Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e33ba5fa authored by Theodore Ts'o's avatar Theodore Ts'o
Browse files

random: fix nasty entropy accounting bug 



Commit 0fb7a01a "random: simplify accounting code", introduced in
v3.15, has a very nasty accounting problem when the entropy pool has
has fewer bytes of entropy than the number of requested reserved
bytes.  In that case, "have_bytes - reserved" goes negative, and since
size_t is unsigned, the expression:

       ibytes = min_t(size_t, ibytes, have_bytes - reserved);

... does not do the right thing.  This is rather bad, because it
defeats the catastrophic reseeding feature in the
xfer_secondary_pool() path.

It also can cause the "BUG: spinlock trylock failure on UP" for some
kernel configurations when prandom_reseed() calls get_random_bytes()
in the early init, since when the entropy count gets corrupted,
credit_entropy_bits() erroneously believes that the nonblocking pool
has been fully initialized (when in fact it is not), and so it calls
prandom_reseed(true) recursively leading to the spinlock BUG.

The logic is *not* the same it was originally, but in the cases where
it matters, the behavior is the same, and the resulting code is
hopefully easier to read and understand.

Fixes: 0fb7a01a "random: simplify accounting code"
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Cc: Greg Price <price@mit.edu>
Cc: stable@vger.kernel.org  #v3.15
parent 1860e379

drivers/char/random.c

+9 −8
Original line number Original line Diff line number Diff line
@@ -979,7 +979,6 @@ static void push_to_pool(struct work_struct *work) 
static size_t account(struct entropy_store *r, size_t nbytes, int min,

static size_t account(struct entropy_store *r, size_t nbytes, int min,

		      int reserved)

		      int reserved)

{

{

	int have_bytes;

	int entropy_count, orig;

	int entropy_count, orig;

	size_t ibytes;

	size_t ibytes;
@@ -988,17 +987,19 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, 
	/* Can we pull enough? */

	/* Can we pull enough? */

retry:

retry:

	entropy_count = orig = ACCESS_ONCE(r->entropy_count);

	entropy_count = orig = ACCESS_ONCE(r->entropy_count);

	have_bytes = entropy_count >> (ENTROPY_SHIFT + 3);

	ibytes = nbytes;

	ibytes = nbytes;

	/* If limited, never pull more than available */

	/* If limited, never pull more than available */

	if (r->limit)

	if (r->limit) {

		ibytes = min_t(size_t, ibytes, have_bytes - reserved);

		int have_bytes = entropy_count >> (ENTROPY_SHIFT + 3);



		if ((have_bytes -= reserved) < 0)

			have_bytes = 0;

		ibytes = min_t(size_t, ibytes, have_bytes);

	}

	if (ibytes < min)

	if (ibytes < min)

		ibytes = 0;

		ibytes = 0;

	if (have_bytes >= ibytes + reserved)

	if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0)

		entropy_count -= ibytes << (ENTROPY_SHIFT + 3);

		entropy_count = 0;

	else

		entropy_count = reserved << (ENTROPY_SHIFT + 3);





	if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)

	if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)

		goto retry;

		goto retry;