Print this page
1667 pkcs11 may deadlock when multi-threaded consumers fork
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGeneral.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGeneral.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
24 26 */
25 27
26 28 #include <strings.h>
27 29 #include <errno.h>
28 30 #include <cryptoutil.h>
29 31 #include <unistd.h> /* for pid_t */
30 32 #include <pthread.h>
31 33 #include <security/cryptoki.h>
32 34 #include "softGlobal.h"
33 35 #include "softSession.h"
34 36 #include "softObject.h"
35 37 #include "softKeystore.h"
36 38 #include "softKeystoreUtil.h"
37 39
38 40 #pragma init(softtoken_init)
39 41 #pragma fini(softtoken_fini)
40 42
41 43 extern soft_session_t token_session; /* for fork handler */
42 44
43 45 static struct CK_FUNCTION_LIST functionList = {
44 46 { 2, 20 }, /* version */
45 47 C_Initialize,
46 48 C_Finalize,
47 49 C_GetInfo,
48 50 C_GetFunctionList,
49 51 C_GetSlotList,
50 52 C_GetSlotInfo,
51 53 C_GetTokenInfo,
52 54 C_GetMechanismList,
53 55 C_GetMechanismInfo,
54 56 C_InitToken,
55 57 C_InitPIN,
56 58 C_SetPIN,
57 59 C_OpenSession,
58 60 C_CloseSession,
59 61 C_CloseAllSessions,
60 62 C_GetSessionInfo,
61 63 C_GetOperationState,
62 64 C_SetOperationState,
63 65 C_Login,
64 66 C_Logout,
65 67 C_CreateObject,
66 68 C_CopyObject,
67 69 C_DestroyObject,
68 70 C_GetObjectSize,
69 71 C_GetAttributeValue,
70 72 C_SetAttributeValue,
71 73 C_FindObjectsInit,
72 74 C_FindObjects,
73 75 C_FindObjectsFinal,
74 76 C_EncryptInit,
75 77 C_Encrypt,
76 78 C_EncryptUpdate,
77 79 C_EncryptFinal,
78 80 C_DecryptInit,
79 81 C_Decrypt,
80 82 C_DecryptUpdate,
81 83 C_DecryptFinal,
82 84 C_DigestInit,
83 85 C_Digest,
84 86 C_DigestUpdate,
85 87 C_DigestKey,
86 88 C_DigestFinal,
87 89 C_SignInit,
88 90 C_Sign,
89 91 C_SignUpdate,
90 92 C_SignFinal,
91 93 C_SignRecoverInit,
92 94 C_SignRecover,
93 95 C_VerifyInit,
94 96 C_Verify,
95 97 C_VerifyUpdate,
96 98 C_VerifyFinal,
97 99 C_VerifyRecoverInit,
98 100 C_VerifyRecover,
99 101 C_DigestEncryptUpdate,
100 102 C_DecryptDigestUpdate,
101 103 C_SignEncryptUpdate,
102 104 C_DecryptVerifyUpdate,
103 105 C_GenerateKey,
104 106 C_GenerateKeyPair,
105 107 C_WrapKey,
106 108 C_UnwrapKey,
107 109 C_DeriveKey,
108 110 C_SeedRandom,
109 111 C_GenerateRandom,
110 112 C_GetFunctionStatus,
111 113 C_CancelFunction,
112 114 C_WaitForSlotEvent
113 115 };
114 116
115 117 boolean_t softtoken_initialized = B_FALSE;
116 118
117 119 static pid_t softtoken_pid = 0;
118 120
119 121 /* This mutex protects soft_session_list, all_sessions_closing */
120 122 pthread_mutex_t soft_sessionlist_mutex;
121 123 soft_session_t *soft_session_list = NULL;
122 124
123 125 int all_sessions_closing = 0;
124 126
125 127 slot_t soft_slot;
126 128 obj_to_be_freed_list_t obj_delay_freed;
127 129 ses_to_be_freed_list_t ses_delay_freed;
128 130
129 131 /* protects softtoken_initialized and access to C_Initialize/C_Finalize */
130 132 pthread_mutex_t soft_giant_mutex = PTHREAD_MUTEX_INITIALIZER;
131 133
132 134 static CK_RV finalize_common(boolean_t force, CK_VOID_PTR pReserved);
133 135 static void softtoken_init();
134 136 static void softtoken_fini();
135 137 static void softtoken_fork_prepare();
136 138 static void softtoken_fork_after();
137 139
138 140 CK_RV
139 141 C_Initialize(CK_VOID_PTR pInitArgs)
140 142 {
141 143
142 144 int initialize_pid;
143 145 boolean_t supplied_ok;
144 146 CK_RV rv;
145 147
146 148 /*
147 149 * Get lock to insure only one thread enters this
148 150 * function at a time.
149 151 */
150 152 (void) pthread_mutex_lock(&soft_giant_mutex);
151 153
152 154 initialize_pid = getpid();
153 155
154 156 if (softtoken_initialized) {
155 157 if (initialize_pid == softtoken_pid) {
156 158 /*
157 159 * This process has called C_Initialize already
158 160 */
159 161 (void) pthread_mutex_unlock(&soft_giant_mutex);
160 162 return (CKR_CRYPTOKI_ALREADY_INITIALIZED);
161 163 } else {
162 164 /*
163 165 * A fork has happened and the child is
164 166 * reinitializing. Do a finalize_common to close
165 167 * out any state from the parent, and then
166 168 * continue on.
167 169 */
168 170 (void) finalize_common(B_TRUE, NULL);
169 171 }
170 172 }
171 173
172 174 if (pInitArgs != NULL) {
173 175 CK_C_INITIALIZE_ARGS *initargs1 =
174 176 (CK_C_INITIALIZE_ARGS *) pInitArgs;
175 177
176 178 /* pReserved must be NULL */
177 179 if (initargs1->pReserved != NULL) {
178 180 (void) pthread_mutex_unlock(&soft_giant_mutex);
179 181 return (CKR_ARGUMENTS_BAD);
180 182 }
181 183
182 184 /*
183 185 * ALL supplied function pointers need to have the value
184 186 * either NULL or non-NULL.
185 187 */
186 188 supplied_ok = (initargs1->CreateMutex == NULL &&
187 189 initargs1->DestroyMutex == NULL &&
188 190 initargs1->LockMutex == NULL &&
189 191 initargs1->UnlockMutex == NULL) ||
190 192 (initargs1->CreateMutex != NULL &&
191 193 initargs1->DestroyMutex != NULL &&
192 194 initargs1->LockMutex != NULL &&
193 195 initargs1->UnlockMutex != NULL);
194 196
195 197 if (!supplied_ok) {
196 198 (void) pthread_mutex_unlock(&soft_giant_mutex);
197 199 return (CKR_ARGUMENTS_BAD);
198 200 }
199 201
200 202 /*
201 203 * When the CKF_OS_LOCKING_OK flag isn't set and mutex
202 204 * function pointers are supplied by an application,
203 205 * return an error. We must be able to use our own primitives.
204 206 */
205 207 if (!(initargs1->flags & CKF_OS_LOCKING_OK) &&
206 208 (initargs1->CreateMutex != NULL)) {
207 209 (void) pthread_mutex_unlock(&soft_giant_mutex);
208 210 return (CKR_CANT_LOCK);
209 211 }
210 212 }
211 213
212 214 /* Initialize the session list lock */
213 215 if (pthread_mutex_init(&soft_sessionlist_mutex, NULL) != 0) {
214 216 (void) pthread_mutex_unlock(&soft_giant_mutex);
215 217 return (CKR_CANT_LOCK);
216 218 }
217 219
218 220 /*
219 221 * token object related initialization
220 222 */
221 223 soft_slot.authenticated = 0;
222 224 soft_slot.userpin_change_needed = 0;
223 225 soft_slot.token_object_list = NULL;
224 226 soft_slot.keystore_load_status = KEYSTORE_UNINITIALIZED;
225 227
226 228 if ((rv = soft_init_token_session()) != CKR_OK) {
227 229 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
228 230 (void) pthread_mutex_unlock(&soft_giant_mutex);
229 231 return (rv);
230 232 }
231 233
232 234 /* Initialize the slot lock */
233 235 if (pthread_mutex_init(&soft_slot.slot_mutex, NULL) != 0) {
234 236 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
235 237 (void) soft_destroy_token_session();
236 238 (void) pthread_mutex_unlock(&soft_giant_mutex);
237 239 return (CKR_CANT_LOCK);
238 240 }
239 241
240 242 /* Initialize the keystore lock */
241 243 if (pthread_mutex_init(&soft_slot.keystore_mutex, NULL) != 0) {
242 244 (void) pthread_mutex_destroy(&soft_slot.slot_mutex);
243 245 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
244 246 (void) soft_destroy_token_session();
245 247 (void) pthread_mutex_unlock(&soft_giant_mutex);
246 248 return (CKR_CANT_LOCK);
247 249 }
248 250
249 251 /* Initialize the object_to_be_freed list */
250 252 if (pthread_mutex_init(&obj_delay_freed.obj_to_be_free_mutex, NULL)
251 253 != 0) {
252 254 (void) pthread_mutex_destroy(&soft_slot.keystore_mutex);
253 255 (void) pthread_mutex_destroy(&soft_slot.slot_mutex);
254 256 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
255 257 (void) soft_destroy_token_session();
256 258 (void) pthread_mutex_unlock(&soft_giant_mutex);
257 259 return (CKR_CANT_LOCK);
258 260 }
259 261 obj_delay_freed.count = 0;
260 262 obj_delay_freed.first = NULL;
261 263 obj_delay_freed.last = NULL;
262 264
263 265 if (pthread_mutex_init(&ses_delay_freed.ses_to_be_free_mutex, NULL)
264 266 != 0) {
265 267 (void) pthread_mutex_destroy(
266 268 &obj_delay_freed.obj_to_be_free_mutex);
267 269 (void) pthread_mutex_destroy(&soft_slot.keystore_mutex);
268 270 (void) pthread_mutex_destroy(&soft_slot.slot_mutex);
269 271 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
270 272 (void) soft_destroy_token_session();
271 273 (void) pthread_mutex_unlock(&soft_giant_mutex);
272 274 return (CKR_CANT_LOCK);
273 275 }
274 276 ses_delay_freed.count = 0;
275 277 ses_delay_freed.first = NULL;
276 278 ses_delay_freed.last = NULL;
277 279
278 280 if (rv != CKR_OK) {
279 281 (void) pthread_mutex_destroy(
280 282 &ses_delay_freed.ses_to_be_free_mutex);
281 283 (void) pthread_mutex_destroy(
282 284 &obj_delay_freed.obj_to_be_free_mutex);
283 285 (void) pthread_mutex_destroy(&soft_slot.keystore_mutex);
284 286 (void) pthread_mutex_destroy(&soft_slot.slot_mutex);
285 287 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
286 288 (void) soft_destroy_token_session();
287 289 (void) pthread_mutex_unlock(&soft_giant_mutex);
288 290 return (CKR_FUNCTION_FAILED);
289 291 }
290 292
291 293 softtoken_pid = initialize_pid;
292 294 softtoken_initialized = B_TRUE;
293 295 (void) pthread_mutex_unlock(&soft_giant_mutex);
294 296
295 297 return (CKR_OK);
296 298 }
297 299
298 300 /*
299 301 * C_Finalize is a wrapper around finalize_common. The
300 302 * soft_giant_mutex should be locked by C_Finalize().
301 303 */
302 304 CK_RV
303 305 C_Finalize(CK_VOID_PTR pReserved)
304 306 {
305 307
306 308 CK_RV rv;
307 309
308 310 (void) pthread_mutex_lock(&soft_giant_mutex);
309 311
310 312 rv = finalize_common(B_FALSE, pReserved);
311 313
312 314 (void) pthread_mutex_unlock(&soft_giant_mutex);
313 315
314 316 return (rv);
315 317
316 318 }
317 319
318 320 /*
319 321 * finalize_common() does the work for C_Finalize. soft_giant_mutex
320 322 * must be held before calling this function.
321 323 */
322 324 static CK_RV
323 325 finalize_common(boolean_t force, CK_VOID_PTR pReserved) {
324 326
325 327 CK_RV rv = CKR_OK;
326 328 struct object *delay_free_obj, *tmpo;
327 329 struct session *delay_free_ses, *tmps;
328 330
329 331 if (!softtoken_initialized) {
330 332 return (CKR_CRYPTOKI_NOT_INITIALIZED);
331 333 }
332 334
333 335 /* Check to see if pReseved is NULL */
334 336 if (pReserved != NULL) {
335 337 return (CKR_ARGUMENTS_BAD);
336 338 }
337 339
338 340 (void) pthread_mutex_lock(&soft_sessionlist_mutex);
339 341 /*
340 342 * Set all_sessions_closing flag so any access to any
341 343 * existing sessions will be rejected.
342 344 */
343 345 all_sessions_closing = 1;
344 346 (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
345 347
346 348 /* Delete all the sessions and release the allocated resources */
|
↓ open down ↓ |
313 lines elided |
↑ open up ↑ |
347 349 rv = soft_delete_all_sessions(force);
348 350
349 351 (void) pthread_mutex_lock(&soft_sessionlist_mutex);
350 352 /* Reset all_sessions_closing flag. */
351 353 all_sessions_closing = 0;
352 354 (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
353 355
354 356 softtoken_initialized = B_FALSE;
355 357 softtoken_pid = 0;
356 358
357 - pkcs11_close_urandom();
358 - pkcs11_close_urandom_seed();
359 - pkcs11_close_random();
359 + /*
360 + * There used to be calls to cleanup libcryptoutil here. Given that
361 + * libcryptoutil can be linked and invoked independently of PKCS#11,
362 + * cleaning up libcryptoutil here makes no sense. Decoupling these
363 + * two also prevent deadlocks and other artificial dependencies.
364 + */
360 365
361 366 /* Destroy the session list lock here */
362 367 (void) pthread_mutex_destroy(&soft_sessionlist_mutex);
363 368
364 369 /*
365 370 * Destroy token object related stuffs
366 371 * 1. Clean up the token object list
367 372 * 2. Destroy slot mutex
368 373 * 3. Destroy mutex in token_session
369 374 */
370 375 soft_delete_all_in_core_token_objects(ALL_TOKEN);
371 376 (void) pthread_mutex_destroy(&soft_slot.slot_mutex);
372 377 (void) pthread_mutex_destroy(&soft_slot.keystore_mutex);
373 378 (void) soft_destroy_token_session();
374 379
375 380 /*
376 381 * free all entries in the delay_freed list
377 382 */
378 383 delay_free_obj = obj_delay_freed.first;
379 384 while (delay_free_obj != NULL) {
380 385 tmpo = delay_free_obj->next;
381 386 free(delay_free_obj);
382 387 delay_free_obj = tmpo;
383 388 }
384 389
385 390 soft_slot.keystore_load_status = KEYSTORE_UNINITIALIZED;
386 391 (void) pthread_mutex_destroy(&obj_delay_freed.obj_to_be_free_mutex);
387 392
388 393 delay_free_ses = ses_delay_freed.first;
389 394 while (delay_free_ses != NULL) {
390 395 tmps = delay_free_ses->next;
391 396 free(delay_free_ses);
392 397 delay_free_ses = tmps;
393 398 }
394 399 (void) pthread_mutex_destroy(&ses_delay_freed.ses_to_be_free_mutex);
395 400
396 401 return (rv);
397 402 }
398 403
399 404 static void
400 405 softtoken_init()
401 406 {
402 407 /* Children inherit parent's atfork handlers */
403 408 (void) pthread_atfork(softtoken_fork_prepare,
404 409 softtoken_fork_after, softtoken_fork_after);
405 410 }
406 411
407 412 /*
408 413 * softtoken_fini() function required to make sure complete cleanup
409 414 * is done if softtoken is ever unloaded without a C_Finalize() call.
410 415 */
411 416 static void
412 417 softtoken_fini()
413 418 {
414 419 (void) pthread_mutex_lock(&soft_giant_mutex);
415 420
416 421 /* if we're not initilized, do not attempt to finalize */
417 422 if (!softtoken_initialized) {
418 423 (void) pthread_mutex_unlock(&soft_giant_mutex);
419 424 return;
420 425 }
421 426
422 427 (void) finalize_common(B_TRUE, NULL_PTR);
423 428
424 429 (void) pthread_mutex_unlock(&soft_giant_mutex);
425 430 }
426 431
427 432 CK_RV
428 433 C_GetInfo(CK_INFO_PTR pInfo)
429 434 {
430 435 if (!softtoken_initialized)
431 436 return (CKR_CRYPTOKI_NOT_INITIALIZED);
432 437
433 438 if (pInfo == NULL) {
434 439 return (CKR_ARGUMENTS_BAD);
435 440 }
436 441
437 442 /* Provide general information in the provided buffer */
438 443 pInfo->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
439 444 pInfo->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
440 445 (void) strncpy((char *)pInfo->manufacturerID,
441 446 SOFT_MANUFACTURER_ID, 32);
442 447 pInfo->flags = 0;
443 448 (void) strncpy((char *)pInfo->libraryDescription,
444 449 LIBRARY_DESCRIPTION, 32);
445 450 pInfo->libraryVersion.major = LIBRARY_VERSION_MAJOR;
446 451 pInfo->libraryVersion.minor = LIBRARY_VERSION_MINOR;
447 452
448 453 return (CKR_OK);
449 454 }
450 455
451 456 CK_RV
452 457 C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
453 458 {
454 459 if (ppFunctionList == NULL) {
455 460 return (CKR_ARGUMENTS_BAD);
456 461 }
457 462
458 463 *ppFunctionList = &functionList;
459 464
460 465 return (CKR_OK);
461 466 }
462 467
463 468 /*
464 469 * PKCS#11 states that C_GetFunctionStatus should always return
465 470 * CKR_FUNCTION_NOT_PARALLEL
466 471 */
467 472 /*ARGSUSED*/
468 473 CK_RV
469 474 C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
470 475 {
471 476 return (CKR_FUNCTION_NOT_PARALLEL);
472 477 }
473 478
474 479 /*
475 480 * PKCS#11 states that C_CancelFunction should always return
476 481 * CKR_FUNCTION_NOT_PARALLEL
477 482 */
478 483 /*ARGSUSED*/
479 484 CK_RV
480 485 C_CancelFunction(CK_SESSION_HANDLE hSession)
481 486 {
482 487 return (CKR_FUNCTION_NOT_PARALLEL);
483 488 }
484 489
485 490 /*
486 491 * Take out all mutexes before fork.
487 492 *
488 493 * Order:
489 494 * 1. soft_giant_mutex
490 495 * 2. soft_sessionlist_mutex
491 496 * 3. soft_slot.slot_mutex
492 497 * 4. soft_slot.keystore_mutex
493 498 * 5. token_session mutexes via soft_acquire_all_session_mutexes()
494 499 * 6. all soft_session_list mutexes via soft_acquire_all_session_mutexes()
495 500 * 7. obj_delay_freed.obj_to_be_free_mutex;
496 501 * 8. ses_delay_freed.ses_to_be_free_mutex
497 502 */
498 503 void
499 504 softtoken_fork_prepare()
500 505 {
501 506 (void) pthread_mutex_lock(&soft_giant_mutex);
502 507 if (softtoken_initialized) {
503 508 (void) pthread_mutex_lock(&soft_sessionlist_mutex);
504 509 (void) pthread_mutex_lock(&soft_slot.slot_mutex);
505 510 (void) pthread_mutex_lock(&soft_slot.keystore_mutex);
506 511 soft_acquire_all_session_mutexes(&token_session);
507 512 soft_acquire_all_session_mutexes(soft_session_list);
508 513 (void) pthread_mutex_lock(
509 514 &obj_delay_freed.obj_to_be_free_mutex);
510 515 (void) pthread_mutex_lock(
511 516 &ses_delay_freed.ses_to_be_free_mutex);
512 517 }
513 518 }
514 519
515 520 /*
516 521 * Release in opposite order to softtoken_fork_prepare().
517 522 * Function is used for parent and child.
518 523 */
519 524 void
520 525 softtoken_fork_after()
521 526 {
522 527 if (softtoken_initialized) {
523 528 (void) pthread_mutex_unlock(
524 529 &ses_delay_freed.ses_to_be_free_mutex);
525 530 (void) pthread_mutex_unlock(
526 531 &obj_delay_freed.obj_to_be_free_mutex);
527 532 soft_release_all_session_mutexes(soft_session_list);
528 533 soft_release_all_session_mutexes(&token_session);
529 534 (void) pthread_mutex_unlock(&soft_slot.keystore_mutex);
530 535 (void) pthread_mutex_unlock(&soft_slot.slot_mutex);
531 536 (void) pthread_mutex_unlock(&soft_sessionlist_mutex);
532 537 }
533 538 (void) pthread_mutex_unlock(&soft_giant_mutex);
534 539 }
|
↓ open down ↓ |
165 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX