Chromium Code Reviews Chromium Code Reviews
Issue 6185005:
NSS: don't set environment variables when multi-threaded. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/nss_util.h" | 5 #include "base/nss_util.h" |
| 6 #include "base/nss_util_internal.h" | 6 #include "base/nss_util_internal.h" |
| 7 | 7 |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <plarena.h> | 9 #include <plarena.h> |
| 10 #include <prerror.h> | 10 #include <prerror.h> |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 71 | 71 |
| 72 // NSS creates a local cache of the sqlite database if it detects that the | 72 // NSS creates a local cache of the sqlite database if it detects that the |
| 73 // filesystem the database is on is much slower than the local disk. The | 73 // filesystem the database is on is much slower than the local disk. The |
| 74 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 | 74 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
| 75 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set | 75 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
| 76 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's | 76 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
| 77 // detection when database_dir is on NFS. See http://crbug.com/48585. | 77 // detection when database_dir is on NFS. See http://crbug.com/48585. |
| 78 // | 78 // |
| 79 // TODO(wtc): port this function to other USE_NSS platforms. It is defined | 79 // TODO(wtc): port this function to other USE_NSS platforms. It is defined |
| 80 // only for OS_LINUX simply because the statfs structure is OS-specific. | 80 // only for OS_LINUX simply because the statfs structure is OS-specific. |
| 81 // | |
| 82 // Because this function sets an environment variable it must be run before we | |
| 83 // go multi-threaded. | |
| 81 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { | 84 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { |
| 82 #if defined(OS_LINUX) | 85 #if defined(OS_LINUX) |
| 83 struct statfs buf; | 86 struct statfs buf; |
| 84 if (statfs(database_dir.value().c_str(), &buf) == 0) { | 87 if (statfs(database_dir.value().c_str(), &buf) == 0) { |
| 85 if (buf.f_type == NFS_SUPER_MAGIC) { | 88 if (buf.f_type == NFS_SUPER_MAGIC) { |
| 86 scoped_ptr<Environment> env(Environment::Create()); | 89 scoped_ptr<Environment> env(Environment::Create()); |
| 87 const char* use_cache_env_var = "NSS_SDB_USE_CACHE"; | 90 const char* use_cache_env_var = "NSS_SDB_USE_CACHE"; |
| 88 if (!env->HasVar(use_cache_env_var)) | 91 if (!env->HasVar(use_cache_env_var)) |
| 89 env->SetVar(use_cache_env_var, "yes"); | 92 env->SetVar(use_cache_env_var, "yes"); |
| 90 } | 93 } |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 212 #if !defined(USE_NSS) | 215 #if !defined(USE_NSS) |
| 213 // Use the system certificate store, so initialize NSS without database. | 216 // Use the system certificate store, so initialize NSS without database. |
| 214 status = NSS_NoDB_Init(NULL); | 217 status = NSS_NoDB_Init(NULL); |
| 215 if (status != SECSuccess) { | 218 if (status != SECSuccess) { |
| 216 LOG(ERROR) << "Error initializing NSS without a persistent " | 219 LOG(ERROR) << "Error initializing NSS without a persistent " |
| 217 "database: NSS error code " << PR_GetError(); | 220 "database: NSS error code " << PR_GetError(); |
| 218 } | 221 } |
| 219 #else | 222 #else |
| 220 FilePath database_dir = GetInitialConfigDirectory(); | 223 FilePath database_dir = GetInitialConfigDirectory(); |
| 221 if (!database_dir.empty()) { | 224 if (!database_dir.empty()) { |
| 225 // This duplicates the work which should have been done in EarlyNSSInit. | |
| 226 // However, this function is idempotent so there's no harm done. | |
| 222 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); | 227 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); |
| 223 | 228 |
| 224 // Initialize with a persistent database (likely, ~/.pki/nssdb). | 229 // Initialize with a persistent database (likely, ~/.pki/nssdb). |
| 225 // Use "sql:" which can be shared by multiple processes safely. | 230 // Use "sql:" which can be shared by multiple processes safely. |
| 226 std::string nss_config_dir = | 231 std::string nss_config_dir = |
| 227 StringPrintf("sql:%s", database_dir.value().c_str()); | 232 StringPrintf("sql:%s", database_dir.value().c_str()); |
| 228 #if defined(OS_CHROMEOS) | 233 #if defined(OS_CHROMEOS) |
| 229 status = NSS_Init(nss_config_dir.c_str()); | 234 status = NSS_Init(nss_config_dir.c_str()); |
| 230 #else | 235 #else |
| 231 status = NSS_InitReadWrite(nss_config_dir.c_str()); | 236 status = NSS_InitReadWrite(nss_config_dir.c_str()); |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 314 // is fixed, we will no longer need the lock. | 319 // is fixed, we will no longer need the lock. |
| 315 Lock write_lock_; | 320 Lock write_lock_; |
| 316 #endif // defined(USE_NSS) | 321 #endif // defined(USE_NSS) |
| 317 }; | 322 }; |
| 318 | 323 |
| 319 LazyInstance<NSSInitSingleton, LeakyLazyInstanceTraits<NSSInitSingleton> > | 324 LazyInstance<NSSInitSingleton, LeakyLazyInstanceTraits<NSSInitSingleton> > |
| 320 g_nss_singleton(LINKER_INITIALIZED); | 325 g_nss_singleton(LINKER_INITIALIZED); |
| 321 | 326 |
| 322 } // namespace | 327 } // namespace |
| 323 | 328 |
| 329 void EarlyNSSInit() { | |
| 330 #if defined(OS_LINUX) | |
|
wtc
2011/01/13 00:07:02
This ifdef should be
#if defined(USE_NSS)
to m
| |
| 331 FilePath database_dir = GetInitialConfigDirectory(); | |
| 332 if (!database_dir.empty()) | |
| 333 UseLocalCacheOfNSSDatabaseIfNFS(database_dir); | |
| 334 #endif | |
| 335 } | |
| 336 | |
| 324 void EnsureNSPRInit() { | 337 void EnsureNSPRInit() { |
| 325 g_nspr_singleton.Get(); | 338 g_nspr_singleton.Get(); |
| 326 } | 339 } |
| 327 | 340 |
| 328 void EnsureNSSInit() { | 341 void EnsureNSSInit() { |
| 329 // Initializing SSL causes us to do blocking IO. | 342 // Initializing SSL causes us to do blocking IO. |
| 330 // Temporarily allow it until we fix | 343 // Temporarily allow it until we fix |
| 331 // http://code.google.com/p/chromium/issues/detail?id=59847 | 344 // http://code.google.com/p/chromium/issues/detail?id=59847 |
| 332 ThreadRestrictions::ScopedAllowIO allow_io; | 345 ThreadRestrictions::ScopedAllowIO allow_io; |
| 333 g_nss_singleton.Get(); | 346 g_nss_singleton.Get(); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 387 exploded.millisecond = prxtime.tm_usec / 1000; | 400 exploded.millisecond = prxtime.tm_usec / 1000; |
| 388 | 401 |
| 389 return Time::FromUTCExploded(exploded); | 402 return Time::FromUTCExploded(exploded); |
| 390 } | 403 } |
| 391 | 404 |
| 392 PK11SlotInfo* GetDefaultNSSKeySlot() { | 405 PK11SlotInfo* GetDefaultNSSKeySlot() { |
| 393 return g_nss_singleton.Get().GetDefaultKeySlot(); | 406 return g_nss_singleton.Get().GetDefaultKeySlot(); |
| 394 } | 407 } |
| 395 | 408 |
| 396 } // namespace base | 409 } // namespace base |
| OLD | NEW |
