Module Name: src
Committed By: riastradh
Date: Sat Aug 5 11:39:18 UTC 2023
Modified Files:
src/sys/crypto/cprng_fast: cprng_fast.c
Log Message:
cprng_fast(9): Drop and retake percpu reference across cprng_strong.
cprng_strong may sleep on an adaptive lock (via entropy_extract),
which invalidates percpu(9) references.
Discovered by stumbling upon this panic in a test run:
panic: kernel diagnostic assertion "(cprng == percpu_getref(cprng_fast_percpu))
&& (percpu_putref(cprng_fast_percpu), true)" failed: file
"/home/riastradh/netbsd/current/src/sys/rump/librump/rumpkern/../../../crypto/cprng_fast/cprng_fast.c",
line 117
XXX pullup-10
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/sys/crypto/cprng_fast/cprng_fast.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/crypto/cprng_fast/cprng_fast.c
diff -u src/sys/crypto/cprng_fast/cprng_fast.c:1.18 src/sys/crypto/cprng_fast/cprng_fast.c:1.19
--- src/sys/crypto/cprng_fast/cprng_fast.c:1.18 Thu Sep 1 18:32:25 2022
+++ src/sys/crypto/cprng_fast/cprng_fast.c Sat Aug 5 11:39:18 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $ */
+/* $NetBSD: cprng_fast.c,v 1.19 2023/08/05 11:39:18 riastradh Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.19 2023/08/05 11:39:18 riastradh Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -58,7 +58,7 @@ struct cprng_fast {
};
static void cprng_fast_init_cpu(void *, void *, struct cpu_info *);
-static void cprng_fast_reseed(struct cprng_fast *);
+static void cprng_fast_reseed(struct cprng_fast **, unsigned);
static void cprng_fast_seed(struct cprng_fast *, const void *);
static void cprng_fast_buf(struct cprng_fast *, void *, unsigned);
@@ -93,6 +93,7 @@ static int
cprng_fast_get(struct cprng_fast **cprngp)
{
struct cprng_fast *cprng;
+ unsigned epoch;
int s;
KASSERT(!cpu_intr_p());
@@ -101,9 +102,10 @@ cprng_fast_get(struct cprng_fast **cprng
*cprngp = cprng = percpu_getref(cprng_fast_percpu);
s = splsoftserial();
- if (__predict_false(cprng->epoch != entropy_epoch())) {
+ epoch = entropy_epoch();
+ if (__predict_false(cprng->epoch != epoch)) {
splx(s);
- cprng_fast_reseed(cprng);
+ cprng_fast_reseed(cprngp, epoch);
s = splsoftserial();
}
@@ -121,13 +123,25 @@ cprng_fast_put(struct cprng_fast *cprng,
}
static void
-cprng_fast_reseed(struct cprng_fast *cprng)
+cprng_fast_reseed(struct cprng_fast **cprngp, unsigned epoch)
{
- unsigned epoch = entropy_epoch();
+ struct cprng_fast *cprng;
uint8_t seed[CPRNG_FAST_SEED_BYTES];
int s;
+ /*
+ * Drop the percpu(9) reference to extract a fresh seed from
+ * the entropy pool. cprng_strong may sleep on an adaptive
+ * lock, which invalidates our percpu(9) reference.
+ *
+ * This may race with reseeding in another thread, which is no
+ * big deal -- worst case, we rewind the entropy epoch here and
+ * cause the next caller to reseed again, and in the end we
+ * just reseed a couple more times than necessary.
+ */
+ percpu_putref(cprng_fast_percpu);
cprng_strong(kern_cprng, seed, sizeof(seed), 0);
+ *cprngp = cprng = percpu_getref(cprng_fast_percpu);
s = splsoftserial();
cprng_fast_seed(cprng, seed);
