On 22.09.2015 11:55, Nikos Mavrogiannopoulos wrote: > On Mon, 2015-09-21 at 15:12 +0200, Stef Walter wrote: > >> Several functions (such as CloseAllSessions()) in PKCS#11 act >> globally. >> By returning a different closure for those function pointers to each >> caller, we can scope those effects. We don't do this only in the >> proxy >> module, but throughout the PKCS#11 API. >> >> The following functions are routinely wrapped in a closure: >> >> C_Initialize >> C_Finalize >> C_CloseAllSessions >> C_CloseSession >> C_OpenSession >> >> In addition, if things like remoting or logging are enabled, then all >> functions are wrapped ... so their arguments can be remoted or logged >> respectively. > [...] >> 2. We could precompile NNNN closures into the executable, and these >> would be consumed as necessary. This is how p11-kit used to >> perform >> this task. It's really horrible code ... but could be done as a >> last >> resort ... and the code is in the git history. > > I've tried with avoiding the tmpdir in libffi, and have the same issue > with executable memory. So I think we are at this point...
That would place a static limit on the amount of callers of any "managed" PKCS#11 modules in p11-kit. What is the number you think is appropriate to limit that to to in a single process? Stef
signature.asc
Description: OpenPGP digital signature
_______________________________________________ p11-glue mailing list p11-glue@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/p11-glue