提交 2484eb92 编写于 作者: E Eric Biggers 提交者: Zheng Zengkai

random: fix data race on crng init time

stable inclusion
from stable-v5.10.92
commit 61cca7d191c7c143bc8f3e779859f8b3d5100c89
bugzilla: 186193 https://gitee.com/openeuler/kernel/issues/I53108

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=61cca7d191c7c143bc8f3e779859f8b3d5100c89

--------------------------------

commit 009ba856 upstream.

_extract_crng() does plain loads of crng->init_time and
crng_global_init_time, which causes undefined behavior if
crng_reseed() and RNDRESEEDCRNG modify these corrently.

Use READ_ONCE() and WRITE_ONCE() to make the behavior defined.

Don't fix the race on crng->init_time by protecting it with crng->lock,
since it's not a problem for duplicate reseedings to occur.  I.e., the
lockless access with READ_ONCE() is fine.

Fixes: d848e5f8 ("random: add new ioctl RNDRESEEDCRNG")
Fixes: e192be9d ("random: replace non-blocking pool with a Chacha20-based CRNG")
Cc: stable@vger.kernel.org
Signed-off-by: NEric Biggers <ebiggers@google.com>
Acked-by: NPaul E. McKenney <paulmck@kernel.org>
Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
上级 73ef73f6
...@@ -990,7 +990,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) ...@@ -990,7 +990,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
crng->state[i+4] ^= buf.key[i] ^ rv; crng->state[i+4] ^= buf.key[i] ^ rv;
} }
memzero_explicit(&buf, sizeof(buf)); memzero_explicit(&buf, sizeof(buf));
crng->init_time = jiffies; WRITE_ONCE(crng->init_time, jiffies);
spin_unlock_irqrestore(&crng->lock, flags); spin_unlock_irqrestore(&crng->lock, flags);
if (crng == &primary_crng && crng_init < 2) { if (crng == &primary_crng && crng_init < 2) {
invalidate_batched_entropy(); invalidate_batched_entropy();
...@@ -1016,12 +1016,15 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) ...@@ -1016,12 +1016,15 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
static void _extract_crng(struct crng_state *crng, static void _extract_crng(struct crng_state *crng,
__u8 out[CHACHA_BLOCK_SIZE]) __u8 out[CHACHA_BLOCK_SIZE])
{ {
unsigned long v, flags; unsigned long v, flags, init_time;
if (crng_ready() && if (crng_ready()) {
(time_after(crng_global_init_time, crng->init_time) || init_time = READ_ONCE(crng->init_time);
time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))) if (time_after(READ_ONCE(crng_global_init_time), init_time) ||
crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL); time_after(jiffies, init_time + CRNG_RESEED_INTERVAL))
crng_reseed(crng, crng == &primary_crng ?
&input_pool : NULL);
}
spin_lock_irqsave(&crng->lock, flags); spin_lock_irqsave(&crng->lock, flags);
if (arch_get_random_long(&v)) if (arch_get_random_long(&v))
crng->state[14] ^= v; crng->state[14] ^= v;
...@@ -1976,7 +1979,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) ...@@ -1976,7 +1979,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
if (crng_init < 2) if (crng_init < 2)
return -ENODATA; return -ENODATA;
crng_reseed(&primary_crng, &input_pool); crng_reseed(&primary_crng, &input_pool);
crng_global_init_time = jiffies - 1; WRITE_ONCE(crng_global_init_time, jiffies - 1);
return 0; return 0;
default: default:
return -EINVAL; return -EINVAL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册