1 files changed, 19 insertions, 0 deletions

diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c
index 3f704436d..2c7ee38f2 100644
--- a/security/nss/lib/pk11wrap/dev3hack.c
+++ b/security/nss/lib/pk11wrap/dev3hack.c
@@ -67,6 +67,7 @@ nssSession_ImportNSS3Session(NSSArena *arenaOpt,
     rvSession = nss_ZNEW(arenaOpt, nssSession);
     rvSession->handle = session;
     rvSession->lock = lock;
+    rvSession->ownLock = PR_FALSE;
     rvSession->isRW = rw;
     return rvSession;
 }
@@ -92,6 +93,23 @@ nssSlot_CreateSession
 	}
 	rvSession->isRW = PR_TRUE;
 	rvSession->slot = slot;
+        /*
+         * The session doesn't need its own lock.  Here's why.
+         * 1. If we are reusing the default RW session of the slot,
+         *    the slot lock is already locked to protect the session.
+         * 2. If the module is not thread safe, the slot (or rather
+         *    module) lock is already locked.
+         * 3. If the module is thread safe and we are using a new
+         *    session, no higher-level lock has been locked and we
+         *    would need a lock for the new session.  However, the
+         *    NSS_3_4_CODE usage of the session is that it is always
+         *    used and destroyed within the same function and never
+         *    shared with another thread.
+         * So the session is either already protected by another
+         * lock or only used by one thread.
+         */
+        rvSession->lock = NULL;
+        rvSession->ownLock = PR_FALSE;
 	return rvSession;
     } else {
 	return NULL;
@@ -136,6 +154,7 @@ nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
     rvSlot->slotID = nss3slot->slotID;
     /* Grab the slot name from the PKCS#11 fixed-length buffer */
     rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena);
+    rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
     return rvSlot;
 }