Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern cprng(9): Forbid use in hard interrupt context.
details: https://anonhg.NetBSD.org/src/rev/719b7427005c
branches: trunk
changeset: 363934:719b7427005c
user: riastradh <riastradh%NetBSD.org@localhost>
date: Wed Mar 16 23:56:33 2022 +0000
description:
cprng(9): Forbid use in hard interrupt context.
May need access to the global entropy pool (infrequently). This way
the global entropy pool lock can be lowered to IPL_SOFTSERIAL too,
with a little additional work.
diffstat:
share/man/man9/cprng.9 | 10 ++++------
sys/kern/subr_cprng.c | 24 ++++++++++--------------
2 files changed, 14 insertions(+), 20 deletions(-)
diffs (126 lines):
diff -r 018e4d9085dc -r 719b7427005c share/man/man9/cprng.9
--- a/share/man/man9/cprng.9 Wed Mar 16 23:32:52 2022 +0000
+++ b/share/man/man9/cprng.9 Wed Mar 16 23:56:33 2022 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cprng.9,v 1.14 2020/08/17 06:07:53 wiz Exp $
+.\" $NetBSD: cprng.9,v 1.15 2022/03/16 23:56:33 riastradh Exp $
.\"
.\" Copyright (c) 2011-2015 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -93,16 +93,14 @@
.Pp
The
.Nm
-functions may be used at interrupt priority level
-.Dv IPL_VM
-or below,
+functions may be used in soft interrupt context,
except for
.Fn cprng_strong_create
and
.Fn cprng_strong_destroy
which are allowed only at
-.Dv IPL_NONE ;
-see
+.Dv IPL_NONE
+in thread context; see
.Xr spl 9 .
.Pp
The
diff -r 018e4d9085dc -r 719b7427005c sys/kern/subr_cprng.c
--- a/sys/kern/subr_cprng.c Wed Mar 16 23:32:52 2022 +0000
+++ b/sys/kern/subr_cprng.c Wed Mar 16 23:56:33 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_cprng.c,v 1.41 2021/07/21 06:35:45 skrll Exp $ */
+/* $NetBSD: subr_cprng.c,v 1.42 2022/03/16 23:56:33 riastradh Exp $ */
/*-
* Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -44,7 +44,7 @@
* This code serves the first two categories without having extra
* logic for /dev/random.
*
- * kern_cprng - available at IPL_VM or lower
+ * kern_cprng - available at IPL_SOFTSERIAL or lower
* user_cprng - available only at IPL_NONE in thread context
*
* The name kern_cprng is for hysterical raisins. The name
@@ -52,7 +52,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.41 2021/07/21 06:35:45 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.42 2022/03/16 23:56:33 riastradh Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -88,7 +88,6 @@
struct nist_hash_drbg *cc_drbg;
struct {
struct evcnt reseed;
- struct evcnt intr;
} *cc_evcnt;
unsigned cc_epoch;
};
@@ -99,7 +98,7 @@
static void cprng_fini_cpu(void *, void *, struct cpu_info *);
/* Well-known CPRNG instances */
-struct cprng_strong *kern_cprng __read_mostly; /* IPL_VM */
+struct cprng_strong *kern_cprng __read_mostly; /* IPL_SOFTSERIAL */
struct cprng_strong *user_cprng __read_mostly; /* IPL_NONE */
static struct sysctllog *cprng_sysctllog __read_mostly;
@@ -112,12 +111,12 @@
panic("NIST Hash_DRBG failed self-test");
/*
- * Create CPRNG instances at two IPLs: IPL_VM for kernel use
- * that may occur inside IPL_VM interrupt handlers (!!??!?!?),
+ * Create CPRNG instances at two IPLs: IPL_SOFTSERIAL for
+ * kernel use that may occur inside soft interrupt handlers,
* and IPL_NONE for userland use which need not block
* interrupts.
*/
- kern_cprng = cprng_strong_create("kern", IPL_VM, 0);
+ kern_cprng = cprng_strong_create("kern", IPL_SOFTSERIAL, 0);
user_cprng = cprng_strong_create("user", IPL_NONE, 0);
/* Create kern.urandom and kern.arandom sysctl nodes. */
@@ -246,8 +245,6 @@
/* Attach the event counters. */
/* XXX ci_cpuname may not be initialized early enough. */
cpuname = ci->ci_cpuname[0] == '\0' ? "cpu0" : ci->ci_cpuname;
- evcnt_attach_dynamic(&cc->cc_evcnt->intr, EVCNT_TYPE_MISC, NULL,
- cpuname, "cprng_strong intr");
evcnt_attach_dynamic(&cc->cc_evcnt->reseed, EVCNT_TYPE_MISC, NULL,
cpuname, "cprng_strong reseed");
@@ -261,7 +258,6 @@
struct cprng_cpu *cc = ptr;
evcnt_detach(&cc->cc_evcnt->reseed);
- evcnt_detach(&cc->cc_evcnt->intr);
if (__predict_false(nist_hash_drbg_destroy(cc->cc_drbg)))
panic("nist_hash_drbg_destroy");
@@ -277,6 +273,9 @@
unsigned epoch;
int s;
+ /* Not allowed in hard interrupt context. */
+ KASSERT(!cpu_intr_p());
+
/*
* Verify maximum request length. Caller should really limit
* their requests to 32 bytes to avoid spending much time with
@@ -292,9 +291,6 @@
cc = percpu_getref(cprng->cs_percpu);
s = splraiseipl(cprng->cs_iplcookie);
- if (cpu_intr_p())
- cc->cc_evcnt->intr.ev_count++;
-
/* If the entropy epoch has changed, (re)seed. */
epoch = entropy_epoch();
if (__predict_false(epoch != cc->cc_epoch)) {
Home |
Main Index |
Thread Index |
Old Index