roytam1/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 13:58:49 +00:00
Code Issues Projects Releases Wiki Activity

[NSS] Protect rwSessionCount with slotLock.

Browse Source 
Previously, SFTKSlot.rwSessionCount was incremented and decremented
atomically, which meant that there was no way to synchronize reads from it
in NSC_GetTokenInfo. This patch removes the atomic operations but protects
rwSessionCount with SFTKSlot.slotLock.
SFTKSlot.sessionCount is already protected in this way, so this should
have no performance impact.
This commit is contained in:
Moonchild
2026-04-22 16:32:19 +02:00
committed by roytam1
parent 700b73f155
commit 29233ebca8
2 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/nss/lib/softoken/pkcs11.c
+10 -10
View File
@@ -2803,10 +2803,10 @@ sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout)
SKIP_AFTER_FORK(PZ_Unlock(lock));
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
--slot->sessionCount;
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
if (session->info.flags & CKF_RW_SESSION) {
(void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount);
--slot->rwSessionCount;
}
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
} else {
SKIP_AFTER_FORK(PZ_Unlock(lock));
}
@@ -3523,9 +3523,9 @@ NSC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
PORT_Memcpy(pInfo->model, "NSS 3 ", 16);
PORT_Memcpy(pInfo->serialNumber, "0000000000000000", 16);
PORT_Memcpy(pInfo->utcTime, "0000000000000000", 16);
pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
pInfo->ulMaxRwSessionCount = 0; /* arbitrarily large */
PZ_Lock(slot->slotLock); /* Protect sessionCount / rwSessioncount */
pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
PR_Lock(slot->slotLock); /* Protect sessionCount / rwSessioncount */
pInfo->ulSessionCount = slot->sessionCount;
pInfo->ulRwSessionCount = slot->rwSessionCount;
PZ_Unlock(slot->slotLock); /* Unlock before sftk_getKeyDB */
@@ -4023,10 +4023,10 @@ NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
}
PZ_Lock(slot->slotLock);
++slot->sessionCount;
PZ_Unlock(slot->slotLock);
if (session->info.flags & CKF_RW_SESSION) {
(void)PR_ATOMIC_INCREMENT(&slot->rwSessionCount);
++slot->rwSessionCount;
}
PZ_Unlock(slot->slotLock);
do {
PZLock *lock;
@@ -4086,13 +4086,13 @@ NSC_CloseSession(CK_SESSION_HANDLE hSession)
sftkdb_ClearPassword(handle);
}
}
if (session->info.flags & CKF_RW_SESSION) {
--slot->rwSessionCount;
}
PZ_Unlock(slot->slotLock);
if (handle) {
sftk_freeDB(handle);
}
if (session->info.flags & CKF_RW_SESSION) {
(void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount);
}
sftk_DestroySession(session);
session = NULL;
}
security/nss/lib/softoken/pkcs11i.h
+4 -5
View File
@@ -309,9 +309,9 @@ struct SFTKSessionStr {
* (head[]->refCount), objectLock protects all elements of the slot's
* object hash tables (sessObjHashTable[] and tokObjHashTable), and
* sessionObjectHandleCount.
* slotLock protects the remaining protected elements:
* password, needLogin, isLoggedIn, ssoLoggedIn, and sessionCount,
* and pwCheckLock serializes the key database password checks in
* slotLock protects password, needLogin, isLoggedIn, ssoLoggedIn,
* sessionCount, and rwSessionCount.
* pwCheckLock serializes the key database password checks in
* NSC_SetPIN and NSC_Login.
*
* Each of the fields below has the following lifetime as commented
@@ -351,8 +351,7 @@ struct SFTKSlotStr {
int sessionIDConflict; /* not protected by a lock */
/* (preserved) */
int sessionCount; /* variable - reset */
PRInt32 rwSessionCount; /* set by atomic operations */
/* (reset) */
int rwSessionCount; /* variable - reset */
int sessionObjectHandleCount; /* variable - perserved */
CK_ULONG index; /* invariant */
PLHashTable *tokObjHashTable; /* invariant */