[src/trunk]: src/sys/kern entropy(9): Avoid race between rnd_add_data and ioc...

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9f1deb1d03fd
branches:  trunk
changeset: 375987:9f1deb1d03fd
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Wed May 24 20:22:23 2023 +0000

description:
entropy(9): Avoid race between rnd_add_data and ioctl(RNDCTL).

XXX pullup-10

diffstat:

 sys/kern/kern_entropy.c |  17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r 21c6d86b504b -r 9f1deb1d03fd sys/kern/kern_entropy.c
--- a/sys/kern/kern_entropy.c   Wed May 24 20:22:12 2023 +0000
+++ b/sys/kern/kern_entropy.c   Wed May 24 20:22:23 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_entropy.c,v 1.60 2023/05/24 20:22:12 riastradh Exp $      */
+/*     $NetBSD: kern_entropy.c,v 1.61 2023/05/24 20:22:23 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -75,7 +75,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.60 2023/05/24 20:22:12 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.61 2023/05/24 20:22:23 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -1910,6 +1910,14 @@ rnd_add_data(struct krndsource *rs, cons
                return;
        }
 
+       /*
+        * Hold up the reset xcall before it zeroes the entropy counts
+        * on this CPU or globally.  Otherwise, we might leave some
+        * nonzero entropy attributed to an untrusted source in the
+        * event of a race with a change to flags.
+        */
+       kpreempt_disable();
+
        /* Load a snapshot of the flags.  Ioctl may change them under us.  */
        flags = atomic_load_relaxed(&rs->flags);
 
@@ -1922,7 +1930,7 @@ rnd_add_data(struct krndsource *rs, cons
        if (!atomic_load_relaxed(&entropy_collection) ||
            ISSET(flags, RND_FLAG_NO_COLLECT) ||
            !ISSET(flags, RND_FLAG_COLLECT_VALUE|RND_FLAG_COLLECT_TIME))
-               return;
+               goto out;
 
        /* If asked, ignore the estimate.  */
        if (ISSET(flags, RND_FLAG_NO_ESTIMATE))
@@ -1939,6 +1947,9 @@ rnd_add_data(struct krndsource *rs, cons
                rnd_add_data_1(rs, &extra, sizeof extra, 0,
                    RND_FLAG_COLLECT_TIME);
        }
+
+out:   /* Allow concurrent changes to flags to finish.  */
+       kpreempt_enable();
 }
 
 static unsigned