Re: drivers/char/random.c line 728 BUG

From: Aaron Straus
Date: Thu Aug 28 2008 - 18:59:36 EST


Hi,

On Aug 26 03:59 PM, Aaron Straus wrote:
> kernel BUG at drivers/char/random.c:728!

OK so that's (outside spinlock):

BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);

in credit_entropy_bits we do (inside spinlock):

r->entropy_count += nbits;
if (r->entropy_count < 0) {
DEBUG_ENT("negative entropy/overflow\n");
r->entropy_count = 0;
} else if (r->entropy_count > r->poolinfo->POOLBITS)
r->entropy_count = r->poolinfo->POOLBITS;

I wonder if we got unlucky and did the:

r->entropy_count += nbits

- overflowed the entropy_count THEN
- another thread hits the BUG before this thread reaches

r->entropy_count = r->poolinfo->POOLBITS;

--

I notice before this commit:

commit adc782dae6c4c0f6fb679a48a544cfbcd79ae3dc
Author: Matt Mackall <mpm@xxxxxxxxxxx>
Date: Tue Apr 29 01:03:07 2008 -0700

random: simplify and rename credit_entropy_store

The credit_entropy_store function looks like this:

spin_lock_irqsave(&r->lock, flags);

if (r->entropy_count + nbits < 0) {
DEBUG_ENT("negative entropy/overflow (%d+%d)\n",
r->entropy_count, nbits);
r->entropy_count = 0;
} else if (r->entropy_count + nbits > r->poolinfo->POOLBITS) {
r->entropy_count = r->poolinfo->POOLBITS;
} else {
r->entropy_count += nbits;
if (nbits)
DEBUG_ENT("added %d entropy credits to %s\n",
nbits, r->name);
}


Notice the old version is careful not to overflow r->entropy_count at
any point (even within the spinlock). So perhaps that's why we didn't
hit this BUG() in the past?

Thanks!

=a=


--
===================
Aaron Straus
aaron@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/