Module Name: src Committed By: riastradh Date: Sat Aug 5 11:39:18 UTC 2023
Modified Files: src/sys/crypto/cprng_fast: cprng_fast.c Log Message: cprng_fast(9): Drop and retake percpu reference across cprng_strong. cprng_strong may sleep on an adaptive lock (via entropy_extract), which invalidates percpu(9) references. Discovered by stumbling upon this panic in a test run: panic: kernel diagnostic assertion "(cprng == percpu_getref(cprng_fast_percpu)) && (percpu_putref(cprng_fast_percpu), true)" failed: file "/home/riastradh/netbsd/current/src/sys/rump/librump/rumpkern/../../../crypto/cprng_fast/cprng_fast.c", line 117 XXX pullup-10 To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/sys/crypto/cprng_fast/cprng_fast.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/crypto/cprng_fast/cprng_fast.c diff -u src/sys/crypto/cprng_fast/cprng_fast.c:1.18 src/sys/crypto/cprng_fast/cprng_fast.c:1.19 --- src/sys/crypto/cprng_fast/cprng_fast.c:1.18 Thu Sep 1 18:32:25 2022 +++ src/sys/crypto/cprng_fast/cprng_fast.c Sat Aug 5 11:39:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $ */ +/* $NetBSD: cprng_fast.c,v 1.19 2023/08/05 11:39:18 riastradh Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.18 2022/09/01 18:32:25 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.19 2023/08/05 11:39:18 riastradh Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -58,7 +58,7 @@ struct cprng_fast { }; static void cprng_fast_init_cpu(void *, void *, struct cpu_info *); -static void cprng_fast_reseed(struct cprng_fast *); +static void cprng_fast_reseed(struct cprng_fast **, unsigned); static void cprng_fast_seed(struct cprng_fast *, const void *); static void cprng_fast_buf(struct cprng_fast *, void *, unsigned); @@ -93,6 +93,7 @@ static int cprng_fast_get(struct cprng_fast **cprngp) { struct cprng_fast *cprng; + unsigned epoch; int s; KASSERT(!cpu_intr_p()); @@ -101,9 +102,10 @@ cprng_fast_get(struct cprng_fast **cprng *cprngp = cprng = percpu_getref(cprng_fast_percpu); s = splsoftserial(); - if (__predict_false(cprng->epoch != entropy_epoch())) { + epoch = entropy_epoch(); + if (__predict_false(cprng->epoch != epoch)) { splx(s); - cprng_fast_reseed(cprng); + cprng_fast_reseed(cprngp, epoch); s = splsoftserial(); } @@ -121,13 +123,25 @@ cprng_fast_put(struct cprng_fast *cprng, } static void -cprng_fast_reseed(struct cprng_fast *cprng) +cprng_fast_reseed(struct cprng_fast **cprngp, unsigned epoch) { - unsigned epoch = entropy_epoch(); + struct cprng_fast *cprng; uint8_t seed[CPRNG_FAST_SEED_BYTES]; int s; + /* + * Drop the percpu(9) reference to extract a fresh seed from + * the entropy pool. cprng_strong may sleep on an adaptive + * lock, which invalidates our percpu(9) reference. + * + * This may race with reseeding in another thread, which is no + * big deal -- worst case, we rewind the entropy epoch here and + * cause the next caller to reseed again, and in the end we + * just reseed a couple more times than necessary. + */ + percpu_putref(cprng_fast_percpu); cprng_strong(kern_cprng, seed, sizeof(seed), 0); + *cprngp = cprng = percpu_getref(cprng_fast_percpu); s = splsoftserial(); cprng_fast_seed(cprng, seed);