Commit cda796a3 authored by Matt Mackall's avatar Matt Mackall Committed by Linus Torvalds

random: don't try to look at entropy_count outside the lock

As a non-atomic value, it's only safe to look at entropy_count when the
pool lock is held, so we move the BUG_ON inside the lock for correctness.

Also remove the spurious comment.  It's ok for entropy_count to
temporarily exceed POOLBITS so long as it's left in a consistent state
when the lock is released.

This is a more correct, simple, and idiomatic fix for the bug in
8b76f46a.  I've left the reorderings introduced by that patch in place
as they're harmless, even though they don't properly deal with potential
atomicity issues.
Signed-off-by: default avatarMatt Mackall <mpm@selenic.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 71183c94
...@@ -407,7 +407,7 @@ struct entropy_store { ...@@ -407,7 +407,7 @@ struct entropy_store {
/* read-write data: */ /* read-write data: */
spinlock_t lock; spinlock_t lock;
unsigned add_ptr; unsigned add_ptr;
int entropy_count; /* Must at no time exceed ->POOLBITS! */ int entropy_count;
int input_rotate; int input_rotate;
}; };
...@@ -767,11 +767,10 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, ...@@ -767,11 +767,10 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
{ {
unsigned long flags; unsigned long flags;
BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);
/* Hold lock while accounting */ /* Hold lock while accounting */
spin_lock_irqsave(&r->lock, flags); spin_lock_irqsave(&r->lock, flags);
BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);
DEBUG_ENT("trying to extract %d bits from %s\n", DEBUG_ENT("trying to extract %d bits from %s\n",
nbytes * 8, r->name); nbytes * 8, r->name);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment