-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Send
able sessions for use in multithreaded code
#120
base: master
Are you sure you want to change the base?
Conversation
The existing bindings require a `&mut` reference to the context, indicating that only one session may be alive at a time per context. However, GlobalPlatform v1.0 says: However, it is valid for the Client Application to concurrently use these functions to initialize or finalize different objects; in the above example two threads could initialize different TEEC_Session structures. This indicates both: 1. It should be possible to have two simultaneous live sessions. 2. If synchronization is necessary on the `TEE_Context` object, it is the responsibility of the C library to provide that synchronization. This means that we do not require exclusive access to the `TEE_Context`, either at creation time or during use of the session, so we can take a `&` instead.
By default, Sessions contain a borrow into their Context. This is correct, because the underlying implementation is allowed to have pointer pointing back at their context. However, this makes them harder to use from multiple threads, as a non-static reference is inherently not Send. This provides `OwnedSession`, behind the `owned` feature, which keeps a reference counted hold on the context backing the session to prevent it from being moved or dropped until the session leaves scope. This way, the `OwnedSession` can be transferred to another thread which does not know how long the original thread would keep the context around.
The CI has been fixed, please rebase on the latest commit, thanks! |
self_cell = { version = "1.0", optional = true } | ||
|
||
[features] | ||
owned = ["self_cell"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about change the feature name to the more accurate name such as owned_session
?
/// let uuid = Uuid::parse_str("8abcf200-2450-11e4-abe2-0002a5d5c51b").unwrap(); | ||
/// let p0 = ParamValue(42, 0, ParamType::ValueInout); | ||
/// let mut operation = Operation::new(0, p0, ParamNone, ParamNone, ParamNone); | ||
/// let session = ctx.open_session_with_operation(uuid, operation).unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ctx.open_session_with_operation
to ctx.open_owned_session_with_operation
?
// sessions with 'static lifetime should be Send. | ||
// | ||
// A few ways to construct a session with static lifetime: | ||
// 1. With the "owned" feature, use an `OwnedSession` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we have a hello-world
example for multi-thread session? It would be great if the example can be tested on our CI
@maurer Can you target these changes for @DemesneGH I hope that's something we agreed upon. We will merge |
@b49020 For previous users developed on the |
@DemesneGH I think the better way to handle this is to rather create separate git repos for |
Any update to this PR? |
@x1a0b0 Thanks for your contribution! Since the |
Actually we have done the same thing too, our use case is to build a session pool by using #[ouroboros::self_referencing]
pub struct Session {
ctx: optee_teec::Context,
#[borrows(mut ctx)]
#[covariant]
sess: optee_teec::Session<'this>,
} On my opinion, if we want to introduce a Actually, currently teaclave use a mutable borrow when calling TEEC_OpenSession is a correct way to go, because OP-TEE doesn't promise Context to be concurrent safe when using as parameter of TEEC_OpenSession, so it it required to get a mutable borrow to prevent any other concurrent visit.
|
No description provided.