From: Zhiqi Song <songzhiqi1@huawei.com> There is a process-level global 'cipher' corresponding to each supported nid in uadk_engine, and the initial value is NULL, uadk_e_create_cipher() will create corresponding cipher in a process. As the uadk_e_cipher() will be called multi times in multi-thread sence, we add a jugement of 'cipher' before. It is supposed to create a cipher if it is NULL. However, in the case of multi-thread sence, there may be thread contention, multiple threads may create multiple cipher objects related to the same nid, as the creating of a cipher object is slow. And the memory of the cipher object for the specified nid are released only once in a process, so there will be memory leaks. A specified nid needs to have only one cipher object in a process, so add mutex lock in creating cipher process to avoid allocating redundant cipher object. Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com> --- src/uadk_cipher_adapter.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c index b4a7a0e..3146968 100644 --- a/src/uadk_cipher_adapter.c +++ b/src/uadk_cipher_adapter.c @@ -20,6 +20,7 @@ #define HW_SEC_V3 3 static int g_platform; +static pthread_mutex_t create_cipher_mutex = PTHREAD_MUTEX_INITIALIZER; static int cipher_hw_v2_nids[] = { NID_aes_128_cbc, @@ -164,9 +165,10 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n for (i = 0; i < num_cc; i++) { if (nid == c_info[i].nid) { + pthread_mutex_lock(&create_cipher_mutex); if (c_info[i].cipher == NULL) uadk_e_create_ciphers(i); - + (void)pthread_mutex_unlock(&create_cipher_mutex); *cipher = c_info[i].cipher; return 1; } -- 2.33.0