Received: by 10.192.165.148 with SMTP id m20csp2519239imm; Sun, 22 Apr 2018 08:43:03 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/bs+p2cXbUjLJVtSQuCcBp/32UMPts57/ehNx4itxFR42Rc1AhisBPAnBxyvZRiiIPzlnc X-Received: by 2002:a17:902:7441:: with SMTP id e1-v6mr17582101plt.169.1524411783841; Sun, 22 Apr 2018 08:43:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524411783; cv=none; d=google.com; s=arc-20160816; b=XIswZD1Dr8pLYrSD4gaojxbQMDuSrG645TSGiJOj3Ck/vVpsuqKGb8npDBz2xB3dAs L4L054l1crN5bsgLaKABwPdZ4UvyjJ9c6RGFQecgo5eLCh3wBjFVeD4oBqdue5mOByHc 1yYowMias/VoLEKlsvUgHc7wtHNztT0465sSTNjZyvFVYZ5o5R2M6/XjPpIXIOYuBErA z0a6fsykkoJOMq7w/yNJ20B2ynQaMivRaZ1cahQiPPPZ8K/xgZC2rACT5w318KreaxfR m54hRRVFP8tNL3tyuVuZU3vsxPJUQFOuIF6SW/81Yt8NwhVIvX7ZJ7miR6sOGbBT9/01 HZYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=qHcmQYOsPr3XIENC5vvAGVbJYArUxL+WI93zVFRuVXY=; b=iSGfZHT7+sfWS3QoRR1xq6TD7RZKP3uoo2YKT8lj8ltSmPTdt9V2uuWVSgU5/BHpU3 2rbkRyyP30Q+5QUv0vF2deW+PfmysC2264HGunVf8dMY2bz4nfN6XIOF7Fmy1p/QmMGu Hzk4cDsR9WZTD5m0Oi8HgVPDFsVta4GlEFs8xAJ3+0buwwkPZJoGQ3Z1X+Veu4RjoGtg CzPez0SYYaFkHyXUQFryP3SP/3relVIuWrSUM+m2jZz5mS2itJnQim64oEaG816mzehK zdyKBj2M8+y0K2/CFeaJkU0ApvYFCKpgFWWLRWRVY6tXOPlRAs4W2GhC0HugX24AcFOY tfQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j33-v6si9932904pld.395.2018.04.22.08.42.50; Sun, 22 Apr 2018 08:43:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755063AbeDVOD1 (ORCPT + 99 others); Sun, 22 Apr 2018 10:03:27 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:49210 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754789AbeDVODX (ORCPT ); Sun, 22 Apr 2018 10:03:23 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 8515C9C; Sun, 22 Apr 2018 14:03:22 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jann Horn , Theodore Tso , stable@kernel.org Subject: [PATCH 4.16 165/196] random: set up the NUMA crng instances after the CRNG is fully initialized Date: Sun, 22 Apr 2018 15:53:05 +0200 Message-Id: <20180422135112.807318417@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180422135104.278511750@linuxfoundation.org> References: <20180422135104.278511750@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Theodore Ts'o commit 8ef35c866f8862df074a49a93b0309725812dea8 upstream. Until the primary_crng is fully initialized, don't initialize the NUMA crng nodes. Otherwise users of /dev/urandom on NUMA systems before the CRNG is fully initialized can get very bad quality randomness. Of course everyone should move to getrandom(2) where this won't be an issue, but there's a lot of legacy code out there. This related to CVE-2018-1108. Reported-by: Jann Horn Fixes: 1e7f583af67b ("random: make /dev/urandom scalable for silly...") Cc: stable@kernel.org # 4.8+ Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -786,6 +786,32 @@ static void crng_initialize(struct crng_ crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; } +#ifdef CONFIG_NUMA +static void numa_crng_init(void) +{ + int i; + struct crng_state *crng; + struct crng_state **pool; + + pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL); + for_each_online_node(i) { + crng = kmalloc_node(sizeof(struct crng_state), + GFP_KERNEL | __GFP_NOFAIL, i); + spin_lock_init(&crng->lock); + crng_initialize(crng); + pool[i] = crng; + } + mb(); + if (cmpxchg(&crng_node_pool, NULL, pool)) { + for_each_node(i) + kfree(pool[i]); + kfree(pool); + } +} +#else +static void numa_crng_init(void) {} +#endif + /* * crng_fast_load() can be called by code in the interrupt service * path. So we can't afford to dilly-dally. @@ -892,6 +918,7 @@ static void crng_reseed(struct crng_stat spin_unlock_irqrestore(&primary_crng.lock, flags); if (crng == &primary_crng && crng_init < 2) { invalidate_batched_entropy(); + numa_crng_init(); crng_init = 2; process_random_ready_list(); wake_up_interruptible(&crng_init_wait); @@ -1729,28 +1756,9 @@ static void init_std_data(struct entropy */ static int rand_initialize(void) { -#ifdef CONFIG_NUMA - int i; - struct crng_state *crng; - struct crng_state **pool; -#endif - init_std_data(&input_pool); init_std_data(&blocking_pool); crng_initialize(&primary_crng); - -#ifdef CONFIG_NUMA - pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL); - for_each_online_node(i) { - crng = kmalloc_node(sizeof(struct crng_state), - GFP_KERNEL | __GFP_NOFAIL, i); - spin_lock_init(&crng->lock); - crng_initialize(crng); - pool[i] = crng; - } - mb(); - crng_node_pool = pool; -#endif return 0; } early_initcall(rand_initialize);