Closed Bug 1625791 Opened 2 years ago Closed 2 years ago

Hang nssSlot_IsTokenPresent while saving draft of email with certificate on smartcard

Categories

(NSS :: Libraries, defect, P1)

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: peci1, Assigned: kjacobs)

References

Details

(Keywords: regression)

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0

Steps to reproduce:

Thunderbird 68.4.1 (and some versions before, too), Ubuntu 18.04. I'm not sure which NSS version is used, but it's the one used by the TB binaries from Ubuntu. apt doesn't show any dependency on nss, so it's probably compiled in.

I have a smartcard set up which which holds my signing certificates for S/MIME. Right after insertion of the card, signing works. But after some time (say, hours), the card seems to become kind of stale (it may well be a problem of its PKCS#11 driver, or just the card being old (5+ years)). When I'm composing a message and TB tries to save a draft, which triggers signing, I get a complete hang of TB. The same happens when sending the message before draft is saved (but again, only when the card gets into this stale state).

Maybe this is a regression/consequence of https://bugzilla.mozilla.org/show_bug.cgi?id=1381784 ?

Actual results:

This is the stack trace of thread #1, which is the stuck one:

#0 0x00007fec266bc10d in __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1 0x00007fec266b5154 in __GI___pthread_mutex_lock (mutex=0x7fec07efd660) at ../nptl/pthread_mutex_lock.c:133
#2 0x00007fec24ea5cf9 in PR_Lock (lock=0x7fec07efd660) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/nsprpub/pr/src/pthreads/ptsynch.c:171
#3 0x00007fec23dbc02c in nssTrustDomain_RemoveTokenCertsFromCache (td=0x7fec088cf830, token=0x7fec088d2830)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/tdcache.c:428
#4 0x00007fec23db2f8e in nssSlot_IsTokenPresent (slot=0x7fec088d3030) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/dev/devslot.c:240
#5 0x00007fec23db301c in nssSlot_GetToken (slot=0x7fec088d3030) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/dev/devslot.c:285
#6 0x00007fec23dbd875 in nssTrustDomain_FindTrustForCertificate (td=0x7fec088cf830, c=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/trustdomain.c:1059
#7 0x00007fec23db825d in nssTrust_GetCERTCertTrustForCert (c=0x7febef3210c0, cc=0x7febef322020)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/pki3hack.c:613
#8 0x00007fec23db8ab3 in fill_CERTCertificateFields (c=<optimized out>, cc=<optimized out>, forced=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/pki3hack.c:819
#9 0x00007fec23db8ab3 in stan_GetCERTCertificate (c=0x7febef3210c0, forceUpdate=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/pki3hack.c:893
#10 0x00007fec23db6e79 in nssCertificate_GetDecoding (c=0x7febef3210c0) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/certificate.c:266
#11 0x00007fec23db6e79 in nssCertificate_SubjectListSort (v1=0x7febef3210c0, v2=0x7febee6d60c0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/certificate.c:699
#12 0x00007fec23db18ff in nsslist_add_element (list=0x7febee6d8830, data=0x7febef3210c0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/base/list.c:194
#13 0x00007fec23db1a0c in nssList_AddUnique (list=0x7febee6d8830, data=0x7febef3210c0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/base/list.c:241
#14 0x00007fec23dbc573 in add_subject_entry (arena=0x7febf19bcf70, cache=0x7fec088d0030, cert=<optimized out>, nickname=<optimized out>, subjectList=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/tdcache.c:523
#15 0x00007fec23dbc573 in add_cert_to_cache (td=0x7fec088cf830, cert=0x7febef3210c0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/tdcache.c:752
#16 0x00007fec23dbc573 in nssTrustDomain_AddCertsToCache (td=0x7fec088cf830, certs=<optimized out>, numCerts=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/tdcache.c:841
#17 0x00007fec23dbab20 in cert_createObject (o=0x7febef321030) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/pkibase.c:1023
#18 0x00007fec23dba826 in nssPKIObjectCollection_AddInstanceAsObject (collection=0x7febeba4a830, instance=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/pkibase.c:927
#19 0x00007fec23db4f74 in nssToken_TraverseCertificates (token=0x7fec088d1830, sessionOpt=<optimized out>, searchType=<optimized out>, callback=
0x7fec23dbd7d0 <collector>, arg=0x7febeba4a830) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/dev/devtoken.c:1531
#20 0x00007fec23dbd760 in NSSTrustDomain_TraverseCertificates (td=<optimized out>, callback=0x7fec23d9fa70 <CollectNicknames>, arg=0x7febeb868820)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/pki/trustdomain.c:1019
#21 0x00007fec23d9f849 in CERT_GetCertNicknames (handle=0x7fec088cf830, what=2, wincx=0x7febec10ee90)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/security/nss/lib/certhigh/certhigh.c:485
#22 0x00007fec1380d1fc in nsMsgComposeSecure::MimeCryptoHackCerts(char const*, nsIMsgSendReport*, bool, bool, nsIMsgIdentity*) (this=0x7febf32db8a0, aRecipients=0x7febec2b1820 "REDACTED", sendReport=0x7febeef18e70, aEncrypt=<optimized out>, aSign=<optimized out>, aIdentity=0x7fec07683a60)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp:811
#23 0x00007fec1380cf71 in nsMsgComposeSecure::BeginCryptoEncapsulation(nsIOutputStream*, char const*, nsIMsgCompFields*, nsIMsgIdentity*, nsIMsgSendReport*, bool) (this=0x7febf32db8a0, aStream=0x7febe9747268, aRecipients=0x7febec2b1820 "REDACTED", aCompFields=<optimized out>, aIdentity=0x7fec07683a60, sendReport=0x7febeef18e70, aIsDraft=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp:359
#24 0x00007fec137c0757 in nsMsgComposeAndSend::BeginCryptoEncapsulation() (this=0x7febe6e39ff0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgSend.cpp:1065
#25 0x00007fec137d0cc6 in nsMsgSendPart::Write() (this=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgSendPart.cpp:448
#26 0x00007fec137bf54e in nsMsgComposeAndSend::GatherMimeAttachments() (this=0x7febe6e39ff0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgSend.cpp:836
#27 0x00007fec137c5a2b in nsMsgComposeAndSend::HackAttachments(nsIArray*, nsIArray*) (this=0x7febe6e39ff0, attachments=0x0, preloadedAttachments=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgSend.cpp:2266
#28 0x00007fec137c7387 in nsMsgComposeAndSend::Init(nsIMsgIdentity*, char const*, nsMsgCompFields*, nsIFile*, bool, bool, int, nsIMsgDBHdr*, char const*, nsTSubstring<char> const&, nsIArray*, nsIArray*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, int) (this=0x7febe6e39ff0, aUserIdentity=0x7fec07683a60, aAccountKey=<optimized out>, fields=0x7febe6afd580, sendFile=0x0, digest_p=false, dont_deliver_p=false, mode=4, msgToReplace=0x0, attachment1 [details] [diff] [review]_type=0x7fec17ed0639 "text/html", attachment1 [details] [diff] [review]_body=..., attachments=0x0, preloaded_attachments=0x0, password=..., aOriginalMsgURI=..., aType=2)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgSend.cpp:2793
#29 0x00007fec137cb1ef in nsMsgComposeAndSend::CreateAndSendMessage(nsIEditor*, nsIMsgIdentity*, char const*, nsIMsgCompFields*, bool, bool, int, nsIMsgDBHdr*, char const*, nsTSubstring<char> const&, nsIArray*, nsIArray*, mozIDOMWindowProxy*, nsIMsgProgress*, nsIMsgSendListener*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, int) (this=0x7febe6e39ff0, aEditor=0x7febe98c4c00, aUserIdentity=0x7fec07683a60, aAccountKey=0x7febec10e630 "account3", fields=0x7febe6afd580, digest_p=<optimized out>, dont_deliver_p=<optimized out>, mode=<optimized out>, msgToReplace=<optimized out>, attachment1 [details] [diff] [review]_type=<optimized out>, attachment1 [details] [diff] [review]_body=..., attachments=<optimized out>, preloaded_attachments=<optimized out>, parentWindow=<optimized out>, progress=<optimized out>, aListener=<optimized out>, password=..., aOriginalMsgURI=..., aType=<optimized out>) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgSend.cpp:3717
#30 0x00007fec137a7da4 in nsMsgCompose::SendMsgToServer(int, nsIMsgIdentity*, char const*) (this=0x7fec10920f60, deliverMode=4, identity=0x7fec07683a60, accountKey=0x7febec10e630 "account3") at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgCompose.cpp:1186
#31 0x00007fec137a89c9 in nsMsgCompose::SendMsg(int, nsIMsgIdentity*, char const*, nsIMsgWindow*, nsIMsgProgress*) (this=0x7fec10920f60, deliverMode=<optimized out>, identity=0x7fec07683a60, accountKey=0x7febec10e630 "account3", aMsgWindow=0x7febe8ecb880, progress=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mailnews/compose/src/nsMsgCompose.cpp:1378
#32 0x00007fec13a84082 in NS_InvokeByIndex () at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:106
#33 0x00007fec1421ab7b in CallMethodHelper::Invoke() (this=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/xpconnect/src/XPCWrappedNative.cpp:1650
#34 0x00007fec1421ab7b in CallMethodHelper::Call() (this=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/xpconnect/src/XPCWrappedNative.cpp:1191
#35 0x00007fec1421ab7b in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (ccx=..., mode=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/xpconnect/src/XPCWrappedNative.cpp:1157
#36 0x00007fec1421c0fb in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) (cx=0x7fec0af23000, argc=<optimized out>, vp=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:946
#37 0x00007fec16f26890 in CallJSNative(JSContext*, bool ()(JSContext, unsigned int, JS::Value*), JS::CallArgs const&) (cx=<optimized out>, native=
0x7fec1421bee0 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:443
#38 0x00007fec16f26890 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=0x7fec0af23000, args=..., construct=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:535
#39 0x00007fec16f20182 in js::CallFromStack(JSContext*, JS::CallArgs const&) (cx=<optimized out>, args=...)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:594
#40 0x00007fec16f20182 in Interpret(JSContext*, js::RunState&) (cx=<optimized out>, state=...)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:3082
#41 0x00007fec16f16361 in js::RunScript(JSContext*, js::RunState&) (cx=0x7fec0af23000, state=...)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:423
#42 0x00007fec16f26b7d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (cx=0x7fec0af23000, args=..., construct=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:563
#43 0x00007fec16f27036 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) (cx=0x7fec07efd660, fval=..., thisv=..., args=..., rval=...) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/vm/Interpreter.cpp:606
#44 0x00007fec1727e280 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (cx=0x7fec0af23000, thisv=..., fval=..., args=..., rval=...) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/js/src/jsapi.cpp:2673
#45 0x00007fec1511e43c in mozilla::dom::Function::Call(JSContext*, JS::Handle<JS::Value>, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) (this=0x7febeb153540, cx=<optimized out>, aThisVal=..., arguments=..., aRetVal=..., aRv=...) at FunctionBinding.cpp:41
#46 0x00007fec148618e3 in mozilla::dom::Function::Call<nsCOMPtr<nsISupports> >(nsCOMPtr<nsISupports> const&, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) (this=0x7febeb153540, thisVal=..., arguments=..., aRetVal=..., aRv=..., aExecutionReason=<optimized out>, aExceptionHandling=mozilla::dom::CallbackObject::eReportExceptions, aRealm=0x0)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/obj-x86_64-linux-gnu/dist/include/mozilla/dom/FunctionBinding.h:73
#47 0x00007fec148613b8 in nsGlobalWindowInner::RunTimeoutHandler(mozilla::dom::Timeout*, nsIScriptContext*) (this=
0x7febe78e8000, aTimeout=0x7febf95e6c80, aScx=<optimized out>) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/dom/base/nsGlobalWindowInner.cpp:5695
#48 0x00007fec14962348 in mozilla::dom::TimeoutManager::RunTimeout(mozilla::TimeStamp const&, mozilla::TimeStamp const&, bool) (this=0x7febe99fc030, aNow=..., aTargetDeadline=..., aProcessIdle=<optimized out>) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/dom/base/TimeoutManager.cpp:971
#49 0x00007fec1495e774 in mozilla::dom::TimeoutExecutor::MaybeExecute() (this=0x7febe65c3280)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/dom/base/TimeoutExecutor.cpp:177
#50 0x00007fec1495e774 in mozilla::dom::TimeoutExecutor::Notify(nsITimer*) (this=0x7febe65c3280, aTimer=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/dom/base/TimeoutExecutor.cpp:244
#51 0x00007fec1495e7aa in non-virtual thunk to mozilla::dom::TimeoutExecutor::Notify(nsITimer*) ()
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/dom/base/TimeoutBudgetManager.cpp:34
#52 0x00007fec13a71c2e in nsTimerImpl::Fire(int) (this=0x7febfc6dda60, aGeneration=13)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/xpcom/threads/nsTimerImpl.cpp:564
#53 0x00007fec13a7194d in nsTimerEvent::Run() (this=0x7fec0287a3e0) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/xpcom/threads/TimerThread.cpp:260
#54 0x00007fec13a77ae6 in nsThread::ProcessNextEvent(bool, bool*) (this=0x7fec109d6b80, aMayWait=<optimized out>, aResult=0x7ffe6d0eaba7)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/xpcom/threads/nsThread.cpp:1175
#55 0x00007fec13a797a6 in NS_ProcessNextEvent(nsIThread*, bool) (aThread=0x7fec07efd660, aMayWait=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/xpcom/threads/nsThreadUtils.cpp:486
#56 0x00007fec13f15edd in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (this=0x7fec10934800, aDelegate=0x7fec25558200)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/ipc/glue/MessagePump.cpp:110
#57 0x00007fec13ee0048 in MessageLoop::RunInternal() (this=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/ipc/chromium/src/base/message_loop.cc:315
#58 0x00007fec13ee0048 in MessageLoop::RunHandler() (this=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/ipc/chromium/src/base/message_loop.cc:308
#59 0x00007fec13ee0048 in MessageLoop::Run() (this=0x80) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/ipc/chromium/src/base/message_loop.cc:290
#60 0x00007fec15d2f5a6 in nsBaseAppShell::Run() (this=0x7fec0fa80a00) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/widget/nsBaseAppShell.cpp:137
#61 0x00007fec16d7422b in nsAppStartup::Run() (this=0x7fec0fb83920)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/toolkit/components/startup/nsAppStartup.cpp:276
#62 0x00007fec16e461d0 in XREMain::XRE_mainRun() (this=0x7ffe6d0eaea0) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/toolkit/xre/nsAppRunner.cpp:4616
#63 0x00007fec16e46949 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) (this=0x7ffe6d0eaea0, argc=<optimized out>, argv=<optimized out>, aConfig=...) at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/toolkit/xre/nsAppRunner.cpp:4750
#64 0x00007fec16e46e15 in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=128, argv=0xb, aConfig=...)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/toolkit/xre/nsAppRunner.cpp:4831
#65 0x000056021b0d361c in do_main(int, char**, char**) (argc=128, argv=<optimized out>, envp=<optimized out>)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mail/app/nsMailApp.cpp:216
#66 0x000056021b0d361c in main(int, char**, char**) (argc=<optimized out>, argv=<optimized out>, envp=0x7ffe6d0ec138)
at /build/thunderbird-ThyQ3Z/thunderbird-68.4.1+build1/comm/mail/app/nsMailApp.cpp:291

Bugbug thinks this bug is a regression, but please revert this change in case of error.

Keywords: regression

Kai,

Any thoughts on this one? It seems like it's maybe the driver assuming the slot was torn down but NSS didn't, but I really don't know the nss/lib/pki library that Thunderbird uses at all, so I'm really just poking in the dark here.

Flags: needinfo?(kaie)

(In reply to Martin Pecka from comment #0)

Maybe this is a regression/consequence of https://bugzilla.mozilla.org/show_bug.cgi?id=1381784 ?

Flags: needinfo?(kaie)

If it helps - I have a second computer with a pretty similar setup, but running on Windows 10 64bit (the TB is 32bit, I think). I use the same smartcard there. I don't experience these freezes there (there are other smartcard-related problems, though, like TB pretending it can't contact the SMTP server until I reinsert the card, but that's not critical).

(In reply to J.C. Jones [:jcj] (he/him) from comment #2)

Any thoughts on this one? It seems like it's maybe the driver assuming the slot was torn down but NSS didn't, but I really don't know the nss/lib/pki library that Thunderbird uses at all, so I'm really just poking in the dark here.

I don't have much knowledge about smartcard locking internals. Maybe Daiki has some insights, that seems a bit similar to the issue he had fixed.

Daiki, any insight from your end?

Flags: needinfo?(dueno)

Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is -- (Backlog,) indicating it has has not been previously triaged, the bug's Severity is being updated to -- (default, untriaged.)

Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is -- (Backlog,) indicating it has has not been previously triaged, the bug's Severity is being updated to -- (default, untriaged.)

Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is -- (Backlog,) indicating it has has not been previously triaged, the bug's Severity is being updated to -- (default, untriaged.)

Severity: normal → S3

The severity of these bugs was changed, mistakenly, from normal to S3.

Because these bugs have a priority of --, indicating that they have not been previously triaged, these bugs should be changed to Severity of --.

Severity: S3 → --

This is caused by a circular lock dependency, which I noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1651564#c4. Specifically:

Frame 15 (add_cert_to_cache) takes td->cache->lock.
Frame 4 (nssSlot_IsTokenPresent) takes slot->isPresentLock.
Frame 3 (nssTrustDomain_RemoveTokenCertsFromCache) tries to take td->cache->lock again and hangs.

The fix I came up with for the shutdown hang, i.e. calling STAN_GetCERTCertificate before taking the first lock, will prevent the call to fill_CERTCertificateFields and should resolve both issues.

I'll attach the patch shortly.

When caching certificates, td->cache->lock must not be held when taking slot->isPresentLock. The add_cert_to_cache path calls a sort function in add_subject_entry, which will [[ https://searchfox.org/mozilla-central/rev/a3b25e347e2c22207c4b369b99246e4aebf861a7/security/nss/lib/pki/certificate.c#266 | call ]] STAN_GetCERTCertificate -> fill_CERTCertificateFields when cc->nssCertificate [[ https://searchfox.org/mozilla-central/rev/a3b25e347e2c22207c4b369b99246e4aebf861a7/security/nss/lib/pki/pki3hack.c#923 | is NULL ]].

There are two problems with this:

  1. fill_CERTCertificateFields may end up locking slot->isPresentLock (bad ordering, bug 1651564)
  2. The above may happen followed by another attempt to lock td->cache->lock(deadlock, this bug).

By calling STAN_GetCERTCertificate prior to the first lock of td->cache->lock, we can prevent the problematic call to fill_CERTCertificateFields later on, because cc->nssCertificate will already be filled.

See Also: → 1651564
Assignee: nobody → kjacobs.bugzilla
Severity: -- → S3
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(dueno)
Resolution: --- → FIXED
Target Milestone: --- → 3.56
You need to log in before you can comment on or make changes to this bug.