From nobody Mon Sep  8 15:26:32 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cL9ls57V4z66kb1;
	Mon, 08 Sep 2025 15:26:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cL9lr4Ln8z3NFw;
	Mon, 08 Sep 2025 15:26:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1757345192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=K1DwNTaF98dwspslU4APugrf9pNP4U/mRKAx3KdMMLw=;
	b=jFkEkxVV68mP3wUX/wfet93K96foM9pzbdsCYzk34YrfD/tfwzGIv9l4MszXVNmMo72gOO
	1swltSfDg23vLCJTPul8IaQqZQrK5Ssbz5wKMvkfc4WaM04X9SPmuKzzZzmxGPBmaYpP6U
	7OWQHF0hNSe8bLpFP0ENIgsaasj7TwU0uVdyJbH9KrpPZ5bI1h7NpOxuQpcgxuX3D0SzB6
	Y75ezsXIu1cdho9kEu9Xq7I3Oi6jrDtpfpy0GT5+85BXtqlOJHFms2yZ19/SV9ZlD/jz4f
	+jQZQ/JhhS3zhwFaJEZPKeNuTTRgJkEQwg7StwaXtFz0PyahsOLu8xEAIccmXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1757345192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=K1DwNTaF98dwspslU4APugrf9pNP4U/mRKAx3KdMMLw=;
	b=JEOGLzAXJuVZhCceU2dSzf0XUruLtSj/8MMib52WqH26yr9YpezYzEy/vPophDww3W+kNX
	gtKdLoWpLPczAsvHePVOQ49FpxNybIUkZRue36i0yQu5Q3yvjqDdiSaolnji3LeNoGHzSJ
	qDKCMEb26bzpmi1+0ev3IzzjNZsjnKESoOMG4+EIIoMAWUDcD4vVlfrhDrEht4LmKrLkgh
	9ZxkSV7amEze+yWjT0drszx9QWXmsjY4JyHMKzsagNpSEPWvLWWPELz38WwIf02LidbaDX
	v0knyd225kNo+ObZOI1gq2auA74zh0YbrLxe5dR2B/Przf/aAmW7Zr4WCLvoYw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757345192; a=rsa-sha256; cv=none;
	b=ysmF/1Io0SxJ+vY7Q8X2hfsT1/Zm2ohHMQp9OHcJJglbhMNDSXnGopKaBnmrx1+8Ro5l3c
	mZDpKC9/tTXVrNNsqQPqYc+JTNkr/hIgBjNBw/NWhsaaG5G8437iV5aN3MpVm9SDNG4Goy
	P1MdPH8mNu+O9O73dKiwjTY1wz0+4w9L8tc+hTg+0pS2UTEHR7U5xuelfI4x6Lk1G6FAvE
	IkF9sz1pXn9uGbDI+LRL1MOvdzPxD/4gaftu6iGm97hW2ftSstrWN3Ig6zdBkgzvaWE9BB
	ES5PHCwh9PZ4wC39cwmaRO/O0c8voLVvHIHZVnGxApmdI/tmPSSRLFSxheh7kw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cL9lr3dQzz19f1;
	Mon, 08 Sep 2025 15:26:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 588FQWxP076567;
	Mon, 8 Sep 2025 15:26:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 588FQWkI076564;
	Mon, 8 Sep 2025 15:26:32 GMT
	(envelope-from git)
Date: Mon, 8 Sep 2025 15:26:32 GMT
Message-Id: <202509081526.588FQWkI076564@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: c942d9e83ef1 - main - random: Fix synchronization of
  hc_source_mask
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c942d9e83ef1122a670bb39736d55fe8f90af83e
Auto-Submitted: auto-generated

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=c942d9e83ef1122a670bb39736d55fe8f90af83e

commit c942d9e83ef1122a670bb39736d55fe8f90af83e
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-09-08 14:42:14 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-09-08 15:21:43 +0000

    random: Fix synchronization of hc_source_mask
    
    This variable provides a mask of all registered entropy sources and is
    updated when drivers attach and detach (or by sysctl).  However, nothing
    was synchronizing accesses to it.  Use the harvest lock to provide
    mutual exclusion for updates, and use atomic_load_int() to mark unlocked
    reads.
    
    Reviewed by:    cem
    MFC after:      2 weeks
    Sponsored by:   Stormshield
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D52230
---
 sys/dev/random/random_harvestq.c | 44 +++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 14 deletions(-)

diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c
index eb3808d692bb..6d1f9daf649b 100644
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@@ -103,8 +103,10 @@ static const char *random_source_descr[ENTROPYSOURCE];
 volatile int random_kthread_control;
 
 
-/* Allow the sysadmin to select the broad category of
- * entropy types to harvest.
+/*
+ * Allow the sysadmin to select the broad category of entropy types to harvest.
+ *
+ * Updates are synchronized by the harvest mutex.
  */
 __read_frequently u_int hc_source_mask;
 
@@ -572,9 +574,9 @@ random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
 	    _RANDOM_HARVEST_ETHER_OFF | _RANDOM_HARVEST_UMA_OFF;
 
 	int error;
-	u_int value, orig_value;
+	u_int value;
 
-	orig_value = value = hc_source_mask;
+	value = atomic_load_int(&hc_source_mask);
 	error = sysctl_handle_int(oidp, &value, 0, req);
 	if (error != 0 || req->newptr == NULL)
 		return (error);
@@ -585,12 +587,14 @@ random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
 	/*
 	 * Disallow userspace modification of pure entropy sources.
 	 */
+	RANDOM_HARVEST_LOCK();
 	hc_source_mask = (value & ~user_immutable_mask) |
-	    (orig_value & user_immutable_mask);
+	    (hc_source_mask & user_immutable_mask);
+	RANDOM_HARVEST_UNLOCK();
 	return (0);
 }
 SYSCTL_PROC(_kern_random_harvest, OID_AUTO, mask,
-    CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, NULL, 0,
+    CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 0,
     random_check_uint_harvestmask, "IU",
     "Entropy harvesting mask");
 
@@ -602,9 +606,16 @@ random_print_harvestmask(SYSCTL_HANDLER_ARGS)
 
 	error = sysctl_wire_old_buffer(req, 0);
 	if (error == 0) {
+		u_int mask;
+
 		sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
-		for (i = ENTROPYSOURCE - 1; i >= 0; i--)
-			sbuf_cat(&sbuf, (hc_source_mask & (1 << i)) ? "1" : "0");
+		mask = atomic_load_int(&hc_source_mask);
+		for (i = ENTROPYSOURCE - 1; i >= 0; i--) {
+			bool present;
+
+			present = (mask & (1u << i)) != 0;
+			sbuf_cat(&sbuf, present ? "1" : "0");
+		}
 		error = sbuf_finish(&sbuf);
 		sbuf_delete(&sbuf);
 	}
@@ -658,16 +669,21 @@ random_print_harvestmask_symbolic(SYSCTL_HANDLER_ARGS)
 	first = true;
 	error = sysctl_wire_old_buffer(req, 0);
 	if (error == 0) {
+		u_int mask;
+
 		sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
+		mask = atomic_load_int(&hc_source_mask);
 		for (i = ENTROPYSOURCE - 1; i >= 0; i--) {
-			if (i >= RANDOM_PURE_START &&
-			    (hc_source_mask & (1 << i)) == 0)
+			bool present;
+
+			present = (mask & (1u << i)) != 0;
+			if (i >= RANDOM_PURE_START && !present)
 				continue;
 			if (!first)
 				sbuf_cat(&sbuf, ",");
-			sbuf_cat(&sbuf, !(hc_source_mask & (1 << i)) ? "[" : "");
+			sbuf_cat(&sbuf, !present ? "[" : "");
 			sbuf_cat(&sbuf, random_source_descr[i]);
-			sbuf_cat(&sbuf, !(hc_source_mask & (1 << i)) ? "]" : "");
+			sbuf_cat(&sbuf, !present ? "]" : "");
 			first = false;
 		}
 		error = sbuf_finish(&sbuf);
@@ -885,8 +901,8 @@ random_source_register(const struct random_source *rsource)
 
 	printf("random: registering fast source %s\n", rsource->rs_ident);
 
-	hc_source_mask |= (1 << rsource->rs_source);
 	RANDOM_HARVEST_LOCK();
+	hc_source_mask |= (1 << rsource->rs_source);
 	CK_LIST_INSERT_HEAD(&source_list, rrs, rrs_entries);
 	RANDOM_HARVEST_UNLOCK();
 }
@@ -898,8 +914,8 @@ random_source_deregister(const struct random_source *rsource)
 
 	KASSERT(rsource != NULL, ("invalid input to %s", __func__));
 
-	hc_source_mask &= ~(1 << rsource->rs_source);
 	RANDOM_HARVEST_LOCK();
+	hc_source_mask &= ~(1 << rsource->rs_source);
 	CK_LIST_FOREACH(rrs, &source_list, rrs_entries)
 		if (rrs->rrs_source == rsource) {
 			CK_LIST_REMOVE(rrs, rrs_entries);