From c9fc4a5779db08a6c8a0029b779826a188d8b438 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 23 Apr 2017 18:30:50 -0400 Subject: Avoid deadlock triggered by low-probability race condition. Static code analysis (Doxygen call graph) detected a low-probability race condition which could have triggered a deadlock on the keystore mutex if the mkmif code returns with an error like HAL_ERROR_CORE_BUSY when we're trying to fetch the KEK. This is a knock-on effect of the awful kludge of backing up the KEK in the keystore flash as an alternative to powering the MKM with a battery as called for in the design. This code path should not exist at all, but, for now, we avoid the deadlock by making it the caller's responsibility to grab the keystore mutex before looking up the KEK. --- hal_internal.h | 1 + 1 file changed, 1 insertion(+) (limited to 'hal_internal.h') diff --git a/hal_internal.h b/hal_internal.h index f17179c..56d0936 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -421,6 +421,7 @@ extern hal_error_t hal_mkm_volatile_erase(const size_t len); /* #warning MKM flash backup kludge enabled. Do NOT use this in production! */ extern hal_error_t hal_mkm_flash_read(uint8_t *buf, const size_t len); +extern hal_error_t hal_mkm_flash_read_no_lock(uint8_t *buf, const size_t len); extern hal_error_t hal_mkm_flash_write(const uint8_t * const buf, const size_t len); extern hal_error_t hal_mkm_flash_erase(const size_t len); -- cgit v1.2.3