| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHmME9pktmNpcBS_DJhJ5Z+6xO9P1wroQ9_gwx8KZMBxk1FBeQ@mail.gmail.com>
Date: Mon, 7 Feb 2022 19:42:40 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: pmenzel@...gen.mpg.de
Cc: "Theodore Y. Ts'o" <tytso@....edu>,
LKML <linux-kernel@...r.kernel.org>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Jann Horn <jannh@...gle.com>
Subject: Re: BUG: KCSAN: data-race in add_device_randomness+0x20d/0x290
Hi Paul,
Thanks for the report. I assume that this is actually an old bug. Do
you have a vmlinux or a random.o from this kernel you could send me to
double check? Without that, my best guess, which I'd say I have
relatively high confidence about, is that the "1 byte read" is
actually a `movzx eax, cs:lfsr` referring to the `static u8 lfsr`
here, which gets inlined into add_device_randomness:
static int crng_slow_load(const u8 *cp, size_t len)
{
unsigned long flags;
static u8 lfsr = 1;
This was added in 2008 with dc12baacb95f ("random: use a different
mixing algorithm for add_device_randomness()"). My understanding is
that the race here isn't super problematic as we're in kind of a half
assed "low effort" phase anyway. But I'll give it some thought. I'm
CCing Jann as well who reported the original issue that motivated that
change.
Regards,
Jason
Powered by blists - more mailing lists