Module Name: src
Committed By: riastradh
Date: Thu Mar 6 00:53:27 UTC 2025
Modified Files:
src/lib/libc/gen: arc4random.c
src/lib/libc/include: arc4random.h
Log Message:
arc4random(3): Switch to use thr_once (libc pthread_once symbol).
This way, we reduce the problem of arc4random initialization
fork-safety to the problem of pthread_once fork-safety -- and
anything else to do with one-time lazy initialization.
PR lib/59124: arc4random(3): first call in process races with
concurrent fork
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/lib/libc/gen/arc4random.c
cvs rdiff -u -r1.2 -r1.3 src/lib/libc/include/arc4random.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/gen/arc4random.c
diff -u src/lib/libc/gen/arc4random.c:1.43 src/lib/libc/gen/arc4random.c:1.44
--- src/lib/libc/gen/arc4random.c:1.43 Tue Mar 4 00:33:01 2025
+++ src/lib/libc/gen/arc4random.c Thu Mar 6 00:53:26 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: arc4random.c,v 1.43 2025/03/04 00:33:01 riastradh Exp $ */
+/* $NetBSD: arc4random.c,v 1.44 2025/03/06 00:53:26 riastradh Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -52,7 +52,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: arc4random.c,v 1.43 2025/03/04 00:33:01 riastradh Exp $");
+__RCSID("$NetBSD: arc4random.c,v 1.44 2025/03/06 00:53:26 riastradh Exp $");
#include "namespace.h"
#include "reentrant.h"
@@ -518,7 +518,7 @@ struct arc4random_global_state arc4rando
#ifdef _REENTRANT
.lock = MUTEX_INITIALIZER,
#endif
- .initialized = false,
+ .once = ONCE_INITIALIZER,
};
static void
@@ -558,22 +558,39 @@ static void
arc4random_initialize(void)
{
- mutex_lock(&arc4random_global.lock);
- if (!arc4random_global.initialized) {
- if (crypto_core_selftest() != 0)
- abort();
- if (pthread_atfork(&arc4random_atfork_prepare,
- &arc4random_atfork_parent, &arc4random_atfork_child)
- != 0)
- abort();
+ /*
+ * If the crypto software is broken, abort -- something is
+ * severely wrong with this process image.
+ */
+ if (crypto_core_selftest() != 0)
+ abort();
+
+ /*
+ * Set up a pthread_atfork handler to lock the global state
+ * around fork so that if forked children can't use the
+ * per-thread state, they can take the lock and use the global
+ * state without deadlock.
+ */
+ if (pthread_atfork(&arc4random_atfork_prepare,
+ &arc4random_atfork_parent, &arc4random_atfork_child)
+ != 0)
+ abort();
+
+ /*
+ * For multithreaded builds, try to allocate a per-thread PRNG
+ * state to avoid contention due to arc4random.
+ */
#ifdef _REENTRANT
- if (thr_keycreate(&arc4random_global.thread_key,
- &arc4random_tsd_destructor) == 0)
- arc4random_global.per_thread = true;
+ if (thr_keycreate(&arc4random_global.thread_key,
+ &arc4random_tsd_destructor) == 0)
+ arc4random_global.per_thread = true;
#endif
- arc4random_global.initialized = true;
- }
- mutex_unlock(&arc4random_global.lock);
+
+ /*
+ * Note that the arc4random library state has been initialized
+ * for the sake of automatic tests.
+ */
+ arc4random_global.initialized = true;
}
static struct arc4random_prng *
@@ -582,8 +599,7 @@ arc4random_prng_get(void)
struct arc4random_prng *prng = NULL;
/* Make sure the library is initialized. */
- if (__predict_false(!arc4random_global.initialized))
- arc4random_initialize();
+ thr_once(&arc4random_global.once, &arc4random_initialize);
#ifdef _REENTRANT
/* Get or create the per-thread PRNG state. */
Index: src/lib/libc/include/arc4random.h
diff -u src/lib/libc/include/arc4random.h:1.2 src/lib/libc/include/arc4random.h:1.3
--- src/lib/libc/include/arc4random.h:1.2 Sun Mar 2 21:35:59 2025
+++ src/lib/libc/include/arc4random.h Thu Mar 6 00:53:26 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: arc4random.h,v 1.2 2025/03/02 21:35:59 riastradh Exp $ */
+/* $NetBSD: arc4random.h,v 1.3 2025/03/06 00:53:26 riastradh Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -50,6 +50,7 @@ struct arc4random_global_state {
mutex_t lock;
thread_key_t thread_key;
struct arc4random_prng prng;
+ once_t once;
bool initialized;
bool per_thread;
};
