Move the isc_random API initialization to the thread_local variable

Instead of writing complicated wrappers for every thread, move the
initialization back to isc_random unit and check whether the random seed
was initialized with a thread_local variable.

Ensure that isc_entropy_get() returns a non-zero seed.

This avoids problems with thread sanitizer tests getting stuck in an
infinite loop.

diff --git a/lib/isc/Makefile.am b/lib/isc/Makefile.am
index 293e3a6a4434df459b92c5632d72eaf61f19da22..df23562ac41fd4fc6fe8594a6c1d2ca6d95ed8d2 100644 (file)
--- a/lib/isc/Makefile.am
+++ b/lib/isc/Makefile.am
@@ -177,7 +177,6 @@ libisc_la_SOURCES =         \
        qsbr.c                  \
        radix.c                 \
        random.c                \
-       random_p.h              \
        ratelimiter.c           \
        regex.c                 \
        region.c                \

diff --git a/lib/isc/lib.c b/lib/isc/lib.c
index 3787e813d41fe5217a656a5528eaaa228b7b3b7a..bef3e25558c45e9d1d4d79d1da59af309dc499d3 100644 (file)
--- a/lib/isc/lib.c
+++ b/lib/isc/lib.c
@@ -26,7 +26,6 @@
 #include "mem_p.h"
 #include "mutex_p.h"
 #include "os_p.h"
-#include "random_p.h"
 
 #ifndef ISC_CONSTRUCTOR
 #error Either __attribute__((constructor|destructor))__ or DllMain support needed to compile BIND 9.
@@ -46,7 +45,6 @@ isc__initialize(void) {
        isc__os_initialize();
        isc__mutex_initialize();
        isc__mem_initialize();
-       isc__random_initialize();
        isc__tls_initialize();
        isc__uv_initialize();
        isc__xml_initialize();

diff --git a/lib/isc/loop.c b/lib/isc/loop.c
index de8073c83551f6cf5c74d12e2e06707213c296e2..5209172a0f60b0ed1d05c63a109134eaf87aac2b 100644 (file)
--- a/lib/isc/loop.c
+++ b/lib/isc/loop.c
@@ -42,7 +42,6 @@
 #include "async_p.h"
 #include "job_p.h"
 #include "loop_p.h"
-#include "random_p.h"
 
 /**
  * Private

diff --git a/lib/isc/random.c b/lib/isc/random.c
index 5d67f81b147275a75cc16df0fb78bbe631c43561..a9608b8696a718a636b525f2f0fb839c17d74dbd 100644 (file)
--- a/lib/isc/random.c
+++ b/lib/isc/random.c
@@ -42,8 +42,6 @@
 #include <isc/types.h>
 #include <isc/util.h>
 
-#include "random_p.h"
-
 /*
  * Written in 2018 by David Blackman and Sebastiano Vigna (vigna@acm.org)
  *
@@ -63,6 +61,7 @@
  * The state must be seeded so that it is not everywhere zero.
  */
 
+static thread_local bool initialized = false;
 static thread_local uint32_t seed[4] = { 0 };
 
 static uint32_t
@@ -88,8 +87,13 @@ next(void) {
 
        return (result_starstar);
 }
-void
+
+static void
 isc__random_initialize(void) {
+       if (initialized) {
+               return;
+       }
+
 #if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
        /*
         * A fixed seed helps with problem reproduction when fuzzing. It must be
@@ -97,33 +101,41 @@ isc__random_initialize(void) {
         * first result needs to be non-zero as expected by random_test.c
         */
        seed[0] = 1;
-#else  /* if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
-       isc_entropy_get(seed, sizeof(seed));
 #endif /* if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
+       while (seed[0] == 0 && seed[1] == 0 && seed[2] == 0 && seed[3] == 0) {
+               isc_entropy_get(seed, sizeof(seed));
+       }
+       initialized = true;
 }
 
 uint8_t
 isc_random8(void) {
+       isc__random_initialize();
        return ((uint8_t)next());
 }
 
 uint16_t
 isc_random16(void) {
+       isc__random_initialize();
        return ((uint16_t)next());
 }
 
 uint32_t
 isc_random32(void) {
+       isc__random_initialize();
        return (next());
 }
 
 void
 isc_random_buf(void *buf, size_t buflen) {
+       REQUIRE(buf != NULL);
+       REQUIRE(buflen > 0);
+
        int i;
        uint32_t r;
 
-       REQUIRE(buf != NULL);
-       REQUIRE(buflen > 0);
+       isc__random_initialize();
 
        for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) {
                r = next();
@@ -136,6 +148,8 @@ isc_random_buf(void *buf, size_t buflen) {
 
 uint32_t
 isc_random_uniform(uint32_t limit) {
+       isc__random_initialize();
+
        /*
         * Daniel Lemire's nearly-divisionless unbiased bounded random numbers.
         *

diff --git a/lib/isc/random_p.h b/lib/isc/random_p.h
deleted file mode 100644 (file)
index 3e4917f..0000000
--- a/lib/isc/random_p.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#pragma once
-
-#include <isc/lang.h>
-
-/*! \file isc/random_p.h
- * \brief For automatically seeding and re-seeding when required.
- */
-
-ISC_LANG_BEGINDECLS
-
-void
-isc__random_initialize(void);
-/*!<
- * \brief Seed the thread-local random number state with fresh entropy.
- */
-
-ISC_LANG_ENDDECLS

diff --git a/lib/isc/thread.c b/lib/isc/thread.c
index c3bcc397e82dd1b84d1baaccc8940ba37cce5239..c0a1607db4626e9d830edf8c451dbb55fad0cd2b 100644 (file)
--- a/lib/isc/thread.c
+++ b/lib/isc/thread.c
@@ -35,8 +35,6 @@
 #include <isc/thread.h>
 #include <isc/util.h>
 
-#include "random_p.h"
-
 #ifndef THREAD_MINSTACKSIZE
 #define THREAD_MINSTACKSIZE (1024U * 1024)
 #endif /* ifndef THREAD_MINSTACKSIZE */
@@ -82,9 +80,6 @@ thread_run(void *arg) {
        wrap->free(malloc(1));
        wrap->free(wrap);
 
-       /* Re-seed the random number generator in each thread. */
-       isc__random_initialize();
-
        /* Get a thread-local digest context. */
        isc__iterated_hash_initialize();