From owner-dev-commits-src-branches@freebsd.org  Fri Aug  6 05:13:32 2021
Return-Path: <owner-dev-commits-src-branches@freebsd.org>
Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95A23670435;
 Fri,  6 Aug 2021 05:13:32 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Ggtt43Z3Sz3GY9;
 Fri,  6 Aug 2021 05:13:32 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6311C27C36;
 Fri,  6 Aug 2021 05:13:32 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1765DWOJ000869;
 Fri, 6 Aug 2021 05:13:32 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1765DW3I000868;
 Fri, 6 Aug 2021 05:13:32 GMT (envelope-from git)
Date: Fri, 6 Aug 2021 05:13:32 GMT
Message-Id: <202108060513.1765DW3I000868@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: "David E. O'Brien" <obrien@FreeBSD.org>
Subject: git: ba2f52819c51 - stable/12 - Fortuna: Fix a race to prevent reseed
 spamming
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: obrien
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: ba2f52819c51853ce9f158878f13da736718fad2
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-branches@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the stable branches of the FreeBSD src repository
 <dev-commits-src-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-branches/>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Help: <mailto:dev-commits-src-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2021 05:13:32 -0000

The branch stable/12 has been updated by obrien:

URL: https://cgit.FreeBSD.org/src/commit/?id=ba2f52819c51853ce9f158878f13da736718fad2

commit ba2f52819c51853ce9f158878f13da736718fad2
Author:     Conrad Meyer <cem@FreeBSD.org>
AuthorDate: 2018-10-20 21:09:12 +0000
Commit:     David E. O'Brien <obrien@FreeBSD.org>
CommitDate: 2021-08-06 05:12:00 +0000

    Fortuna: Fix a race to prevent reseed spamming
    
    If multiple threads enter fortuna_pre_read contemporaneously, such as via
    read(2) or getrandom(2), they could race to check how long it has been since
    the last update due to a TOCTOU problem with 'now'.
    
    Here is an example problematic execution:
    
    Thread A:                       Thread B:
    now_A = getsbinuptime();
                                    now_B = getsbinuptime();  // now_B > now_A
                                    RANDOM_RESEED_LOCK();
                                    if (now - fs_lasttime > SBT_1S/10) {
                                            fs_lasttime = now;
                                            ... // reseed
                                    }
                                    RANDOM_RESEED_UNLOCK();
    RANDOM_RESEED_LOCK();
    if (now_A - fs_lasttime > SBT_1S/10)  // now_A - fs_lasttime underflows
            fs_lasttime = now_A;
            ... // reseed again, despite less than 100ms elapsing
    }
    RANDOM_RESEED_UNLOCK();
    
    To resolve the race, simply check the current time after we win the lock
    race.
    
    If getsbinuptime is perceived to be expensive, another option might be to
    just accept the race and validate that fs_lasttime isn't "in the future."
    (It should be within the last ~2^31 seconds out of ~2^32 seconds
    representable duration.)
    
    Reviewed by:    delphij, markm
    Approved by:    secteam (delphij)
    Sponsored by:   Dell EMC Isilon
    Differential Revision:  https://reviews.freebsd.org/D16984
    (cherry picked from commit 5528565a76f5caae336d4f13213108dc1fad4ae0)
---
 sys/dev/random/fortuna.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c
index 6382d47b1415..f9a29fd5a596 100644
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@@ -368,11 +368,11 @@ random_fortuna_pre_read(void)
 	u_int i;
 
 	KASSERT(fortuna_state.fs_minpoolsize > 0, ("random: Fortuna threshold must be > 0"));
+	RANDOM_RESEED_LOCK();
 #ifdef _KERNEL
 	/* FS&K - Use 'getsbinuptime()' to prevent reseed-spamming. */
 	now = getsbinuptime();
 #endif
-	RANDOM_RESEED_LOCK();
 
 	if (fortuna_state.fs_pool[0].fsp_length >= fortuna_state.fs_minpoolsize
 #ifdef _KERNEL