Closed
Bug 1430906
Opened 6 years ago
Closed 6 years ago
pkix gtests hold NSS resources alive until shutdown
Categories
(Core :: Security: PSM, defect, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox59 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
The mozilla::pkix gtests generate a shared private/public key pair that gets stashed in a global variable. Since it's not part of XPCOM or the existing NSS shutdown machinery, it doesn't get released at the appropriate time, which complicates our efforts to fix NSS shutdown (see e.g. bug 1417680). The current approach to solve this is fairly straightforward: generate the key pair as usual, but essentially serialize the data and only recreate it on demand (e.g. when signing data). That way, the objects are not held alive past the lifetime of the gtests.
Assignee | ||
Comment 1•6 years ago
|
||
It looks like this will work: bug 1417680 without gtest changes: https://treeherder.mozilla.org/#/jobs?repo=try&revision=87810dcace4d470fb43610221d4afaa54a4eb828 with gtest changes: https://treeherder.mozilla.org/#/jobs?repo=try&revision=6c45d74a0edee150cd50a941c3ab429b55bae0fd
Assignee | ||
Comment 2•6 years ago
|
||
As a way to test these changes without the other changes, running `MOZ_LOG="pipnss:4" ./mach gtest "psm*:pkix*"` should yield different results before/after this patch. Before, shutdown will fail, resulting in "[31508:Main Thread]: E/pipnss NSS SHUTDOWN FAILURE". With this patch, shutdown will (should) succeed, resulting in "[30853:Main Thread]: D/pipnss NSS shutdown =====>> OK <<====="
Comment 3•6 years ago
|
||
Comment on attachment 8943044 [details] bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests r?jcj,franziskus Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision. https://phabricator.services.mozilla.com/D404#9753
Attachment #8943044 -
Flags: review+
Assignee | ||
Comment 4•6 years ago
|
||
Here's try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=3e2a2218db56f52f83f7e366e13c127b8e91de60
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/1932a56bc060 don't hold around a test key forever in mozilla::pkix gtests r=franziskus
Assignee | ||
Comment 6•6 years ago
|
||
Thanks for the reviews!
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1932a56bc060
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox59:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in
before you can comment on or make changes to this bug.
Description
•