lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240825144758.325298-1-yann@droneaud.fr>
Date: Sun, 25 Aug 2024 16:47:50 +0200
From: Yann Droneaud <yann@...neaud.fr>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Yann Droneaud <yann@...neaud.fr>,
	linux-kernel@...r.kernel.org,
	linux-crypto@...r.kernel.org,
	linux-api@...r.kernel.org,
	Theodore Ts'o  <tytso@....edu>,
	Andy Lutomirski <luto@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Vincenzo Frascino <vincenzo.frascino@....com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Adhemerval Zanella Netto <adhemerval.zanella@...aro.org>,
	Carlos O'Donell <carlos@...hat.com>,
	Florian Weimer <fweimer@...hat.com>,
	Arnd Bergmann <arnd@...db.de>,
	Jann Horn <jannh@...gle.com>,
	Christian Brauner <brauner@...nel.org>,
	David Hildenbrand <dhildenb@...hat.com>
Subject: [PATCH] random: vDSO getrandom() must reject invalid flag

Like getrandom() syscall, vDSO getrandom() must not let
unknown flags unnoticed [1].

It could be possible to return -EINVAL from vDSO, but
in the likely case a new flag is added to getrandom()
syscall in the future, it would be nicer to get the
behavior from the syscall, instead of an error until
the vDSO is extended to support the new flag.

[1] Designing the API: Planning for Extension
    https://docs.kernel.org/process/adding-syscalls.html#designing-the-api-planning-for-extension

Signed-off-by: Yann Droneaud <yann@...neaud.fr>
---
 lib/vdso/getrandom.c | 4 ++++
 1 file changed, 4 insertions(+)

Hi Jason,

Please indulge me as I'm a bit late to add some junk to the conversation[2].

[2] Re: [RFC PATCH 0/4] random: a simple vDSO mechanism for reseeding userspace CSPRNGs
    https://lore.kernel.org/all/CAHmME9oXB8=jUz98tv6k1xS+ELaRmgartoT6go_1axhH1L-HJg@mail.gmail.com/

Bye.

diff --git a/lib/vdso/getrandom.c b/lib/vdso/getrandom.c
index b230f0b10832..be9db42c8309 100644
--- a/lib/vdso/getrandom.c
+++ b/lib/vdso/getrandom.c
@@ -89,6 +89,10 @@ __cvdso_getrandom_data(const struct vdso_rng_data *rng_info, void *buffer, size_
 	if (unlikely(opaque_len != sizeof(*state)))
 		goto fallback_syscall;
 
+	/* Unexpected flags are to be handled by the kernel */
+	if (unlikely(flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)))
+		goto fallback_syscall;
+
 	/*
 	 * If the kernel's RNG is not yet ready, then it's not possible to provide random bytes from
 	 * userspace, because A) the various @flags require this to block, or not, depending on
-- 
2.46.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ