Last Comment Bug 177391 - Add a new function that blocks the calling thread until a token is removed
: Add a new function that blocks the calling thread until a token is removed
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: unspecified
: All All
: P1 enhancement (vote)
: 3.7
Assigned To: Robert Relyea
: Bishakha Banerjee
Depends on:
  Show dependency treegraph
Reported: 2002-10-29 15:54 PST by Wan-Teh Chang
Modified: 2002-12-12 16:03 PST (History)
9 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

patch 1: pk11wrap changes. (3.03 KB, patch)
2002-12-10 14:54 PST, Robert Relyea
wtc: review-
Details | Diff | Splinter Review
patch 2: changes to nss.def (466 bytes, patch)
2002-12-10 14:56 PST, Robert Relyea
nelson: review-
Details | Diff | Splinter Review
Test program... (4.03 KB, application/x-zip-compressed)
2002-12-10 14:59 PST, Robert Relyea
no flags Details

Description Wan-Teh Chang 2002-10-29 15:54:19 PST
Since PKCS #11 does not have a notification mechanism
for the token removal events, we will need to resort
to a polling mechanism.

This RFE proposes that we add a function that polls
the slots periodically for token presence.  It returns
to the caller as soon as a token is found to be removed.

The application needs to provide the thread to call
this function.
Comment 1 Wan-Teh Chang 2002-12-06 11:14:25 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 2 Wan-Teh Chang 2002-12-09 12:00:23 PST
We decided to include this new function in the 3.7
release, and Bob will implement it.

Bob, please write a description of the function for
Comment 3 Robert Relyea 2002-12-10 14:54:39 PST
Created attachment 108935 [details] [diff] [review]
patch 1: pk11wrap changes.

patch 1: pk11wrap changes.
Comment 4 Robert Relyea 2002-12-10 14:56:28 PST
Created attachment 108936 [details] [diff] [review]
patch 2: changes to nss.def 

Export our new file...
Comment 5 Robert Relyea 2002-12-10 14:59:03 PST
Created attachment 108937 [details]
Test program...
Comment 6 Robert Relyea 2002-12-10 15:01:44 PST
Ready for review for an early morning checking.
Comment 7 Nelson Bolyard (seldom reads bugmail) 2002-12-10 15:24:58 PST
Comment on attachment 108936 [details] [diff] [review]
patch 2: changes to nss.def 

trailing semicolon missing
Comment 8 Wan-Teh Chang 2002-12-10 16:12:54 PST
Comment on attachment 108935 [details] [diff] [review]
patch 1: pk11wrap changes.

I found two bugs in the handling of timeout.
I suggest adding some comments to explain the
token statuses and events, in particular the
"changed" status, and how this function is
supposed to be used.

Bob, I left a copy of this patch with my comments
at your desk.
Comment 9 Wan-Teh Chang 2002-12-10 16:27:28 PST
Comment on attachment 108937 [details]
Test program...

Bob, you can consider adding this test (remtest.c) to the new
mozilla/security/nss/cmd/tests directory.

Also, instead of attaching a zip file, you can cvs add the new files and then
cvs diff -uN to generate the patch.
The -N option includes the new files in the patch.
Comment 10 Wan-Teh Chang 2002-12-10 16:34:13 PST
Bob, should the test call PK11_IsPresent before it
enters the do-while loop calling PK11_WaitForTokenEvent?
Seems like you should call PK11_IsPresent to obtain
the initial token status.
Comment 11 Wan-Teh Chang 2002-12-11 07:21:07 PST
Comment on attachment 108935 [details] [diff] [review]
patch 1: pk11wrap changes.

Another issue with this patch is that the detection
of the "changed" event is unreliable if some other
thread is calling PK11_IsPresent (directly or via
other NSS functions) at the same time.

The "changed" event is detected by a change in the
slot series.  At the beginning of PK11_WaitForTokenEvent
we call PK11_GetSlotSeries to get the old slot series.
If another thread calls PK11_IsPresent before our
PK11_GetSlotSeries call, we will get the new slot
series instead and won't see the change in the slot

Here is a proposed solution.

1. Modify the PK11_WaitForTokenEvent function prototype.
The caller passes in the old slot series as an argument.
If the "present" or "changed" status is returned, the
function also returns the current slot series to the

2. It would be good to have a variant of the
PK11_IsPresent function that also returns the current
slot series if the token is present.  This is because
we should get the slot series and the token presence
info *atomically* to get the most accurate slot series.
Comment 12 Robert Relyea 2002-12-12 16:03:40 PST
patches checked in (to tip and 3.7)

Note You need to log in before you can comment on or make changes to this bug.