Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp569981lqb; Wed, 17 Apr 2024 05:12:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW1VTEvNPvTtOEjBaBrDw4ZytvVMvjTK4XKXwcCRre05zZBv7SB0Clc4GY7gfVgPZeXB2Sv/1V/YauNhSSguzMrlgyVbU9tNj8hDYZlZA== X-Google-Smtp-Source: AGHT+IH3m8S+9rsralEy237ueuezgt2R5VVlvhEEFicmfE5bFbXb7p6KDPArNIAZthjznh+yHuU6 X-Received: by 2002:a17:903:2447:b0:1e8:92:c5e2 with SMTP id l7-20020a170903244700b001e80092c5e2mr3957192pls.47.1713355939885; Wed, 17 Apr 2024 05:12:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713355939; cv=pass; d=google.com; s=arc-20160816; b=OMCOW1F+mJVcaaPNv5FuJIUBTCfxuV6C6GRcv090fJrOduNmQRUE7JzYwoh67xftfV wRyp8QocRjWaR5ROcREkB4mDIQhvmRc4fgudgBBwwVpcwT5KKH+hsvsQ03ESgWzxGltW htJmP9cbXwsOAz4CuvP1GydC25Af2zKAIUnXkGbi36Eqq/Gz6Sp1grZECxvn3uCbXObz qxIbEPjANfMZIvxcoyhWD4whkUHiwlR1jNUQpgAfDbJA4gw8fgiW+IBBwN57LJzxBKpi k/i0s1GqD+jnZWpOArhLAvbzqvJhFMC4EGSnsewVRad37BK6qdsek63xasFzFXW2ZK6o HREA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=JqUxpmUqpZwb93aWIdk8nK8jsHAciW5UzOnZrGBCZHY=; fh=wIphxSjhyfnAbIt7FfcyEZBM6Sp7zmc4YR0/AKt55HU=; b=IUAW4LaVCX+54qeVpb6HbIqVJDF8DRwkRUdkSXUeXRNgiNBSldwz3s7CMMKdZSioAR 8U3qso6l/QIeuLaPL8Z5a5utDjuqKya4oaYPCflnn2iZ+ZIQlNToblhRy8ph5y9IDVJJ D1EWLe8JBFx9cg+rGH6GS8gO7luPc22uCQw29/VWSBIAmKpogMLJKqyHa2cSfOw/zyWH Jm3Kb23xvpbbI9xMSDkRd/YjH1BS473HGDoNLY/iavI3or5MEw9uWWWPLFXwB0mwA4mL +MvDRQUQ7N7O7LCSiFlZ+vD+zkWIeTtoFjBmgi2kAp8wcrQnxdGgnF7Fk1NqfDCHXHpN RLlQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=OHlXNPsx; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-148447-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-148447-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id c16-20020a170903235000b001e7d3e3dfd2si2915376plh.425.2024.04.17.05.12.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 05:12:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-148447-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=OHlXNPsx; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-148447-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-148447-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id EE838287CE1 for ; Wed, 17 Apr 2024 12:03:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6D0EE13D260; Wed, 17 Apr 2024 12:03:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="OHlXNPsx" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 636DB13CFBD; Wed, 17 Apr 2024 12:03:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713355402; cv=none; b=lFkVPDAm0bpZ2Q4VaSBSrPIKu+oXHlPQv+xTJ0qgufhLc21jyVjyYEMXA70C3gZxGRTdW2TnHDjD2mA7YxyciRH7emrn2zYBP5kJJ0K1eoCewGf3IJ1G7mM4+uSHJJiu/MHuoi76stFMjkFAgGaoskLdyoIdt0Y5U/P/KpeWRw4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713355402; c=relaxed/simple; bh=QrIkxiFKF8Y8in54o6OvTGPcyw/dmYtMduYHgiNnLRM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OpoPmZjHcFqRkGNRX7LCa1qRoDLB7iKSdUqJE7yWZnGOPXkNkrbxsAoqLWnYe9o+YGwlKn6bFs3V/kNIwEt5t6J2MWabT9TVx1dzyayvu69qukFR+fTc+323ZmbBrws/UsvVrAIqa2iJTUu66++TkjmU2sHpVqSwYfhFgDe+mAQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=OHlXNPsx; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 43E73C072AA; Wed, 17 Apr 2024 12:03:21 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="OHlXNPsx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1713355399; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JqUxpmUqpZwb93aWIdk8nK8jsHAciW5UzOnZrGBCZHY=; b=OHlXNPsxgNeFaA7jrH1Br0FTvd5MlBsolxUqxkTmXnoRRp4LoCKRSh9Wpaa1uSsBNth0bj NruZAmbZY/cwQCmnCYruRcp03ibKhQDImJPVkfT8APA8oexA++D+sa6nAU9aQHKv1vzp5C 7tlfLqobpdk11Z41U8yny4pUzFmyWTg= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c1243d44 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 17 Apr 2024 12:03:17 +0000 (UTC) From: "Jason A. Donenfeld" To: guoyong.wang@mediatek.com, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, wsd_upstream@mediatek.com, Theodore Ts'o Cc: "Jason A. Donenfeld" , stable@vger.kernel.org Subject: [PATCH] random: handle creditable entropy from atomic process context Date: Wed, 17 Apr 2024 14:01:11 +0200 Message-ID: <20240417120217.3814215-2-Jason@zx2c4.com> In-Reply-To: <20240402081214.2723-1-guoyong.wang@mediatek.com> References: <20240402081214.2723-1-guoyong.wang@mediatek.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The entropy accounting changes a static key when the RNG has initialized, since it only ever initializes once. Static key changes, however, cannot be made from atomic context, so depending on where the last creditable entropy comes from, the static key change might need to be deferred to a worker. Previously the code used the execute_in_process_context() helper function, which accounts for whether or not the caller is in_interrupt(). However, that doesn't account for the case where the caller is actually in process context but is holding a spinlock. This turned out to be the case with input_handle_event() in drivers/input/input.c contributing entropy: [] die+0xa8/0x2fc [] bug_handler+0x44/0xec [] brk_handler+0x90/0x144 [] do_debug_exception+0xa0/0x148 [] el1_dbg+0x60/0x7c [] el1h_64_sync_handler+0x38/0x90 [] el1h_64_sync+0x64/0x6c [] __might_resched+0x1fc/0x2e8 [] __might_sleep+0x44/0x7c [] cpus_read_lock+0x1c/0xec [] static_key_enable+0x14/0x38 [] crng_set_ready+0x14/0x28 [] execute_in_process_context+0xb8/0xf8 [] _credit_init_bits+0x118/0x1dc [] add_timer_randomness+0x264/0x270 [] add_input_randomness+0x38/0x48 [] input_handle_event+0x2b8/0x490 [] input_event+0x6c/0x98 According to Guoyong, it's not really possible to refactor the various drivers to never hold a spinlock there. And in_atomic() isn't reliable. So, rather than trying to be too fancy, just punt the change in the static key to a workqueue always. There's basically no drawback of doing this, as the code already needed to account for the static key not changing immediately, and given that it's just an optimization, there's not exactly a hurry to change the static key right away, so deferal is fine. Reported-by: Guoyong Wang Cc: stable@vger.kernel.org Fixes: f5bda35fba61 ("random: use static branch for crng_ready()") Signed-off-by: Jason A. Donenfeld --- Guoyong- can you test this and tell me whether it fixes the problem you were seeing? If so, I'll try to get this sent up for 6.9. -Jason drivers/char/random.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 456be28ba67c..2597cb43f438 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -702,7 +702,7 @@ static void extract_entropy(void *buf, size_t len) static void __cold _credit_init_bits(size_t bits) { - static struct execute_work set_ready; + static DECLARE_WORK(set_ready, crng_set_ready); unsigned int new, orig, add; unsigned long flags; @@ -718,8 +718,8 @@ static void __cold _credit_init_bits(size_t bits) if (orig < POOL_READY_BITS && new >= POOL_READY_BITS) { crng_reseed(NULL); /* Sets crng_init to CRNG_READY under base_crng.lock. */ - if (static_key_initialized) - execute_in_process_context(crng_set_ready, &set_ready); + if (static_key_initialized && system_unbound_wq) + queue_work(system_unbound_wq, &set_ready); atomic_notifier_call_chain(&random_ready_notifier, 0, NULL); wake_up_interruptible(&crng_init_wait); kill_fasync(&fasync, SIGIO, POLL_IN); @@ -890,8 +890,8 @@ void __init random_init(void) /* * If we were initialized by the cpu or bootloader before jump labels - * are initialized, then we should enable the static branch here, where - * it's guaranteed that jump labels have been initialized. + * or workqueues are initialized, then we should enable the static + * branch here, where it's guaranteed that these have been initialized. */ if (!static_branch_likely(&crng_is_ready) && crng_init >= CRNG_READY) crng_set_ready(NULL); -- 2.44.0