lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141226005240.GA20702@gondor.apana.org.au>
Date:	Fri, 26 Dec 2014 11:52:40 +1100
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	Fengguang Wu <fengguang.wu@...el.com>, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org,
	Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
	Amos Kong <akong@...hat.com>, m@...s.ch, mpm@...enic.com,
	amit.shah@...hat.com
Subject: Re: [PATCH 2/5] hwrng: core - Fix current_rng init/cleanup race yet
 again

On Wed, Dec 24, 2014 at 09:56:36AM +1030, Rusty Russell wrote:
>
> I'll have to pull the tree to review it properly, but the theory was
> that the reference count was counting users of the rng.  Now I don't
> know what it's counting:

The reference count starts off at zero, meaning that the RNG
has not been initialised.  It becomes one when we do hwrng_init.
After that each user adds/subtracts from it.  When it hits zero
we will clean it up and await for either deregistration or the
next hwrng_init.

> >  static inline int hwrng_init(struct hwrng *rng)
> >  {
> > +	if (kref_get_unless_zero(&rng->ref))
> > +		goto skip_init;
> > +
> >  	if (rng->init) {
> >  		int ret;
> 
> OK, so this skip_init branch is triggered when the rng is being
> shut down as it's no longer current_rng?

Right, if it triggers it means that we have already been initialised
previously and we have not yet executed cleanup on the RNG even
though at some point another RNG came in and became current_rng.

Bottom line is that this RNG is still good and we don't need to
(can't) initialise it.

> > +
> > +	kref_init(&rng->ref);
> > +	reinit_completion(&rng->cleanup_done);
> > +
> > +skip_init:
> >  	add_early_randomness(rng);
> 
> Then we use it to add randomness?

Honestly I don't care about whether we add randomness or not
in this case but this is what the code did before.  If you dislike
that feel free to send in a patch to kill this too.

> > @@ -467,6 +474,9 @@ int hwrng_register(struct hwrng *rng)
> >  			goto out_unlock;
> >  	}
> >  
> > +	init_completion(&rng->cleanup_done);
> > +	complete(&rng->cleanup_done);
> > +
> 
> This code smells very bad.

Well, it would smell better if someone added a helper that lets
you initialise a completion that is already complete :)

Point is the RNG must only be in two states.  Either it's the
current RNG in which case cleanup_done must be false/incomplete,
or it's not and cleanup_done must be either already complete or
will be complete at some point in the future.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ