CVS commit: src/sys/crypto/cprng_fast
Module Name:src Committed By: riastradh Date: Sat Aug 5 11:39:18 UTC 2023 Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng_fast(9): Drop and retake percpu reference across cprng_strong. cprng_strong may sleep on an adaptive lock (via entropy_extract), which invalidates percpu(9) references. Discovered by stumbling upon this panic in a test run: panic: kernel diagnostic assertion "(cprng == percpu_getref(cprng_fast_percpu)) && (percpu_putref(cprng_fast_percpu), true)" failed: file "/home/riastradh/netbsd/current/src/sys/rump/librump/rumpkern/../../../crypto/cprng_fast/cprng_fast.c", line 117 XXX pullup-10 To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/crypto/cprng_fast/cprng_fast.c diff -u src/sys/crypto/cprng_fast/cprng_fast.c:1.18 src/sys/crypto/cprng_fast/cprng_fast.c:1.19 --- src/sys/crypto/cprng_fast/cprng_fast.c:1.18 Thu Sep 1 18:32:25 2022 +++ src/sys/crypto/cprng_fast/cprng_fast.c Sat Aug 5 11:39:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $ */ +/* $NetBSD: cprng_fast.c,v 1.19 2023/08/05 11:39:18 riastradh Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.19 2023/08/05 11:39:18 riastradh Exp $"); #include #include @@ -58,7 +58,7 @@ struct cprng_fast { }; static void cprng_fast_init_cpu(void *, void *, struct cpu_info *); -static void cprng_fast_reseed(struct cprng_fast *); +static void cprng_fast_reseed(struct cprng_fast **, unsigned); static void cprng_fast_seed(struct cprng_fast *, const void *); static void cprng_fast_buf(struct cprng_fast *, void *, unsigned); @@ -93,6 +93,7 @@ static int cprng_fast_get(struct cprng_fast **cprngp) { struct cprng_fast *cprng; + unsigned epoch; int s; KASSERT(!cpu_intr_p()); @@ -101,9 +102,10 @@ cprng_fast_get(struct cprng_fast **cprng *cprngp = cprng = percpu_getref(cprng_fast_percpu); s = splsoftserial(); - if (__predict_false(cprng->epoch != entropy_epoch())) { + epoch = entropy_epoch(); + if (__predict_false(cprng->epoch != epoch)) { splx(s); - cprng_fast_reseed(cprng); + cprng_fast_reseed(cprngp, epoch); s = splsoftserial(); } @@ -121,13 +123,25 @@ cprng_fast_put(struct cprng_fast *cprng, } static void -cprng_fast_reseed(struct cprng_fast *cprng) +cprng_fast_reseed(struct cprng_fast **cprngp, unsigned epoch) { - unsigned epoch = entropy_epoch(); + struct cprng_fast *cprng; uint8_t seed[CPRNG_FAST_SEED_BYTES]; int s; + /* + * Drop the percpu(9) reference to extract a fresh seed from + * the entropy pool. cprng_strong may sleep on an adaptive + * lock, which invalidates our percpu(9) reference. + * + * This may race with reseeding in another thread, which is no + * big deal -- worst case, we rewind the entropy epoch here and + * cause the next caller to reseed again, and in the end we + * just reseed a couple more times than necessary. + */ + percpu_putref(cprng_fast_percpu); cprng_strong(kern_cprng, seed, sizeof(seed), 0); + *cprngp = cprng = percpu_getref(cprng_fast_percpu); s = splsoftserial(); cprng_fast_seed(cprng, seed);
CVS commit: src/sys/crypto/cprng_fast
Module Name:src Committed By: riastradh Date: Sat Aug 5 11:39:18 UTC 2023 Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng_fast(9): Drop and retake percpu reference across cprng_strong. cprng_strong may sleep on an adaptive lock (via entropy_extract), which invalidates percpu(9) references. Discovered by stumbling upon this panic in a test run: panic: kernel diagnostic assertion "(cprng == percpu_getref(cprng_fast_percpu)) && (percpu_putref(cprng_fast_percpu), true)" failed: file "/home/riastradh/netbsd/current/src/sys/rump/librump/rumpkern/../../../crypto/cprng_fast/cprng_fast.c", line 117 XXX pullup-10 To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/crypto/cprng_fast
Module Name:src Committed By: riastradh Date: Thu Sep 1 18:32:25 UTC 2022 Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng_fast(9): Assert not in pserialize read section. This may sleep to take the global entropy lock in case it needs to be reseeded. If that happens we can't be in a pserialize read section. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/crypto/cprng_fast/cprng_fast.c diff -u src/sys/crypto/cprng_fast/cprng_fast.c:1.17 src/sys/crypto/cprng_fast/cprng_fast.c:1.18 --- src/sys/crypto/cprng_fast/cprng_fast.c:1.17 Wed Jun 1 15:44:37 2022 +++ src/sys/crypto/cprng_fast/cprng_fast.c Thu Sep 1 18:32:25 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cprng_fast.c,v 1.17 2022/06/01 15:44:37 riastradh Exp $ */ +/* $NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.17 2022/06/01 15:44:37 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $"); #include #include @@ -41,6 +41,7 @@ __KERNEL_RCSID(0, "$NetBSD: cprng_fast.c #include #include #include +#include #include @@ -95,6 +96,7 @@ cprng_fast_get(struct cprng_fast **cprng int s; KASSERT(!cpu_intr_p()); + KASSERT(pserialize_not_in_read_section()); *cprngp = cprng = percpu_getref(cprng_fast_percpu); s = splsoftserial();
CVS commit: src/sys/crypto/cprng_fast
Module Name:src Committed By: riastradh Date: Thu Sep 1 18:32:25 UTC 2022 Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng_fast(9): Assert not in pserialize read section. This may sleep to take the global entropy lock in case it needs to be reseeded. If that happens we can't be in a pserialize read section. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/crypto/cprng_fast
Module Name:src Committed By: riastradh Date: Wed Jun 1 15:44:37 UTC 2022 Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng(9): cprng_fast is no longer used from interrupt context. Rip out logic to defer reseeding to softint. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/crypto/cprng_fast/cprng_fast.c diff -u src/sys/crypto/cprng_fast/cprng_fast.c:1.16 src/sys/crypto/cprng_fast/cprng_fast.c:1.17 --- src/sys/crypto/cprng_fast/cprng_fast.c:1.16 Tue Jul 28 20:15:07 2020 +++ src/sys/crypto/cprng_fast/cprng_fast.c Wed Jun 1 15:44:37 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cprng_fast.c,v 1.16 2020/07/28 20:15:07 riastradh Exp $ */ +/* $NetBSD: cprng_fast.c,v 1.17 2022/06/01 15:44:37 riastradh Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.16 2020/07/28 20:15:07 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.17 2022/06/01 15:44:37 riastradh Exp $"); #include #include @@ -39,7 +39,6 @@ __KERNEL_RCSID(0, "$NetBSD: cprng_fast.c #include #include #include -#include #include #include @@ -58,8 +57,7 @@ struct cprng_fast { }; static void cprng_fast_init_cpu(void *, void *, struct cpu_info *); -static void cprng_fast_schedule_reseed(struct cprng_fast *); -static void cprng_fast_intr(void *); +static void cprng_fast_reseed(struct cprng_fast *); static void cprng_fast_seed(struct cprng_fast *, const void *); static void cprng_fast_buf(struct cprng_fast *, void *, unsigned); @@ -68,7 +66,6 @@ static void cprng_fast_buf_short(void *, static void cprng_fast_buf_long(void *, size_t); static percpu_t *cprng_fast_percpu __read_mostly; -static void *cprng_fast_softint __read_mostly; void cprng_fast_init(void) @@ -76,20 +73,14 @@ cprng_fast_init(void) cprng_fast_percpu = percpu_create(sizeof(struct cprng_fast), cprng_fast_init_cpu, NULL, NULL); - cprng_fast_softint = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE, - &cprng_fast_intr, NULL); } static void cprng_fast_init_cpu(void *p, void *arg __unused, struct cpu_info *ci) { struct cprng_fast *const cprng = p; - uint8_t seed[CPRNG_FAST_SEED_BYTES]; - cprng->epoch = entropy_epoch(); - cprng_strong(kern_cprng, seed, sizeof seed, 0); - cprng_fast_seed(cprng, seed); - (void)explicit_memset(seed, 0, sizeof seed); + cprng->epoch = 0; cprng->reseed_evcnt = kmem_alloc(sizeof(*cprng->reseed_evcnt), KM_SLEEP); @@ -103,11 +94,16 @@ cprng_fast_get(struct cprng_fast **cprng struct cprng_fast *cprng; int s; + KASSERT(!cpu_intr_p()); + *cprngp = cprng = percpu_getref(cprng_fast_percpu); - s = splvm(); + s = splsoftserial(); - if (__predict_false(cprng->epoch != entropy_epoch())) - cprng_fast_schedule_reseed(cprng); + if (__predict_false(cprng->epoch != entropy_epoch())) { + splx(s); + cprng_fast_reseed(cprng); + s = splsoftserial(); + } return s; } @@ -123,29 +119,19 @@ cprng_fast_put(struct cprng_fast *cprng, } static void -cprng_fast_schedule_reseed(struct cprng_fast *cprng __unused) -{ - - softint_schedule(cprng_fast_softint); -} - -static void -cprng_fast_intr(void *cookie __unused) +cprng_fast_reseed(struct cprng_fast *cprng) { unsigned epoch = entropy_epoch(); - struct cprng_fast *cprng; uint8_t seed[CPRNG_FAST_SEED_BYTES]; int s; cprng_strong(kern_cprng, seed, sizeof(seed), 0); - cprng = percpu_getref(cprng_fast_percpu); - s = splvm(); + s = splsoftserial(); cprng_fast_seed(cprng, seed); cprng->epoch = epoch; cprng->reseed_evcnt->ev_count++; splx(s); - percpu_putref(cprng_fast_percpu); explicit_memset(seed, 0, sizeof(seed)); }
CVS commit: src/sys/crypto/cprng_fast
Module Name:src Committed By: riastradh Date: Wed Jun 1 15:44:37 UTC 2022 Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng(9): cprng_fast is no longer used from interrupt context. Rip out logic to defer reseeding to softint. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.