lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Jun 2022 18:40:06 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Kees Cook <keescook@...omium.org>,
        "Theodore Tso" <tytso@....edu>, Arnd Bergmann <arnd@...db.de>,
        Ingo Molnar <mingo@...nel.org>, Jessica Yu <jeyu@...hat.com>,
        "Steven Rostedt (VMware)" <rostedt@...dmis.org>,
        Viresh Kumar <viresh.kumar@...aro.org>,
        Tejun Heo <tj@...nel.org>, Prarit Bhargava <prarit@...hat.com>,
        Lokesh Vutla <lokeshvutla@...com>,
        Nicholas Piggin <npiggin@...il.com>,
        AKASHI Takahiro <takahiro.akashi@...aro.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "Jason A. Donenfeld" <Jason@...c4.com>
Subject: [PATCH 4.9 013/264] random: do not ignore early device randomness

From: Kees Cook <keescook@...omium.org>

commit ee7998c50c2697737c6530431709f77c852bf0d6 upstream.

The add_device_randomness() function would ignore incoming bytes if the
crng wasn't ready.  This additionally makes sure to make an early enough
call to add_latent_entropy() to influence the initial stack canary,
which is especially important on non-x86 systems where it stays the same
through the life of the boot.

Link: http://lkml.kernel.org/r/20170626233038.GA48751@beast
Signed-off-by: Kees Cook <keescook@...omium.org>
Cc: "Theodore Ts'o" <tytso@....edu>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Ingo Molnar <mingo@...nel.org>
Cc: Jessica Yu <jeyu@...hat.com>
Cc: Steven Rostedt (VMware) <rostedt@...dmis.org>
Cc: Viresh Kumar <viresh.kumar@...aro.org>
Cc: Tejun Heo <tj@...nel.org>
Cc: Prarit Bhargava <prarit@...hat.com>
Cc: Lokesh Vutla <lokeshvutla@...com>
Cc: Nicholas Piggin <npiggin@...il.com>
Cc: AKASHI Takahiro <takahiro.akashi@...aro.org>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
 drivers/char/random.c |    5 +++++
 init/main.c           |    1 +
 2 files changed, 6 insertions(+)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1045,6 +1045,11 @@ void add_device_randomness(const void *b
 	unsigned long time = random_get_entropy() ^ jiffies;
 	unsigned long flags;
 
+	if (!crng_ready()) {
+		crng_fast_load(buf, size);
+		return;
+	}
+
 	trace_add_device_randomness(size, _RET_IP_);
 	spin_lock_irqsave(&input_pool.lock, flags);
 	_mix_pool_bytes(&input_pool, buf, size);
--- a/init/main.c
+++ b/init/main.c
@@ -490,6 +490,7 @@ asmlinkage __visible void __init start_k
 	/*
 	 * Set up the the initial canary ASAP:
 	 */
+	add_latent_entropy();
 	boot_init_stack_canary();
 
 	cgroup_init_early();

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ