From d7a39ae21ed953b1fd81f07ae022b1fd2fd0eb48 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 17 Oct 2023 14:34:26 +0100 Subject: [PATCH] Add plan for 3.6 to threading design Signed-off-by: Janos Follath --- docs/architecture/psa-thread-safety.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/architecture/psa-thread-safety.md b/docs/architecture/psa-thread-safety.md index 3a18d35ab..9e396e082 100644 --- a/docs/architecture/psa-thread-safety.md +++ b/docs/architecture/psa-thread-safety.md @@ -381,3 +381,18 @@ Since we only have simple mutexes, locking the same mutex from the same thread i Releasing the mutex before a function call might introduce race conditions. Therefore might not be practical to take the mutex in low level access functions. If functions like that don't take the mutex, they need to rely on the caller to take it for them. These functions will document that the caller is required to hold the mutex. To avoid performance degradation, functions must not start expensive operations (eg. doing cryptography) while holding the mutex. + +## Strategy for 3.6 + +The goal is to provide viable threading support without extending the platform abstraction. (Condition variables should be added in 4.0.) This means that we will be relying on mutexes only. + +- Key Store + - Slot states guarantee safe concurrent access to slot contents + - Slot states will be protected by a global mutex + - Simple key destruction strategy as described in #mutex-only (variant 2.) +- Concurrent calls to operation contexts will be prevented by state fields which shall be protected by a global mutex +- Drivers + - The solution shall use the pre-existing MBEDTLS_THREADING_C threading abstraction + - Drivers will be protected by their own dedicated lock - only non-thread safe drivers are supported + - Constraints on the drivers and the core will be in place and documented as proposed in #reentrancy +- The main `global_data` (the one in `psa_crypto.c`) shall be protected by its own mutex