Re: Problems with automatic pkcs11 reinit on fork

[Nikos Mavrogiannopoulos]

On 10/08/2011 08:19 AM, Stef Walter wrote:
> In p11-kit we've copied the pakchois behavior of automatically
> reinitializing when a fork happens. In PKCS#11 an application using
> PKCS#11 modules has to call C_Initialize after a fork to reinitialize
> the smart card driver.
>
> The automatic reinitialization behavior of p11-kit is sort of nice from
> the perspective of the consumers of the library, however it causes
> performance problems when it's automatic.
[...]
> For example if a process that's using p11-kit forks/execs another
> executable, then all the PKCS#11 providers are reinitialized after the
> fork and before the exec.
> Perhaps we should change p11-kit so that it's fork aware, and zeros its
> initialization ref counts, but expects the user of the library to
> actually reinitialize after a fork.
> For example, in the case of gnutls, on the next use of PKCS#11 after a
> fork gnutls would need to call p11_kit_initialize_registered() again.

Actually that would have to be gnutls' applications that I don't expect 
them to do it. gnutls itself it does know of fork, unless we call 
getpid() on every pkcs11 call to detect forks.

Couldn't this be handled entirely within p11-kit? I.e. at fork instead 
of initializing everything, mark as everything being uninitialized. Then
(a) either reinitialize everything on the first pkcs11 call, or (b) 
provide a call like p11_kit_reinitialize_if_needed() or so.

On the (b) case the user of p11-kit would have to call 
p11_kit_reinitialize_if_needed() before every pkcs11 call. This is very 
ugly, but better than nothing. I'd prefer (a).

regards,
Nikos