From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Matt Mackall <mpm@selenic.com>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
Greg Kroah-Hartman <greg@kroah.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH] char random: fix boot id uniqueness race
Date: Sun, 29 Jan 2012 23:40:12 -0500 [thread overview]
Message-ID: <20120130044012.GA31966@Krystal> (raw)
The proc file /proc/sys/kernel/random/boot_id can be read concurrently
by user-space processes. If two (or more) user-space processes
concurrently read boot_id when sysctl_bootid is not yet assigned, a race
can occur making boot_id differ between the reads. Because the whole
point of the boot id is to be unique across a kernel execution, fix this
by protecting this operation with a mutex, and introduce a
boot_id_generated flag, along with appropriate memory barriers, to let
the fast-path know if the boot ID has been generated without having to
hold the mutex.
I propose this approach rather than setting it up within an initcall(),
because letting execution randomness add to entropy before populating
the boot id seems to be a wanted property. Also, populating it lazily
rather than at boot time only makes the performance hit be taken when
boot_id is being read.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
CC: "Theodore Ts'o" <tytso@mit.edu>
CC: Matt Mackall <mpm@selenic.com>
CC: Greg Kroah-Hartman <greg@kroah.com>
---
drivers/char/random.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
Index: linux-2.6-lttng/drivers/char/random.c
===================================================================
--- linux-2.6-lttng.orig/drivers/char/random.c
+++ linux-2.6-lttng/drivers/char/random.c
@@ -1231,6 +1231,8 @@ static int min_read_thresh = 8, min_writ
static int max_read_thresh = INPUT_POOL_WORDS * 32;
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
+static int boot_id_generated;
+static DEFINE_MUTEX(boot_id_mutex);
/*
* These functions is used to return both the bootid UUID, and random
@@ -1250,10 +1252,22 @@ static int proc_do_uuid(ctl_table *table
uuid = table->data;
if (!uuid) {
uuid = tmp_uuid;
- uuid[8] = 0;
- }
- if (uuid[8] == 0)
generate_random_uuid(uuid);
+ } else {
+ if (unlikely(!ACCESS_ONCE(boot_id_generated))) {
+ mutex_lock(&boot_id_mutex);
+ if (!boot_id_generated) {
+ generate_random_uuid(uuid);
+ /* Store uuid before boot_id_generated. */
+ smp_wmb();
+ boot_id_generated = 1;
+ }
+ mutex_unlock(&boot_id_mutex);
+ } else {
+ /* Load boot_id_generated before uuid */
+ smp_rmb();
+ }
+ }
sprintf(buf, "%pU", uuid);
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
next reply other threads:[~2012-01-30 4:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-30 4:40 Mathieu Desnoyers [this message]
2012-01-31 15:59 ` [PATCH] char random: fix boot id uniqueness race Ted Ts'o
2012-01-31 16:25 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120130044012.GA31966@Krystal \
--to=mathieu.desnoyers@efficios.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.