bug 1361893 - remove two unnecessary mutexes and a cast from SSLServerCertVerification.cpp
gSSLVerificationPK11Mutex isn't used at all - it can be removed
gSSLVerificationTelemetryMutex is unnecessary because telemetry has its own lock:
https://dxr.mozilla.org/mozilla-central/rev/a748acbebbde373a88868dc02910fb2bc5e6a023/toolkit/components/telemetry/TelemetryHistogram.cpp#1135
https://dxr.mozilla.org/mozilla-central/rev/a748acbebbde373a88868dc02910fb2bc5e6a023/toolkit/components/telemetry/TelemetryHistogram.cpp#1984
The nsNSSSocketInfo* cast in SSLServerCertVerificationResult::Run() is
unnecessary because mInfoObject is a RefPtr<nsNSSSocketInfo>.
MozReview-Commit-ID: DG7qWGg2amQ
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -105,17 +105,16 @@
#include "RootCertificateTelemetryUtils.h"
#include "ScopedNSSTypes.h"
#include "SharedCertVerifier.h"
#include "SharedSSLState.h"
#include "TransportSecurityInfo.h" // For RememberCertErrorsTable
#include "cert.h"
#include "mozilla/Assertions.h"
#include "mozilla/Casting.h"
-#include "mozilla/Mutex.h"
#include "mozilla/RefPtr.h"
#include "mozilla/Telemetry.h"
#include "mozilla/UniquePtr.h"
#include "mozilla/Unused.h"
#include "mozilla/net/DNS.h"
#include "nsComponentManagerUtils.h"
#include "nsContentUtils.h"
#include "nsIBadCertListener2.h"
@@ -145,41 +144,31 @@ using namespace mozilla::pkix;
namespace mozilla { namespace psm {
namespace {
// do not use a nsCOMPtr to avoid static initializer/destructor
nsIThreadPool* gCertVerificationThreadPool = nullptr;
-// We avoid using a mutex for the success case to avoid lock-related
-// performance issues. However, we do use a lock in the error case to simplify
-// the code, since performance in the error case is not important.
-Mutex* gSSLVerificationTelemetryMutex = nullptr;
-
-// We add a mutex to serialize PKCS11 database operations
-Mutex* gSSLVerificationPK11Mutex = nullptr;
-
} // unnamed namespace
// Called when the socket transport thread starts, to initialize the SSL cert
// verification thread pool. By tying the thread pool startup/shutdown directly
// to the STS thread's lifetime, we ensure that they are *always* available for
// SSL connections and that there are no races during startup and especially
// shutdown. (Previously, we have had multiple problems with races in PSM
// background threads, and the race-prevention/shutdown logic used there is
// brittle. Since this service is critical to things like downloading updates,
// we take no chances.) Also, by doing things this way, we avoid the need for
// locks, since gCertVerificationThreadPool is only ever accessed on the socket
// transport thread.
void
InitializeSSLServerCertVerificationThreads()
{
- gSSLVerificationTelemetryMutex = new Mutex("SSLVerificationTelemetryMutex");
- gSSLVerificationPK11Mutex = new Mutex("SSLVerificationPK11Mutex");
// TODO: tuning, make parameters preferences
// XXX: instantiate nsThreadPool directly, to make this more bulletproof.
// Currently, the nsThreadPool.h header isn't exported for us to do so.
nsresult rv = CallCreateInstance(NS_THREADPOOL_CONTRACTID,
&gCertVerificationThreadPool);
if (NS_FAILED(rv)) {
NS_WARNING("Failed to create SSL cert verification threads.");
return;
@@ -202,24 +191,16 @@ InitializeSSLServerCertVerificationThrea
// shutdown of the nsNSSComponent service. We use the
// nsNSSShutdownPreventionLock where needed (not here) to prevent that.
void StopSSLServerCertVerificationThreads()
{
if (gCertVerificationThreadPool) {
gCertVerificationThreadPool->Shutdown();
NS_RELEASE(gCertVerificationThreadPool);
}
- if (gSSLVerificationTelemetryMutex) {
- delete gSSLVerificationTelemetryMutex;
- gSSLVerificationTelemetryMutex = nullptr;
- }
- if (gSSLVerificationPK11Mutex) {
- delete gSSLVerificationPK11Mutex;
- gSSLVerificationPK11Mutex = nullptr;
- }
}
namespace {
void
LogInvalidCertError(nsNSSSocketInfo* socketInfo,
PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType)
@@ -1604,21 +1585,20 @@ SSLServerCertVerificationJob::Run()
restart->Dispatch();
Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
return NS_OK;
}
// Note: the interval is not calculated once as PR_GetError MUST be called
// before any other function call
error = PR_GetError();
- {
- TimeStamp now = TimeStamp::Now();
- MutexAutoLock telemetryMutex(*gSSLVerificationTelemetryMutex);
- Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
- }
+
+ TimeStamp now = TimeStamp::Now();
+ Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
+
if (error != 0) {
RefPtr<CertErrorRunnable> runnable(
CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert,
mFdForLogging, mProviderFlags, mPRTime));
if (!runnable) {
// CreateCertErrorRunnable set a new error code
error = PR_GetError();
} else {
@@ -1866,15 +1846,13 @@ SSLServerCertVerificationResult::Dispatc
NS_IMETHODIMP
SSLServerCertVerificationResult::Run()
{
// TODO: Assert that we're on the socket transport thread
if (mTelemetryID != Telemetry::HistogramCount) {
Telemetry::Accumulate(mTelemetryID, mTelemetryValue);
}
- // XXX: This cast will be removed by the next patch
- ((nsNSSSocketInfo*) mInfoObject.get())
- ->SetCertVerificationResult(mErrorCode, mErrorMessageType);
+ mInfoObject->SetCertVerificationResult(mErrorCode, mErrorMessageType);
return NS_OK;
}
} } // namespace mozilla::psm