OSSL_LIB_CTX should be refactored to avoid locking issues

[mattcaswell]

This comment from issue #17064 suggests refactoring OSSL_LIB_CTX to avoid locking issues:

I actually think we should consider refactoring the OSSL_LIB_CTX code. It's based around CRYPTO_EX_DATA which makes conceptual sense - bit it makes the locking considerably harder than it needs to be. Take a look at the locking in ossl_lib_ctx_get_data and then back slowly away. If we could get away without having to take the ctx->lock all the time (which I think might be possible) that might be a big win.

Part of the problem described in #17064 is due to lock contention in ossl_lib_ctx_get_data

[paulidale]

Any thoughts on how to do this? The current libctx and store locking is pretty convoluted but it does try to keep locks for short periods of time.

[mattcaswell]

Any thoughts on how to do this? The current libctx and store locking is pretty convoluted but it does try to keep locks for short periods of time.

This particular issue is focused on the locking in OSSL_LIB_CTX itself (as opposed to store or provider or any other similar things), i.e. stuff in context.c

I think it is possible to make this file almost entirely lockless. The problem is that crypto_ex_data stuff gets added to the libctx lazily. Therefore we have to lock everything before ossl_lib_ctx_get_data returns anything back to the caller. However, we know everything that needs to be stored in the libctx. If we allocated the memory for all this stuff eagerly during the construction of the libctx then we know the pointers returned by ossl_lib_ctx_get_data will never change until the libctx gets freed again. Therefore we can do the whole thing locklessly.

[paulidale]

Good idea.

[paulidale]

An alternative suggestion as to the implementation of this.

Instead of eagerly creating the entire contents of the crypto_ex_data, just eagerly create the various locks and lazily create the actual pointers. Something like:

    write_lock(crypto_ex_data[i]);
    if (crypto_ex_data[i] == NULL)
        create_entry(i);
    unlock(crypto_ex_data[i]);
    return crypto_ex_data[i];

It might need additional locking for the caller but that's the gist of it. It might be possible to read lock then write lock if required.

[t8m]

Instead of eagerly creating the entire contents of the crypto_ex_data, just eagerly create the various locks and lazily create the actual pointers.

Would we actually save anything by this complication in any real world scenario? I mean all the ex data stored in libctx will almost always be needed if any real operation with the libctx is done. Or am I wrong?

[t8m]

Alternative proposal would be to keep the EX_DATA stuff in libctx as is but move things that are most commonly accessed and present in virtually every libctx, directly into the libctx struct.

I do not see the reason why we should keep everything in EX_DATA.