Skip to content

Improve mutex locking protection for concurrent thread usage #410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
embhorn merged 4 commits into from
May 5, 2025
Merged

Improve mutex locking protection for concurrent thread usage #410

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d27306b
Improve mutex locking protection for concurrent thread usage. Use a g…
dgarske Apr 29, 2025
ac800d3
Fix no `WOLFSSL_MUTEX_INITIALIZER` case.
dgarske Apr 30, 2025
e7aad1a
Support for pthread static mutex when building against older wolfSSL …
dgarske May 2, 2025
f2e6be4
Add build option `WOLFTPM_NO_ACTIVE_THREAD_LS` to remove thread local…
dgarske May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 31 additions & 36 deletions src/tpm2.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,23 @@
/* --- Local Variables -- */
/******************************************************************************/


#ifdef WOLFTPM_NO_ACTIVE_THREAD_LS
/* if using gHwLock and want to use a shared active TPM2_CTX between threads */
static TPM2_CTX* gActiveTPM;
#else
static THREAD_LS_T TPM2_CTX* gActiveTPM;
#endif

#ifndef WOLFTPM2_NO_WOLFCRYPT
static volatile int gWolfCryptRefCount = 0;
#endif

#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(WOLFTPM_NO_LOCK) && \
!defined(SINGLE_THREADED)
static wolfSSL_Mutex gHwLock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(gHwLock);
#endif

#ifdef WOLFTPM_LINUX_DEV
#define INTERNAL_SEND_COMMAND TPM2_LINUX_SendCommand
#define TPM2_INTERNAL_CLEANUP(ctx)
Expand All @@ -61,43 +73,24 @@ static volatile int gWolfCryptRefCount = 0;
/******************************************************************************/
static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx)
{
#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(WOLFTPM_NO_LOCK)
(void)ctx;
#else
int ret;

if (!ctx->hwLockInit) {
if (wc_InitMutex(&ctx->hwLock) != 0) {
#ifdef DEBUG_WOLFTPM
printf("TPM Mutex Init failed\n");
#endif
return TPM_RC_FAILURE;
}
ctx->hwLockInit = 1;
ctx->lockCount = 0;
}

if (ctx->lockCount == 0) {
ret = wc_LockMutex(&ctx->hwLock);
if (ret != 0)
return TPM_RC_FAILURE;
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(WOLFTPM_NO_LOCK) && \
!defined(SINGLE_THREADED)
int ret = wc_LockMutex(&gHwLock);
if (ret != 0) {
return TPM_RC_FAILURE;
}
ctx->lockCount++;
#endif
(void)ctx;
return TPM_RC_SUCCESS;
}

static void TPM2_ReleaseLock(TPM2_CTX* ctx)
{
#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(WOLFTPM_NO_LOCK)
(void)ctx;
#else
ctx->lockCount--;
if (ctx->lockCount == 0) {
wc_UnLockMutex(&ctx->hwLock);
}

#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(WOLFTPM_NO_LOCK) && \
!defined(SINGLE_THREADED)
wc_UnLockMutex(&gHwLock);
#endif
(void)ctx;
}

static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
Expand Down Expand Up @@ -507,6 +500,10 @@ static inline int TPM2_WolfCrypt_Init(void)
if (rc == 0)
rc = wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if !defined(WOLFTPM_NO_LOCK) && !defined(SINGLE_THREADED) && \
!defined(WOLFSSL_MUTEX_INITIALIZER)
wc_InitMutex(&gHwLock);
#endif
}
gWolfCryptRefCount++;

Expand Down Expand Up @@ -697,19 +694,17 @@ TPM_RC TPM2_Cleanup(TPM2_CTX* ctx)
wc_FreeRng(&ctx->rng);
}
#endif
#ifndef WOLFTPM_NO_LOCK
if (ctx->hwLockInit) {
ctx->hwLockInit = 0;
wc_FreeMutex(&ctx->hwLock);
}
#endif

/* track wolf initialize reference count in wolfTPM. wolfCrypt does not
properly track reference count in v4.1 or older releases */
* properly track reference count in v4.1 or older releases */
gWolfCryptRefCount--;
if (gWolfCryptRefCount < 0)
gWolfCryptRefCount = 0;
if (gWolfCryptRefCount == 0) {
#if !defined(WOLFTPM_NO_LOCK) && !defined(SINGLE_THREADED) && \
!defined(WOLFSSL_MUTEX_INITIALIZER)
wc_FreeMutex(&gHwLock);
#endif
wolfCrypt_Cleanup();
}
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
Expand Down
7 changes: 0 additions & 7 deletions wolftpm/tpm2.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1855,10 +1855,6 @@ typedef struct TPM2_CTX {
struct wolfTPM_winContext winCtx;
#endif
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef WOLFTPM_NO_LOCK
wolfSSL_Mutex hwLock;
int lockCount;
#endif
#ifdef WOLFTPM2_USE_WOLF_RNG
WC_RNG rng;
#endif
Expand All @@ -1878,9 +1874,6 @@ typedef struct TPM2_CTX {
byte rid;
/* Informational Bits - use unsigned int for best compiler compatibility */
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef WOLFTPM_NO_LOCK
unsigned int hwLockInit:1;
#endif
#ifndef WC_NO_RNG
unsigned int rngInit:1;
#endif
Expand Down
14 changes: 14 additions & 0 deletions wolftpm/tpm2_types.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,20 @@ typedef int64_t INT64;
#endif
#endif

/* if using older wolfSSL that does not have the pthread mutex initializer */
#ifndef WOLFSSL_MUTEX_INITIALIZER
#if defined(WOLFSSL_PTHREADS)
#define WOLFSSL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
#endif
#endif
#ifndef WOLFSSL_MUTEX_INITIALIZER_CLAUSE
#ifdef WOLFSSL_MUTEX_INITIALIZER
#define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) = WOLFSSL_MUTEX_INITIALIZER
#else
#define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) /* null expansion */
#endif
#endif

#ifndef WOLFTPM_CUSTOM_TYPES
#include <stdlib.h>

Expand Down