New issue
Advanced search Search tips

Issue 877630 link

Starred by 2 users
Status: Assigned
Owner:
pmarko@chromium.org
Cc:
etiennep@chromium.org
rsleevi@chromium.org
gab@chromium.org
fdoray@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

NSSCertDatabaseChromeOS::ListCertsImpl blocks in a context where it is not allowed

Project Member Reported by etiennep@chromium.org, Aug 24 
NSSCertDatabaseChromeOS::ListCertsImpl, called from IsCertInNSSDatabaseOnIOThread, blocks on the main thread, where blocking is not allowed.
Following CL demonstrate failure by adding assertion.
https://chromium-review.googlesource.com/c/chromium/src/+/1188780

Call stack:

[ RUN      ] PolicyProvidedClientCertsTest.ClientCertsImported
[1359:1359:0824/120956.116484:WARNING:chrome_browser_main_chromeos.cc(577)] Running as stub user with profile dir: test-user
[1359:1359:0824/120956.213421:ERROR:device_settings_service.cc(314)] Session manager operation failed: 3
[1359:1359:0824/120956.213480:ERROR:device_cloud_policy_store_chromeos.cc(236)] Device policy read on enrolled device yields no DM token! Status: 3.
[1359:1359:0824/120956.242711:INFO:remote_commands_service.cc(38)] Fetching remote commands.
[1359:1359:0824/120956.273253:WARNING:remote_commands_service.cc(40)] Client is not registered.
[1359:1359:0824/120956.273317:INFO:remote_commands_invalidator.cc(32)] Initialize RemoteCommandsInvalidator.
[1359:1359:0824/120956.273337:INFO:remote_commands_invalidator.cc(57)] Starting RemoteCommandsInvalidator.
[1359:1359:0824/120956.273370:INFO:remote_commands_invalidator.cc(123)] RemoteCommandsInvalidator ReloadPolicyData.
[1359:1359:0824/120956.273388:INFO:remote_commands_invalidator.cc(167)] Unregister RemoteCommandsInvalidator.
[1359:1359:0824/120956.273810:ERROR:device_settings_service.cc(314)] Session manager operation failed: 3
[1359:1359:0824/120956.356095:ERROR:network_profile_handler.cc(83)] Manager properties returned from Shill don't contain the field Profiles
[1359:1359:0824/120956.356150:ERROR:network_sms_handler.cc(436)] NetworkSmsHandler: No list value for: Devices
[1359:1359:0824/120956.384438:ERROR:device_settings_service.cc(314)] Session manager operation failed: 3
[1359:1359:0824/120956.389136:ERROR:device_settings_service.cc(314)] Session manager operation failed: 3
[1359:1359:0824/120956.390701:ERROR:content_gpu_interface_provider.cc(83)] Not implemented reached in virtual void ash::ContentGpuInterfaceProvider::RegisterOzoneGpuInterfaces(service_manager::BinderRegistry *)
[1359:1375:0824/120956.449227:INFO:nss_cert_database_chromeos.cc(122)] UserCertLogging: Invoked with log_reason=ListCertsSync, system_slot_present=0
[1359:1370:0824/120956.449209:FATAL:thread_restrictions.cc(29)] Check failed: !g_blocking_disallowed.Get().Get(). Function marked as blocking was called from a scope that disallows blocking! If this task is running inside the TaskScheduler, it needs to have MayBlock() in its TaskTraits. Otherwise, consider making this blocking work asynchronous or, as a last resort, you may use ScopedAllowBlocking (see its documentation for best practices).
#0 0x000004cde9ec base::debug::StackTrace::StackTrace()
#1 0x000004c478ab logging::LogMessage::~LogMessage()
#2 0x000004cb6d29 base::AssertBlockingAllowed()
#3 0x0000053bdb65 net::NSSCertDatabaseChromeOS::ListCertsImpl()
#4 0x0000053bdb2f net::NSSCertDatabaseChromeOS::ListCertsSync()
#5 0x000001ab7a45 policy::(anonymous namespace)::IsCertInNSSDatabaseOnIOThreadWithCertDb()
#6 0x000001ab7c00 _ZN4base8internal7InvokerINS0_9BindStateIPFvRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPbNS_12OnceCallbackIFvvEEEPN3net15NSSCertDatabaseEEJS9_SC_NS_17RepeatingCallbackISE_EEEEEFvSI_EE3RunEPNS0_13BindStateBaseESI_
#7 0x000001ab77d5 policy::(anonymous namespace)::IsCertInNSSDatabaseOnIOThread()
#8 0x000001ab7840 _ZN4base8internal7InvokerINS0_9BindStateIPFvPN7content15ResourceContextERKNSt3__112basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEEPbNS_12OnceCallbackIFvvEEEEJS5_SC_SF_NS_17RepeatingCallbackISH_EEEEESH_E7RunOnceEPNS0_13BindStateBaseE
#9 0x000004d00155 base::debug::TaskAnnotator::RunTask()
#10 0x000004c5035e base::MessageLoop::RunTask()
#11 0x000004c506e3 base::MessageLoop::DoWork()
#12 0x000004cfad99 base::MessagePumpLibevent::Run()
#13 0x000004c4fef4 base::MessageLoop::Run()
#14 0x000004c76539 base::RunLoop::Run()
#15 0x000004cb4e27 base::Thread::Run()
#16 0x0000032b7ad4 content::BrowserProcessSubThread::IOThreadRun()
#17 0x0000032b7a74 content::BrowserProcessSubThread::Run()
#18 0x000004cb5185 base::Thread::ThreadMain()
#19 0x000004ceef9f base::(anonymous namespace)::ThreadFunc()
#20 0x7f7f78916184 start_thread
#21 0x7f7f7564b03d clone

Solution is to make asynchronous call:
https://chromium.googlesource.com/chromium/src/+/lkgr/docs/threading_and_tasks.md#Keeping-the-Browser-Responsive

Comment 1 by pmarko@chromium.org, Aug 27

Cc: rsleevi@chromium.org
Status: Assigned (was: Untriaged)
+Ryan as you participated on the e-mail thread - this is the context.

I'll create a CL shortly to change this in the browser test.

Comment 2 by etiennep@chromium.org, Aug 27

Cc: etiennep@chromium.org

Comment 3 by etiennep@chromium.org, Aug 27 

Since blocking only happens in browser_tests, the simplest solution is to instantiate ScopedAllowBlockingForTesting rather than make async call.

Sign in to add a comment