random: fix locking for crng_init in crng_reseed()

crng_init is protected by primary_crng->lock. Therefore, we need
to hold this lock when increasing crng_init to 2. As we shouldn't
hold this lock for too long, only hold it for those parts which
require protection.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 8ae7d0b..1ccd92e 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -502,6 +502,7 @@ static void crng_reseed(void)
        int entropy_count;
        unsigned long next_gen;
        u8 key[CHACHA_KEY_SIZE];
+       bool finalize_init = false;
 
        /*
         * First we make sure we have POOL_MIN_BITS of entropy in the pool,
@@ -529,12 +530,14 @@ static void crng_reseed(void)
                ++next_gen;
        WRITE_ONCE(base_crng.generation, next_gen);
        WRITE_ONCE(base_crng.birth, jiffies);
-       spin_unlock_irqrestore(&base_crng.lock, flags);
-       memzero_explicit(key, sizeof(key));
-
        if (crng_init < 2) {
                invalidate_batched_entropy();
                crng_init = 2;
+               finalize_init = true;
+       }
+       spin_unlock_irqrestore(&base_crng.lock, flags);
+       memzero_explicit(key, sizeof(key));
+       if (finalize_init) {
                process_random_ready_list();
                wake_up_interruptible(&crng_init_wait);
                kill_fasync(&fasync, SIGIO, POLL_IN);