certificate manager and device manager when an event is detected. Since this provides so little at considerable cost (see the hangs at https://crash-stats.mozilla.com/search/?signature=~SmartCardMonitoringThread ), we should just remove this. (NB: We should figure out what happens in the certificate manager when the user attempts to interact with a certificate that only existed on a token that has been removed.) (Also, it looks like products based on comm-central have similar consumers of this mechanism that e.g. reload a message, so they'll have to consider what they want to do there.)
Assignee | ||
Comment 1•7 years ago
|
||
To loop back with myself on this, it turns out NSS doesn't notice if a token has a new slot inserted, which consequently means that any certificates or keys provided by that slot aren't available unless PK11_IsPresent is called. The monitoring threads handle this in a reasonable way (even if the implementation is suspect) in that idly waiting for an event and then calling PK11_IsPresent is more efficient than calling it every time we (e.g.) search for certificates. This bug will probably end up being WONTFIX or perhaps morphing into an implementation cleanup bug.
This is an assigned P1 bug without activity in two weeks. If you intend to continue working on this bug for the current release/iteration/sprint, remove the 'stale-bug' keyword. Otherwise we'll reset the priority of the bug back to '--' on Monday, August 28th.
Keywords: stale-bug
Assignee | ||
Comment 3•7 years ago
|
||
Ehhhh let's wontfix this for now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Assignee | ||
Comment 4•7 years ago
|
||
This may address bug 1248818.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Comment hidden (mozreview-request) |
Comment 6•7 years ago
|
||
mozreview-review |
Comment on attachment 8919074 [details] bug 1381154 - remove smartcard monitoring threads https://reviewboard.mozilla.org/r/189988/#review195156 ::: security/manager/pki/resources/content/device_manager.js:16 (Diff revision 1) > const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1"; > const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB; > const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock; > const nsDialogParamBlock = "@mozilla.org/embedcomp/dialogparam;1"; > > var { Services } = Components.utils.import("resource://gre/modules/Services.jsm", {}); Looks like `Services` is now unused. ::: security/manager/ssl/nsNSSComponent.cpp:1164 (Diff revision 1) > + list = list->next; > + } > + } > + for (auto& module : modulesWithRemovableSlots) { > + // Best-effort. > + Unused << SECMOD_UpdateSlotList(module.get()); > + for (int i = 0; i < module->slotCount; i++) { Do we need to have some sort of synchronization to worry about modules that are removed between the population of `modulesWithRemovableSlots` and the loop through it?
Assignee | ||
Comment 7•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8919074 [details] bug 1381154 - remove smartcard monitoring threads https://reviewboard.mozilla.org/r/189988/#review195156 > Looks like `Services` is now unused. Righto. > Do we need to have some sort of synchronization to worry about modules that are removed between the population of `modulesWithRemovableSlots` and the loop through it? In theory a new module could be added (and a new token inserted) in between when the list is created and when we refresh our view of it. If whatever operation in progress depends on something on that token, the operation will fail. However, this would be the same as if the token had been inserted too late with respect to the operation being done (e.g. connecting to a site with 3rd party roots, connecting to a site requiring a client certificate, etc.). Since these operations can all be retried, I don't think it's a concern.
Comment hidden (mozreview-request) |
Comment 9•7 years ago
|
||
mozreview-review |
Comment on attachment 8919074 [details] bug 1381154 - remove smartcard monitoring threads https://reviewboard.mozilla.org/r/189988/#review196372 OK, thanks!
Attachment #8919074 -
Flags: review?(jjones) → review+
Comment 10•7 years ago
|
||
mozreview-review |
Comment on attachment 8919074 [details] bug 1381154 - remove smartcard monitoring threads https://reviewboard.mozilla.org/r/189988/#review196746
Attachment #8919074 -
Flags: review?(mgoodwin) → review+
Assignee | ||
Comment 11•7 years ago
|
||
Thanks for the reviews! Try looks good: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7fd2e1ee05c0
Comment 12•7 years ago
|
||
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again. hg error in cmd: hg rebase -s 0b3bedb96285 -d cc74db25e470: rebasing 428726:0b3bedb96285 "bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin" (tip) merging security/certverifier/CertVerifier.cpp merging security/manager/ssl/PKCS11ModuleDB.cpp merging security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp merging security/manager/ssl/tests/unit/xpcshell-smartcards.ini warning: conflicts while merging security/manager/ssl/tests/unit/xpcshell-smartcards.ini! (edit, then use 'hg resolve --mark') unresolved conflicts (see hg resolve, then hg rebase --continue)
Comment hidden (mozreview-request) |
Assignee | ||
Comment 14•7 years ago
|
||
Rebased.
Comment 15•7 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b15691743aba remove smartcard monitoring threads r=jcj,mgoodwin
Comment 16•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b15691743aba
Status: REOPENED → RESOLVED
Closed: 7 years ago → 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in
before you can comment on or make changes to this bug.
Description
•