Closed Bug 1808816 Opened 3 years ago Closed 3 years ago

Intermittent headless-spi SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/security/nss/lib/pki/pki3hack.c:750:15 in fill_CERTCertificateFields

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox111 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: keeler)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-race, intermittent-failure)

Attachments

(3 files)

tsan log
26.38 KB, text/plain
Details
Bug 1808816 - find potential client certificates on the socket thread rather than the main thread r?jschanck
48 bytes, text/x-phabricator-request
Details
Bug 1808816 - socket process follow-up: find potential client certificates on the socket thread r?jschanck
48 bytes, text/x-phabricator-request
Details

This hits about 50% of the time when running mochitest-plain in headless-spi (socketprocess) mode (--headless --setpref=network.process.enabled=true --setpref=network.http.network_access_on_socket_process.enabled=true) under TSAN. Seems to hit consistently when running dom/base/test/test_bug466080.html. This isn't currently enabled by default in CI, but I've been running Try pushes in the hopes of getting it green enough to do so.

Log link:
https://treeherder.mozilla.org/logviewer?job_id=401496165&repo=try&lineNumber=3120

Pernosco trace:
https://pernos.co/debug/m_IHUARELHepEATm7BITwQ/index.html#f{m[A98G,AV0_,t[CQ,CFU_,f{e[A8zk,zt4_,s{afv/yALAA,bAdc,u7As,o8ao___/

Attached file tsan log
Blocks: tsan
Keywords: csectype-race

This test does change the value of the pref network.cors_preflight.allow_client_cert. I don't know if that might be causing the race or not.

Looks like FindClientCertificatesWithPrivateKeys can create CERTCertificates in some cases, and it is being called off the socket thread in SelectClientAuthCertificate::DoSelectClientAuthCertificate. Arguably an NSS bug, but I think our current approach is to fix this sort of issue by dispatching to the socket thread, so I'm moving this to PSM. I don't think it's a security issue---there's no attacker-controllable data and the two threads should write identical data to the CERTCertificate's fields.

Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
Version: trunk → unspecified
Group: crypto-core-security
See Also: → 1808236
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/78e0947c2257 find potential client certificates on the socket thread rather than the main thread r=jschanck

https://hg.mozilla.org/mozilla-central/rev/78e0947c2257

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox110: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch

This appears to still be happening on m-c tip:
https://treeherder.mozilla.org/logviewer?job_id=402780486&repo=try&lineNumber=3131

Status: RESOLVED → REOPENED
status-firefox110: fixed → ---
Flags: needinfo?(dkeeler)
Resolution: FIXED → ---
Target Milestone: 110 Branch → ---
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4f69a02ee8f9 socket process follow-up: find potential client certificates on the socket thread r=jschanck

https://hg.mozilla.org/mozilla-central/rev/4f69a02ee8f9

Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
status-firefox111: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
Flags: needinfo?(dkeeler)
See Also: → 1815998
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: