lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 3 Aug 2022 13:25:15 +0100
From:   Vladimir Murzin <vladimir.murzin@....com>
To:     "Michael S. Tsirkin" <mst@...hat.com>
Cc:     Laurent Vivier <lvivier@...hat.com>, linux-kernel@...r.kernel.org,
        amit@...nel.org, Herbert Xu <herbert@...dor.apana.org.au>,
        Matt Mackall <mpm@...enic.com>,
        virtualization@...ts.linux-foundation.org,
        Dmitriy Vyukov <dvyukov@...gle.com>, rusty@...tcorp.com.au,
        akong@...hat.com, Alexander Potapenko <glider@...gle.com>,
        linux-crypto@...r.kernel.org,
        Mauricio De Carvalho <Mauricio.DeCarvalho@....com>,
        Kevin Brodsky <Kevin.Brodsky@....com>
Subject: Re: [PATCH v2 4/4] hwrng: virtio - always add a pending request

On 8/3/22 12:39, Michael S. Tsirkin wrote:
> On Wed, Aug 03, 2022 at 09:57:35AM +0100, Vladimir Murzin wrote:
>> On 8/2/22 13:49, Vladimir Murzin wrote:
>>> Hi Laurent,
>>>
>>> On 10/28/21 11:11, Laurent Vivier wrote:
>>>> If we ensure we have already some data available by enqueuing
>>>> again the buffer once data are exhausted, we can return what we
>>>> have without waiting for the device answer.
>>>>
>>>> Signed-off-by: Laurent Vivier <lvivier@...hat.com>
>>>> ---
>>>>  drivers/char/hw_random/virtio-rng.c | 26 ++++++++++++--------------
>>>>  1 file changed, 12 insertions(+), 14 deletions(-)
>>>>
>>>> diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
>>>> index 8ba97cf4ca8f..0a7dde135db1 100644
>>>> --- a/drivers/char/hw_random/virtio-rng.c
>>>> +++ b/drivers/char/hw_random/virtio-rng.c
>>>> @@ -20,7 +20,6 @@ struct virtrng_info {
>>>>  	struct virtqueue *vq;
>>>>  	char name[25];
>>>>  	int index;
>>>> -	bool busy;
>>>>  	bool hwrng_register_done;
>>>>  	bool hwrng_removed;
>>>>  	/* data transfer */
>>>> @@ -44,16 +43,18 @@ static void random_recv_done(struct virtqueue *vq)
>>>>  		return;
>>>>  
>>>>  	vi->data_idx = 0;
>>>> -	vi->busy = false;
>>>>  
>>>>  	complete(&vi->have_data);
>>>>  }
>>>>  
>>>> -/* The host will fill any buffer we give it with sweet, sweet randomness. */
>>>> -static void register_buffer(struct virtrng_info *vi)
>>>> +static void request_entropy(struct virtrng_info *vi)
>>>>  {
>>>>  	struct scatterlist sg;
>>>>  
>>>> +	reinit_completion(&vi->have_data);
>>>> +	vi->data_avail = 0;
>>>> +	vi->data_idx = 0;
>>>> +
>>>>  	sg_init_one(&sg, vi->data, sizeof(vi->data));
>>>>  
>>>>  	/* There should always be room for one buffer. */
>>>> @@ -69,6 +70,8 @@ static unsigned int copy_data(struct virtrng_info *vi, void *buf,
>>>>  	memcpy(buf, vi->data + vi->data_idx, size);
>>>>  	vi->data_idx += size;
>>>>  	vi->data_avail -= size;
>>>> +	if (vi->data_avail == 0)
>>>> +		request_entropy(vi);
>>>>  	return size;
>>>>  }
>>>>  
>>>> @@ -98,13 +101,7 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
>>>>  	 * so either size is 0 or data_avail is 0
>>>>  	 */
>>>>  	while (size != 0) {
>>>> -		/* data_avail is 0 */
>>>> -		if (!vi->busy) {
>>>> -			/* no pending request, ask for more */
>>>> -			vi->busy = true;
>>>> -			reinit_completion(&vi->have_data);
>>>> -			register_buffer(vi);
>>>> -		}
>>>> +		/* data_avail is 0 but a request is pending */
>>>>  		ret = wait_for_completion_killable(&vi->have_data);
>>>>  		if (ret < 0)
>>>>  			return ret;
>>>> @@ -126,8 +123,7 @@ static void virtio_cleanup(struct hwrng *rng)
>>>>  {
>>>>  	struct virtrng_info *vi = (struct virtrng_info *)rng->priv;
>>>>  
>>>> -	if (vi->busy)
>>>> -		complete(&vi->have_data);
>>>> +	complete(&vi->have_data);
>>>>  }
>>>>  
>>>>  static int probe_common(struct virtio_device *vdev)
>>>> @@ -163,6 +159,9 @@ static int probe_common(struct virtio_device *vdev)
>>>>  		goto err_find;
>>>>  	}
>>>>  
>>>> +	/* we always have a pending entropy request */
>>>> +	request_entropy(vi);
>>>> +
>>>>  	return 0;
>>>>  
>>>>  err_find:
>>>> @@ -181,7 +180,6 @@ static void remove_common(struct virtio_device *vdev)
>>>>  	vi->data_idx = 0;
>>>>  	complete(&vi->have_data);
>>>>  	vdev->config->reset(vdev);
>>>> -	vi->busy = false;
>>>>  	if (vi->hwrng_register_done)
>>>>  		hwrng_unregister(&vi->hwrng);
>>>>  	vdev->config->del_vqs(vdev);
>>>
>>> We observed that after this commit virtio-rng implementation in FVP doesn't
>>> work
>>>
>>> INFO: bp.virtio_rng: Selected Random Generator Device: XORSHIFT DEVICE
>>> INFO: bp.virtio_rng: Using seed value: 0x5674bba8
>>> Error: FVP_Base_AEMvA: bp.virtio_rng: <vq0-requestq> Found invalid descriptor index
>>> In file: (unknown):0
>>> In process: FVP_Base_AEMvA.thread_p_12 @ 935500020 ns
>>> Info: FVP_Base_AEMvA: bp.virtio_rng: Could not extract buffer
>>>
>>> while basic baremetal test works as expected
>>>
>>> INFO: bp.virtio_rng: Selected Random Generator Device: XORSHIFT DEVICE
>>> INFO: bp.virtio_rng: Using seed value: 0x541c142e
>>> Info: FVP_Base_AEMv8A: bp.virtio_rng: Generated Number: 0x4b098991ceb377e6
>>> Info: FVP_Base_AEMv8A: bp.virtio_rng: Generated Number: 0xbdcbe3f765ba62f7
>>>
>>> We are trying to get an idea what is missing and where, yet none of us familiar
>>> with the driver :(
>>>
>>> I'm looping Kevin who originally reported that and Mauricio who is looking form
>>> the FVP side. 
>>
>> With the following diff FVP works agin
>>
>> diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
>> index a6f3a8a2ac..042503ad6c 100644
>> --- a/drivers/char/hw_random/virtio-rng.c
>> +++ b/drivers/char/hw_random/virtio-rng.c
>> @@ -54,6 +54,7 @@ static void request_entropy(struct virtrng_info *vi)
>>         reinit_completion(&vi->have_data);
>>         vi->data_avail = 0;
>>         vi->data_idx = 0;
>> +       smp_mb();
>>  
>>         sg_init_one(&sg, vi->data, sizeof(vi->data));
>>  
>>
>> What do you reckon?
>>
>> Cheers
>> Vladimir
> 
> Thanks for debugging this!
> 
> OK, interesting.
> 
> data_idx and data_avail are accessed from virtio_read.
> 
> Which as far as I can tell is invoked just with reading_mutex.
> 
> 
> But, request_entropy is called from probe when device is registered
> this time without locks
> so it can trigger while another thread is calling virtio_read.
> 
> Second request_entropy is called from a callback random_recv_done
> also without locks.
> 
> So it's great that smp_mb helped here but I suspect in fact we
> need locking. Laurent?
> 

I'm sorry for the noise, but it looks like I'm seeing issue for some different reasons.
I manage to reproduce issue even with smb_mb() in place. The reason I though it helped
is because I changed both environment and added smb_mb().

Anyway, thank you for your time!

Cheers
Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ