[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141226005240.GA20702@gondor.apana.org.au>
Date: Fri, 26 Dec 2014 11:52:40 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Rusty Russell <rusty@...tcorp.com.au>
Cc: Fengguang Wu <fengguang.wu@...el.com>, LKP <lkp@...org>,
linux-kernel@...r.kernel.org,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Amos Kong <akong@...hat.com>, m@...s.ch, mpm@...enic.com,
amit.shah@...hat.com
Subject: Re: [PATCH 2/5] hwrng: core - Fix current_rng init/cleanup race yet
again
On Wed, Dec 24, 2014 at 09:56:36AM +1030, Rusty Russell wrote:
>
> I'll have to pull the tree to review it properly, but the theory was
> that the reference count was counting users of the rng. Now I don't
> know what it's counting:
The reference count starts off at zero, meaning that the RNG
has not been initialised. It becomes one when we do hwrng_init.
After that each user adds/subtracts from it. When it hits zero
we will clean it up and await for either deregistration or the
next hwrng_init.
> > static inline int hwrng_init(struct hwrng *rng)
> > {
> > + if (kref_get_unless_zero(&rng->ref))
> > + goto skip_init;
> > +
> > if (rng->init) {
> > int ret;
>
> OK, so this skip_init branch is triggered when the rng is being
> shut down as it's no longer current_rng?
Right, if it triggers it means that we have already been initialised
previously and we have not yet executed cleanup on the RNG even
though at some point another RNG came in and became current_rng.
Bottom line is that this RNG is still good and we don't need to
(can't) initialise it.
> > +
> > + kref_init(&rng->ref);
> > + reinit_completion(&rng->cleanup_done);
> > +
> > +skip_init:
> > add_early_randomness(rng);
>
> Then we use it to add randomness?
Honestly I don't care about whether we add randomness or not
in this case but this is what the code did before. If you dislike
that feel free to send in a patch to kill this too.
> > @@ -467,6 +474,9 @@ int hwrng_register(struct hwrng *rng)
> > goto out_unlock;
> > }
> >
> > + init_completion(&rng->cleanup_done);
> > + complete(&rng->cleanup_done);
> > +
>
> This code smells very bad.
Well, it would smell better if someone added a helper that lets
you initialise a completion that is already complete :)
Point is the RNG must only be in two states. Either it's the
current RNG in which case cleanup_done must be false/incomplete,
or it's not and cleanup_done must be either already complete or
will be complete at some point in the future.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists