Problems with automatic pkcs11 reinit on fork
Stef Walter
stefw at collabora.co.uk
Sat Oct 8 08:19:49 CEST 2011
In p11-kit we've copied the pakchois behavior of automatically
reinitializing when a fork happens. In PKCS#11 an application using
PKCS#11 modules has to call C_Initialize after a fork to reinitialize
the smart card driver.
The automatic reinitialization behavior of p11-kit is sort of nice from
the perspective of the consumers of the library, however it causes
performance problems when it's automatic.
For example if a process that's using p11-kit forks/execs another
executable, then all the PKCS#11 providers are reinitialized after the
fork and before the exec.
Perhaps we should change p11-kit so that it's fork aware, and zeros its
initialization ref counts, but expects the user of the library to
actually reinitialize after a fork.
For example, in the case of gnutls, on the next use of PKCS#11 after a
fork gnutls would need to call p11_kit_initialize_registered() again.
How does that sound? Alon, I hope it's okay that I've CC'd you. You
have extensive experience with how applications deal with this issue, so
I figured you may have valuable advice.
Cheers,
Stef
More information about the Gnutls-devel
mailing list