I'm so obviously correct that it is impertinent of me to
even ask if I should bother writing/testing a diff?

I'm flattered.

The stuff below has been tested on a VIA C3 box. I'm not
too happy about all the "splhigh()" stuff, but if multiple
things can be happening at the same time, then the code
needs to do something. I'm not sure how to induce the races
the change is trying to avoid...

On Tue, Jan 30, 2007 at 01:10:19PM +0100, mickey wrote:
> re
> come back when you have a working diff.
> this pointless "discussion" is a waste of time.
> cu
>
> --
> paranoic mickey (my employers have changed but, the name has remained)



Index: rnd.c
================================================== =================
RCS file: /usr/cvs/openbsd/src/sys/dev/rnd.c,v
retrieving revision 1.80
diff -u -r1.80 rnd.c
--- rnd.c 11 Apr 2006 14:31:52 -0000 1.80
+++ rnd.c 30 Jan 2007 18:53:06 -0000
@@ -533,6 +533,13 @@
len += sizeof(struct timeval);

s = splhigh();
+
+ if (arc4random_initialized) {
+ splx(s);
+ return;
+ }
+ arc4random_initialized = 1;
+
arc4random_state.i--;
for (n = 0; n < 256; n++) {
arc4random_state.i++;
@@ -546,7 +553,6 @@
arc4random_state.cnt = 0;
rndstats.arc4_stirs += len;
rndstats.arc4_nstirs++;
- splx(s);

/*
* Throw away the first N words of output, as suggested in the
@@ -555,6 +561,8 @@
*/
for (n = 0; n < 256 * 4; n++)
arc4_getbyte();
+
+ splx(s);
}

void
@@ -567,7 +575,6 @@
if (!rnd_attached)
panic("arc4maybeinit: premature");
#endif
- arc4random_initialized++;
arc4_stir();
/* 10 minutes, per dm@'s suggestion */
timeout_add(&arc4_timeout, 10 * 60 * hz);
@@ -843,7 +850,6 @@
buf[0] = rep->re_time;
buf[1] = rep->re_val;
nbits = rep->re_nbits;
- splx(s);

add_entropy_words(buf, 2);

@@ -852,6 +858,8 @@
if (rs->entropy_count > POOLBITS)
rs->entropy_count = POOLBITS;

+ splx(s);
+
if (rs->asleep && rs->entropy_count > 8) {
#ifdef RNDEBUG
if (rnd_debug & RD_WAIT)
@@ -889,6 +897,7 @@
{
struct random_bucket *rs = &random_state;
u_char buffer[16];
+ u_int32_t stir = 0x1234567;
MD5_CTX tmp;
u_int i;
int s;
@@ -901,6 +910,9 @@
else
i = sizeof(buffer) / 2;

+ if (rs->entropy_count / 8 < i)
+ dequeue_randomness(&random_state);
+
/* Hash the pool to get the output */
MD5Init(&tmp);
s = splhigh();
@@ -909,6 +921,10 @@
rs->entropy_count -= i * 8;
else
rs->entropy_count = 0;
+
+ /* Modify pool so next hash will produce different results */
+ add_entropy_words(&stir, 1);
+
splx(s);
MD5Final(buffer, &tmp);

@@ -929,10 +945,6 @@
bcopy(buffer, buf, i);
nbytes -= i;
buf += i;
-
- /* Modify pool so next hash will produce different results */
- add_timer_randomness(nbytes);
- dequeue_randomness(&random_state);
}

/* Wipe data from memory */
@@ -1126,7 +1138,7 @@
struct uio *uio;
int flags;
{
- int ret = 0;
+ int s, ret = 0;
u_int32_t *buf;

if (minor(dev) == RND_RND || minor(dev) == RND_PRND)
@@ -1144,7 +1156,9 @@
if (!ret) {
while (n % sizeof(u_int32_t))
((u_int8_t *) buf)[n++] = 0;
+ s = splhigh();
add_entropy_words(buf, n / 4);
+ splx(s);
}
}