Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7a94af6 authored by Jason A. Donenfeld's avatar Jason A. Donenfeld Committed by Greg Kroah-Hartman
Browse files

random: make credit_entropy_bits() always safe 



commit a49c010e61e1938be851f5e49ac219d49b704103 upstream.

This is called from various hwgenerator drivers, so rather than having
one "safe" version for userspace and one "unsafe" version for the
kernel, just make everything safe; the checks are cheap and sensible to
have anyway.

Reported-by: default avatarSultan Alsawaf <sultan@kerneltoast.com>
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 75ec1afb

drivers/char/random.c

+9 −20
Original line number Diff line number Diff line
@@ -448,18 +448,15 @@ static void process_random_ready_list(void) 
	spin_unlock_irqrestore(&random_ready_list_lock, flags);

}



/*

 * Credit (or debit) the entropy store with n bits of entropy.

 * Use credit_entropy_bits_safe() if the value comes from userspace

 * or otherwise should be checked for extreme values.

 */

static void credit_entropy_bits(int nbits)

{

	int entropy_count, orig;



	if (!nbits)

	if (nbits <= 0)

		return;



	nbits = min(nbits, POOL_BITS);



	do {

		orig = READ_ONCE(input_pool.entropy_count);

		entropy_count = min(POOL_BITS, orig + nbits);
@@ -471,18 +468,6 @@ static void credit_entropy_bits(int nbits) 
		crng_reseed(&primary_crng, true);

}



static int credit_entropy_bits_safe(int nbits)

{

	if (nbits < 0)

		return -EINVAL;



	/* Cap the value to avoid overflows */

	nbits = min(nbits, POOL_BITS);



	credit_entropy_bits(nbits);

	return 0;

}



/*********************************************************************

 *

 * CRNG using CHACHA20
@@ -1577,7 +1562,10 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) 
			return -EPERM;

		if (get_user(ent_count, p))

			return -EFAULT;

		return credit_entropy_bits_safe(ent_count);

		if (ent_count < 0)

			return -EINVAL;

		credit_entropy_bits(ent_count);

		return 0;

	case RNDADDENTROPY:

		if (!capable(CAP_SYS_ADMIN))

			return -EPERM;
@@ -1590,7 +1578,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) 
		retval = write_pool((const char __user *)p, size);

		if (retval < 0)

			return retval;

		return credit_entropy_bits_safe(ent_count);

		credit_entropy_bits(ent_count);

		return 0;

	case RNDZAPENTCNT:

	case RNDCLEARPOOL:

		/*