Module Name: src Committed By: riastradh Date: Thu Mar 6 00:53:27 UTC 2025
Modified Files: src/lib/libc/gen: arc4random.c src/lib/libc/include: arc4random.h Log Message: arc4random(3): Switch to use thr_once (libc pthread_once symbol). This way, we reduce the problem of arc4random initialization fork-safety to the problem of pthread_once fork-safety -- and anything else to do with one-time lazy initialization. PR lib/59124: arc4random(3): first call in process races with concurrent fork To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 src/lib/libc/gen/arc4random.c cvs rdiff -u -r1.2 -r1.3 src/lib/libc/include/arc4random.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libc/gen/arc4random.c diff -u src/lib/libc/gen/arc4random.c:1.43 src/lib/libc/gen/arc4random.c:1.44 --- src/lib/libc/gen/arc4random.c:1.43 Tue Mar 4 00:33:01 2025 +++ src/lib/libc/gen/arc4random.c Thu Mar 6 00:53:26 2025 @@ -1,4 +1,4 @@ -/* $NetBSD: arc4random.c,v 1.43 2025/03/04 00:33:01 riastradh Exp $ */ +/* $NetBSD: arc4random.c,v 1.44 2025/03/06 00:53:26 riastradh Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -52,7 +52,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: arc4random.c,v 1.43 2025/03/04 00:33:01 riastradh Exp $"); +__RCSID("$NetBSD: arc4random.c,v 1.44 2025/03/06 00:53:26 riastradh Exp $"); #include "namespace.h" #include "reentrant.h" @@ -518,7 +518,7 @@ struct arc4random_global_state arc4rando #ifdef _REENTRANT .lock = MUTEX_INITIALIZER, #endif - .initialized = false, + .once = ONCE_INITIALIZER, }; static void @@ -558,22 +558,39 @@ static void arc4random_initialize(void) { - mutex_lock(&arc4random_global.lock); - if (!arc4random_global.initialized) { - if (crypto_core_selftest() != 0) - abort(); - if (pthread_atfork(&arc4random_atfork_prepare, - &arc4random_atfork_parent, &arc4random_atfork_child) - != 0) - abort(); + /* + * If the crypto software is broken, abort -- something is + * severely wrong with this process image. + */ + if (crypto_core_selftest() != 0) + abort(); + + /* + * Set up a pthread_atfork handler to lock the global state + * around fork so that if forked children can't use the + * per-thread state, they can take the lock and use the global + * state without deadlock. + */ + if (pthread_atfork(&arc4random_atfork_prepare, + &arc4random_atfork_parent, &arc4random_atfork_child) + != 0) + abort(); + + /* + * For multithreaded builds, try to allocate a per-thread PRNG + * state to avoid contention due to arc4random. + */ #ifdef _REENTRANT - if (thr_keycreate(&arc4random_global.thread_key, - &arc4random_tsd_destructor) == 0) - arc4random_global.per_thread = true; + if (thr_keycreate(&arc4random_global.thread_key, + &arc4random_tsd_destructor) == 0) + arc4random_global.per_thread = true; #endif - arc4random_global.initialized = true; - } - mutex_unlock(&arc4random_global.lock); + + /* + * Note that the arc4random library state has been initialized + * for the sake of automatic tests. + */ + arc4random_global.initialized = true; } static struct arc4random_prng * @@ -582,8 +599,7 @@ arc4random_prng_get(void) struct arc4random_prng *prng = NULL; /* Make sure the library is initialized. */ - if (__predict_false(!arc4random_global.initialized)) - arc4random_initialize(); + thr_once(&arc4random_global.once, &arc4random_initialize); #ifdef _REENTRANT /* Get or create the per-thread PRNG state. */ Index: src/lib/libc/include/arc4random.h diff -u src/lib/libc/include/arc4random.h:1.2 src/lib/libc/include/arc4random.h:1.3 --- src/lib/libc/include/arc4random.h:1.2 Sun Mar 2 21:35:59 2025 +++ src/lib/libc/include/arc4random.h Thu Mar 6 00:53:26 2025 @@ -1,4 +1,4 @@ -/* $NetBSD: arc4random.h,v 1.2 2025/03/02 21:35:59 riastradh Exp $ */ +/* $NetBSD: arc4random.h,v 1.3 2025/03/06 00:53:26 riastradh Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -50,6 +50,7 @@ struct arc4random_global_state { mutex_t lock; thread_key_t thread_key; struct arc4random_prng prng; + once_t once; bool initialized; bool per_thread; };