391244 - tracking - review memory menagement in libpkix

Status: RESOLVED WONTFIX

(NSS :: Libraries, defect, P1)

Description

[Alexei Volkov]

LibPkix is designed so that every library function has a pointer to void as the last argument. Pointer to PKIX_PL_NssContext casted to void* is the actual data poiter that get passed to the library functions.

PRArenaPort* is one of the members of PKIX_PL_NssContext. If NssContext_Create is called with arena set to PKIX_TRUE, an arena pool will be created and used for majority of object allocations. 

There are two types of PKIX_PL_NssContext objects involved in operations of libpkix. First type is single global object that is allocated at pkix initialization time and mainly supposed to be used for cache memory allocations. Second type are PKIX_PL_NssContext objects allocated before every call of PKIX_BuildChain and used for new allocations during a particula cert chaing building or validation.

The design creates a problem when an arena is used by many threads to allocate multiple objects that will result in significant memory use growth as the most of the objects in cache wont be deallocated until library shutdown. Also, the cert/crl, etc date will need to be copied to global arena every time an object is cached.

As a part of this bug resolution one should deeply understand libpkix memory allocation. One of the possible solution is to use per object arena, but this approach will result in increased allocation sys calls.

Comment 1

[Alexei Volkov]

valid Nelson's comment from bug 389904#c8 that also should be addressed in this bug.