diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2014-06-15 21:04:32 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2014-06-15 21:04:32 -0400 |
| commit | e33ba5fa7afce1a9f159704121d4e4d110df8185 (patch) | |
| tree | ec1d1728fea1e7d20351cb99ae992356a98e7e12 | |
| parent | 1860e379875dfe7271c649058aeddffe5afd9d0d (diff) | |
random: fix nasty entropy accounting bug
Commit 0fb7a01af5b0 "random: simplify accounting code", introduced in
v3.15, has a very nasty accounting problem when the entropy pool has
has fewer bytes of entropy than the number of requested reserved
bytes. In that case, "have_bytes - reserved" goes negative, and since
size_t is unsigned, the expression:
ibytes = min_t(size_t, ibytes, have_bytes - reserved);
... does not do the right thing. This is rather bad, because it
defeats the catastrophic reseeding feature in the
xfer_secondary_pool() path.
It also can cause the "BUG: spinlock trylock failure on UP" for some
kernel configurations when prandom_reseed() calls get_random_bytes()
in the early init, since when the entropy count gets corrupted,
credit_entropy_bits() erroneously believes that the nonblocking pool
has been fully initialized (when in fact it is not), and so it calls
prandom_reseed(true) recursively leading to the spinlock BUG.
The logic is *not* the same it was originally, but in the cases where
it matters, the behavior is the same, and the resulting code is
hopefully easier to read and understand.
Fixes: 0fb7a01af5b0 "random: simplify accounting code"
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: Greg Price <price@mit.edu>
Cc: stable@vger.kernel.org #v3.15
| -rw-r--r-- | drivers/char/random.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index 102c50d38902..2b6e4cd8de8e 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c | |||
| @@ -979,7 +979,6 @@ static void push_to_pool(struct work_struct *work) | |||
| 979 | static size_t account(struct entropy_store *r, size_t nbytes, int min, | 979 | static size_t account(struct entropy_store *r, size_t nbytes, int min, |
| 980 | int reserved) | 980 | int reserved) |
| 981 | { | 981 | { |
| 982 | int have_bytes; | ||
| 983 | int entropy_count, orig; | 982 | int entropy_count, orig; |
| 984 | size_t ibytes; | 983 | size_t ibytes; |
| 985 | 984 | ||
| @@ -988,17 +987,19 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, | |||
| 988 | /* Can we pull enough? */ | 987 | /* Can we pull enough? */ |
| 989 | retry: | 988 | retry: |
| 990 | entropy_count = orig = ACCESS_ONCE(r->entropy_count); | 989 | entropy_count = orig = ACCESS_ONCE(r->entropy_count); |
| 991 | have_bytes = entropy_count >> (ENTROPY_SHIFT + 3); | ||
| 992 | ibytes = nbytes; | 990 | ibytes = nbytes; |
| 993 | /* If limited, never pull more than available */ | 991 | /* If limited, never pull more than available */ |
| 994 | if (r->limit) | 992 | if (r->limit) { |
| 995 | ibytes = min_t(size_t, ibytes, have_bytes - reserved); | 993 | int have_bytes = entropy_count >> (ENTROPY_SHIFT + 3); |
| 994 | |||
| 995 | if ((have_bytes -= reserved) < 0) | ||
| 996 | have_bytes = 0; | ||
| 997 | ibytes = min_t(size_t, ibytes, have_bytes); | ||
| 998 | } | ||
| 996 | if (ibytes < min) | 999 | if (ibytes < min) |
| 997 | ibytes = 0; | 1000 | ibytes = 0; |
| 998 | if (have_bytes >= ibytes + reserved) | 1001 | if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0) |
| 999 | entropy_count -= ibytes << (ENTROPY_SHIFT + 3); | 1002 | entropy_count = 0; |
| 1000 | else | ||
| 1001 | entropy_count = reserved << (ENTROPY_SHIFT + 3); | ||
| 1002 | 1003 | ||
| 1003 | if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) | 1004 | if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) |
| 1004 | goto retry; | 1005 | goto retry; |