"Jason A. Donenfeld" Jason@zx2c4.com writes:
There are two deadlock scenarios that need addressing, which cause problems when the computer goes to sleep, the interface is set down, and hwrng_unregister() is called. When the deadlock is hit, sleep is delayed for tens of seconds, causing it to fail. These scenarios are:
The hwrng kthread can't be stopped while it's sleeping, because it uses msleep_interruptible() instead of schedule_timeout_interruptible(). The fix is a simple moving to the correct function. At the same time, we should cleanup a common and useless dmesg splat in the same area.
A normal user thread can't be interrupted by hwrng_unregister() while it's sleeping, because hwrng_unregister() is called from elsewhere. The solution here is to keep track of which thread is currently reading, and asleep, and signal that thread when it's time to unregister. There's a bit of book keeping required to prevent lifetime issues on current.
Acked-by: "Eric W. Biederman" ebiederm@xmission.com
The fix as it is seems fine.
The whole design seems very strange to me. I would think instead of having a current hardware random number generator the kernel would pull from every hardware random generator available. Further that we can get a userspace read all of the way into driver code for a hardware random generator seems weird. I would think in practice we would want all of this filtered through /dev/random, /dev/urandom, and the get_entropy syscall.
Which is a long way of saying it seems very strange to me that we actually want to do what the code is doing.
Eric
Cc: Kalle Valo kvalo@kernel.org Cc: Rui Salvaterra rsalvaterra@gmail.com Cc: Eric W. Biederman ebiederm@xmission.com Cc: Valentin Schneider vschneid@redhat.com Cc: stable@vger.kernel.org Reported-by: Gregory Erwin gregerwin256@gmail.com Tested-by: Gregory Erwin gregerwin256@gmail.com Acked-by: Toke Høiland-Jørgensen toke@toke.dk Acked-by: Herbert Xu herbert@gondor.apana.org.au Fixes: fcd09c90c3c5 ("ath9k: use hw_random API instead of directly dumping into random.c") Link: https://lore.kernel.org/all/CAO+Okf6ZJC5-nTE_EJUGQtd8JiCkiEHytGgDsFGTEjs0c00... Link: https://lore.kernel.org/lkml/CAO+Okf5k+C+SE6pMVfPf-d8MfVPVq4PO7EY8Hys_DVXten... Link: https://bugs.archlinux.org/task/75138 Signed-off-by: Jason A. Donenfeld Jason@zx2c4.com
Changes v9->v10:
- Call it wake_up_task_interruptible, per Eric's remark.
Changes v8->v9:
- Use EXPORT_SYMBOL_GPL instead of EXPORT_SYMBOL.
- Don't export wake_up_state, but rather have __set_notify_signal use wake_up_process_interruptible.
drivers/char/hw_random/core.c | 30 ++++++++++++++++++++++++---- drivers/net/wireless/ath/ath9k/rng.c | 19 +++++++----------- include/linux/sched.h | 1 + include/linux/sched/signal.h | 2 +- kernel/sched/core.c | 6 ++++++ 5 files changed, 41 insertions(+), 17 deletions(-)
diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 16f227b995e8..df45c265878e 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -38,6 +38,8 @@ static LIST_HEAD(rng_list); static DEFINE_MUTEX(rng_mutex); /* Protects rng read functions, data_avail, rng_buffer and rng_fillbuf */ static DEFINE_MUTEX(reading_mutex); +/* Keeps track of whoever is wait-reading it currently while holding reading_mutex. */ +static struct task_struct *current_waiting_reader; static int data_avail; static u8 *rng_buffer, *rng_fillbuf; static unsigned short current_quality; @@ -208,6 +210,7 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf, int err = 0; int bytes_read, len; struct hwrng *rng;
- bool wait;
while (size) { rng = get_current_rng(); @@ -225,9 +228,15 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf, goto out_put; } if (!data_avail) {
wait = !(filp->f_flags & O_NONBLOCK);if (wait && cmpxchg(¤t_waiting_reader, NULL, current) != NULL) {err = -EINTR;goto out_unlock_reading;} bytes_read = rng_get_data(rng, rng_buffer,
rng_buffer_size(),!(filp->f_flags & O_NONBLOCK));
rng_buffer_size(), wait);if (wait && cmpxchg(¤t_waiting_reader, current, NULL) != current)synchronize_rcu(); if (bytes_read < 0) { err = bytes_read; goto out_unlock_reading;@@ -513,8 +522,9 @@ static int hwrng_fillfn(void *unused) break; if (rc <= 0) {
pr_warn("hwrng: no data available\n");msleep_interruptible(10000);
if (kthread_should_stop())break;schedule_timeout_interruptible(HZ * 10); continue;@@ -608,13 +618,21 @@ int hwrng_register(struct hwrng *rng) } EXPORT_SYMBOL_GPL(hwrng_register); +#define UNREGISTERING_READER ((void *)~0UL)
void hwrng_unregister(struct hwrng *rng) { struct hwrng *old_rng, *new_rng;
- struct task_struct *waiting_reader; int err;
mutex_lock(&rng_mutex);
- rcu_read_lock();
- waiting_reader = xchg(¤t_waiting_reader, UNREGISTERING_READER);
- if (waiting_reader && waiting_reader != UNREGISTERING_READER)
set_notify_signal(waiting_reader);- rcu_read_unlock(); old_rng = current_rng; list_del(&rng->list); if (current_rng == rng) {
@@ -640,6 +658,10 @@ void hwrng_unregister(struct hwrng *rng) } wait_for_completion(&rng->cleanup_done);
- mutex_lock(&rng_mutex);
- cmpxchg(¤t_waiting_reader, UNREGISTERING_READER, NULL);
- mutex_unlock(&rng_mutex);
} EXPORT_SYMBOL_GPL(hwrng_unregister); diff --git a/drivers/net/wireless/ath/ath9k/rng.c b/drivers/net/wireless/ath/ath9k/rng.c index cb5414265a9b..8980dc36509e 100644 --- a/drivers/net/wireless/ath/ath9k/rng.c +++ b/drivers/net/wireless/ath/ath9k/rng.c @@ -52,18 +52,13 @@ static int ath9k_rng_data_read(struct ath_softc *sc, u32 *buf, u32 buf_size) return j << 2; } -static u32 ath9k_rng_delay_get(u32 fail_stats) +static unsigned long ath9k_rng_delay_get(u32 fail_stats) {
- u32 delay;
- if (fail_stats < 100)
delay = 10;
return HZ / 100;
delay = 1000;- else
delay = 10000;- return delay;
return HZ;- return HZ * 10;
} static int ath9k_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait) @@ -80,10 +75,10 @@ static int ath9k_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait) bytes_read += max & 3UL; memzero_explicit(&word, sizeof(word)); }
if (!wait || !max || likely(bytes_read) || fail_stats > 110)
if (!wait || !max || likely(bytes_read) || fail_stats > 110 ||((current->flags & PF_KTHREAD) && kthread_should_stop()) ||schedule_timeout_interruptible(ath9k_rng_delay_get(++fail_stats))) break;
msleep_interruptible(ath9k_rng_delay_get(++fail_stats));if (wait && !bytes_read && max) diff --git a/include/linux/sched.h b/include/linux/sched.h index c46f3a63b758..f164098fb614 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1936,6 +1936,7 @@ extern struct task_struct *find_get_task_by_vpid(pid_t nr); extern int wake_up_state(struct task_struct *tsk, unsigned int state); extern int wake_up_process(struct task_struct *tsk); +extern int wake_up_task_interruptible(struct task_struct *tsk); extern void wake_up_new_task(struct task_struct *tsk); #ifdef CONFIG_SMP diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h index cafbe03eed01..56a15f35e7b3 100644 --- a/include/linux/sched/signal.h +++ b/include/linux/sched/signal.h @@ -364,7 +364,7 @@ static inline void clear_notify_signal(void) static inline bool __set_notify_signal(struct task_struct *task) { return !test_and_set_tsk_thread_flag(task, TIF_NOTIFY_SIGNAL) &&
!wake_up_state(task, TASK_INTERRUPTIBLE);
!wake_up_task_interruptible(task);} /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c index da0bf6fe9ecd..b178940185d7 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4280,6 +4280,12 @@ int wake_up_process(struct task_struct *p) } EXPORT_SYMBOL(wake_up_process); +int wake_up_task_interruptible(struct task_struct *p) +{
- return try_to_wake_up(p, TASK_INTERRUPTIBLE, 0);
+} +EXPORT_SYMBOL_GPL(wake_up_task_interruptible);
int wake_up_state(struct task_struct *p, unsigned int state) { return try_to_wake_up(p, state, 0);