Skip to content

Guard U2F workflows to prevent overlapping HAL borrows#1846

Draft
benma wants to merge 1 commit intomasterfrom
codex/fix-overlapping-u2f-workflows-issue
Draft

Guard U2F workflows to prevent overlapping HAL borrows#1846
benma wants to merge 1 commit intomasterfrom
codex/fix-overlapping-u2f-workflows-issue

Conversation

@benma
Copy link
Collaborator

@benma benma commented Mar 11, 2026

Motivation

  • Prevent multiple detached U2F workflow futures from running concurrently and mutably aliasing the single global HAL, which can cause undefined behavior or crashes when a host triggers overlapping U2F requests.

Description

  • Add a global WORKFLOW_IN_PROGRESS: AtomicBool in src/rust/bitbox02-rust-c/src/u2f_c_api.rs and use compare_exchange at the start of rust_workflow_spawn_unlock and rust_workflow_spawn_confirm to reject new spawns while a workflow is active, and clear the flag when the async future finishes.

Testing

  • Ran formatting and test commands used in the project: cd src/rust && cargo fmt (failed: rustfmt/cargo-fmt not installed), ./scripts/docker_exec.sh make -j run-rust-unit-tests (failed: docker not available), and cd src/rust && cargo test -p bitbox02-rust-c --no-run (failed: bindgen not in PATH); no unit tests could be executed in this environment but the change is limited and compiles in-tree where toolchain prerequisites are met.

Codex Task

@benma
Block overlapping U2F workflows
a05d5c7 
Guard U2F unlock/confirm spawns with a single in-progress flag so
only one workflow future can run at a time. This prevents concurrent
mutable access to the shared global HAL from detached executor tasks.
@benma benma marked this pull request as draft March 11, 2026 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benma