core: fix race condition on single instance TA loading

Fix race condition on single instance TA creation where several
instances of a single instance TA could be created if invoked close
enough that they are both created after tee_ta_init_session() calls
tee_ta_init_session_with_context().

Closes: OP-TEE#6801
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

core/include/kernel/tee_ta_manager.h

@@ -100,6 +100,9 @@ extern struct tee_ta_ctx_head tee_ctxes;
 extern struct mutex tee_ta_mutex;
 extern struct condvar tee_ta_init_cv;
 
+TEE_Result tee_ta_init_session_with_context(struct tee_ta_session *s,
+					    const TEE_UUID *uuid);
+
 TEE_Result tee_ta_open_session(TEE_ErrorOrigin *err,
 			       struct tee_ta_session **sess,
 			       struct tee_ta_session_head *open_sessions,

core/kernel/tee_ta_manager.c

@@ -517,8 +517,8 @@ TEE_Result tee_ta_close_session(struct tee_ta_session *csess,
 	return TEE_SUCCESS;
 }
 
-static TEE_Result tee_ta_init_session_with_context(struct tee_ta_session *s,
-						   const TEE_UUID *uuid)
+TEE_Result tee_ta_init_session_with_context(struct tee_ta_session *s,
+					    const TEE_UUID *uuid)
 {
 	struct tee_ta_ctx *ctx = NULL;
 

core/kernel/user_ta.c

@@ -486,6 +486,20 @@ TEE_Result tee_ta_init_user_ta_session(const TEE_UUID *uuid,
 #endif
 
 	mutex_lock(&tee_ta_mutex);
+
+	/*
+	 * Before updating the context list check again if a context
+	 * already exists in the list for a single instance TA, maybe
+	 * created recently enough so that it was not found at entry
+	 * in tee_ta_init_session().
+	 */
+	res = tee_ta_init_session_with_context(s, uuid);
+	if (res != TEE_ERROR_ITEM_NOT_FOUND) {
+		free(utc);
+		mutex_unlock(&tee_ta_mutex);
+		return res;
+	}
+
 	s->ts_sess.ctx = &utc->ta_ctx.ts_ctx;
 	s->ts_sess.handle_scall = s->ts_sess.ctx->ops->handle_scall;
 	/*