From nobody Tue Sep 30 15:23:43 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cbhfS3LTBz69DZp;
	Tue, 30 Sep 2025 15:23:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cbhfR6xC7z3M05;
	Tue, 30 Sep 2025 15:23:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1759245824;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O16+ZfQztYfoUKxINzRsNf3X5gyfyNBmXjfxXnw3RpY=;
	b=HOOzuNIBt8Eacrg/6OdQIfIDRxDkLXL6ywWaawEEcMb+l7sfBY6WpL8yjRkRG+++hdpoqT
	qvtxkRVu8lFrWacsl4LT/KqmoyLWR4+EMJD/Mxpn/3s9V2YkpLG5TvSJQA3rgqscKYsaqO
	9xxMMA2DZ6jBIPyF/3rv6+R0YtGELO8yrZnQc70VaGPH+a/crTKAVPUzBq/MODFBGGRuPv
	UMgUSK2XaVAgqRFqL5Gms8awviP1LFs8v3qLoUe5QQByUJSErKpslyJfoIT1nd2nJPLOkq
	RYDb8dhrJiQ/F23n5reBVO68+2ulA5w7wwjAFuWvSdgBUC3ph1n3zZkyWUoZYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1759245824;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O16+ZfQztYfoUKxINzRsNf3X5gyfyNBmXjfxXnw3RpY=;
	b=CFZtip8vHXqsfPcRSOCSEzzqHZq9rMAY4zyWwICVTEizhmKeZYjqUafuoESnoqNadRKcfj
	/vJQpED1OdekpKBHg1WqRpK16r2xQ8wGRf3W5BDj2s2Aoqlorf8/w61EOA9CjFYqALBibZ
	gP7tgGl5JGG0OZymPIeZkLeWK+T+fDHn41wu/62OXAWnyI+daADNgM6utNpEeQBhNALGnh
	Ly66Ra1Hjo0RioqdaSEsDZSxP/HKsigxKiZJ/jSld085SOBmpBBsajm++iZdjvMk/ASYvp
	cBPX80b3D1VSYVGAVXKT08zHEpTwrfOObVyhPconVGLL+1n0URAtL58sjj5ddA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759245824; a=rsa-sha256; cv=none;
	b=E/ZvYQ2bfk8Q0ofzGxR3OApzoeraIn2x6a4rQPsrhd04gpRC0hzb7xG++VO98BhlOyKEEH
	VD0hM4QOurzarUdiPjC6ngYK8exso0N1lvHeHiqgi5PbgWzbG/lJHbpN09K9SJ3tG+j7pu
	813mqdeI5cqIH7ScuD3Rv+EZygh+31JJElVocbk9ujOFVLscIxFFBO7GTLUPkrQlLgyRax
	gC9i7vktH6MiDK7bNRS1fEOf+eP4Vcbh1wjnENXIHlfsqynrMhs3wNVbX73ELohKe6t4mb
	0LPhgydwMXTTn8HkD9GpRq3xzyeQtIPtfXe6V3vBtpp/WvGkAnYmW+fdsdwDqg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cbhfR6TbHzj05;
	Tue, 30 Sep 2025 15:23:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58UFNht8045871;
	Tue, 30 Sep 2025 15:23:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58UFNhrQ045868;
	Tue, 30 Sep 2025 15:23:43 GMT
	(envelope-from git)
Date: Tue, 30 Sep 2025 15:23:43 GMT
Message-Id: <202509301523.58UFNhrQ045868@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 730b6d166bfe - stable/15 - random: Fix synchronization
  of hc_source_mask
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/15
X-Git-Reftype: branch
X-Git-Commit: 730b6d166bfefd132970db4583a654cc1a8a6a47
Auto-Submitted: auto-generated

The branch stable/15 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=730b6d166bfefd132970db4583a654cc1a8a6a47

commit 730b6d166bfefd132970db4583a654cc1a8a6a47
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-09-08 14:42:14 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-09-30 09:43:08 +0000

    random: Fix synchronization of hc_source_mask
    
    This variable provides a mask of all registered entropy sources and is
    updated when drivers attach and detach (or by sysctl).  However, nothing
    was synchronizing accesses to it.  Use the harvest lock to provide
    mutual exclusion for updates, and use atomic_load_int() to mark unlocked
    reads.
    
    Reviewed by:    cem
    MFC after:      2 weeks
    Sponsored by:   Stormshield
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D52230
    
    (cherry picked from commit c942d9e83ef1122a670bb39736d55fe8f90af83e)
---
 sys/dev/random/random_harvestq.c | 44 +++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 14 deletions(-)

diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c
index eb3808d692bb..6d1f9daf649b 100644
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@@ -103,8 +103,10 @@ static const char *random_source_descr[ENTROPYSOURCE];
 volatile int random_kthread_control;
 
 
-/* Allow the sysadmin to select the broad category of
- * entropy types to harvest.
+/*
+ * Allow the sysadmin to select the broad category of entropy types to harvest.
+ *
+ * Updates are synchronized by the harvest mutex.
  */
 __read_frequently u_int hc_source_mask;
 
@@ -572,9 +574,9 @@ random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
 	    _RANDOM_HARVEST_ETHER_OFF | _RANDOM_HARVEST_UMA_OFF;
 
 	int error;
-	u_int value, orig_value;
+	u_int value;
 
-	orig_value = value = hc_source_mask;
+	value = atomic_load_int(&hc_source_mask);
 	error = sysctl_handle_int(oidp, &value, 0, req);
 	if (error != 0 || req->newptr == NULL)
 		return (error);
@@ -585,12 +587,14 @@ random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
 	/*
 	 * Disallow userspace modification of pure entropy sources.
 	 */
+	RANDOM_HARVEST_LOCK();
 	hc_source_mask = (value & ~user_immutable_mask) |
-	    (orig_value & user_immutable_mask);
+	    (hc_source_mask & user_immutable_mask);
+	RANDOM_HARVEST_UNLOCK();
 	return (0);
 }
 SYSCTL_PROC(_kern_random_harvest, OID_AUTO, mask,
-    CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, NULL, 0,
+    CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 0,
     random_check_uint_harvestmask, "IU",
     "Entropy harvesting mask");
 
@@ -602,9 +606,16 @@ random_print_harvestmask(SYSCTL_HANDLER_ARGS)
 
 	error = sysctl_wire_old_buffer(req, 0);
 	if (error == 0) {
+		u_int mask;
+
 		sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
-		for (i = ENTROPYSOURCE - 1; i >= 0; i--)
-			sbuf_cat(&sbuf, (hc_source_mask & (1 << i)) ? "1" : "0");
+		mask = atomic_load_int(&hc_source_mask);
+		for (i = ENTROPYSOURCE - 1; i >= 0; i--) {
+			bool present;
+
+			present = (mask & (1u << i)) != 0;
+			sbuf_cat(&sbuf, present ? "1" : "0");
+		}
 		error = sbuf_finish(&sbuf);
 		sbuf_delete(&sbuf);
 	}
@@ -658,16 +669,21 @@ random_print_harvestmask_symbolic(SYSCTL_HANDLER_ARGS)
 	first = true;
 	error = sysctl_wire_old_buffer(req, 0);
 	if (error == 0) {
+		u_int mask;
+
 		sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
+		mask = atomic_load_int(&hc_source_mask);
 		for (i = ENTROPYSOURCE - 1; i >= 0; i--) {
-			if (i >= RANDOM_PURE_START &&
-			    (hc_source_mask & (1 << i)) == 0)
+			bool present;
+
+			present = (mask & (1u << i)) != 0;
+			if (i >= RANDOM_PURE_START && !present)
 				continue;
 			if (!first)
 				sbuf_cat(&sbuf, ",");
-			sbuf_cat(&sbuf, !(hc_source_mask & (1 << i)) ? "[" : "");
+			sbuf_cat(&sbuf, !present ? "[" : "");
 			sbuf_cat(&sbuf, random_source_descr[i]);
-			sbuf_cat(&sbuf, !(hc_source_mask & (1 << i)) ? "]" : "");
+			sbuf_cat(&sbuf, !present ? "]" : "");
 			first = false;
 		}
 		error = sbuf_finish(&sbuf);
@@ -885,8 +901,8 @@ random_source_register(const struct random_source *rsource)
 
 	printf("random: registering fast source %s\n", rsource->rs_ident);
 
-	hc_source_mask |= (1 << rsource->rs_source);
 	RANDOM_HARVEST_LOCK();
+	hc_source_mask |= (1 << rsource->rs_source);
 	CK_LIST_INSERT_HEAD(&source_list, rrs, rrs_entries);
 	RANDOM_HARVEST_UNLOCK();
 }
@@ -898,8 +914,8 @@ random_source_deregister(const struct random_source *rsource)
 
 	KASSERT(rsource != NULL, ("invalid input to %s", __func__));
 
-	hc_source_mask &= ~(1 << rsource->rs_source);
 	RANDOM_HARVEST_LOCK();
+	hc_source_mask &= ~(1 << rsource->rs_source);
 	CK_LIST_FOREACH(rrs, &source_list, rrs_entries)
 		if (rrs->rrs_source == rsource) {
 			CK_LIST_REMOVE(rrs, rrs_entries);