Received: by 10.192.165.148 with SMTP id m20csp3116223imm; Mon, 23 Apr 2018 00:23:53 -0700 (PDT) X-Google-Smtp-Source: AIpwx49BVvI+HpWLpIsKnMqZdmmZnF41IDIerL+NRUhsFlR/VxEr3QZFlt1z598JeFNZvwLzzDl7 X-Received: by 2002:a17:902:6e08:: with SMTP id u8-v6mr19555969plk.96.1524468233239; Mon, 23 Apr 2018 00:23:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524468233; cv=none; d=google.com; s=arc-20160816; b=amjxlU6T4CoDWUdgNjy36T9fF2MEb7pIP54aYYRxE5BIPeEmZvmJ7e9WO4eIcV6Vhg HfIYBW9ANq/S3psfNBhKKpiLuhBLR+o1pmLI2eYo0iSYKn6ur/RQJEZmYdmqFXF5rSnz g84+VVPEnnT3+6hKTj2Bxl1swmnIcTIMwhvS/Mtn+O84j2mgZ3ME7Q7wN6EoC0RAQa3g EiFTNxyC5vGHgNDC7voFMYb+JPwKy9Mcpy+j+LAJ9HhT9jPL8ZWWnGaVHvtE5fm4CpSS YeqYnuUoxK8FfEfr6QLOLSfXmutl3KdWipU+uwbpeWY2+p//zNG4T84bwYqJpVBcWTKp uP1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=bxICzaivY7Awii8QG4TVRdm4R3A40HQ65RsO2TkkhlI=; b=06F5mChNHkK8q9UZ6nozqGx226Y7P9372fl2pGUejthYRidQfbjvXRlF/On1OAr60a 60Sun1bxPH1CUJE3Ofh2OQmNdY0mDHK7dBfFJnwLVqOCy4ua9Ue9qlmp4SrCriEEFmDT 2bp4/XjIY7iH1fkKYR68AIdBU8yR9GnMKs4nbbAl09edNl/e29CUzZt6NJupKnGmZDOl gsHTw0ZXz0UrYUBBddrgXuzfIgnqjnV8Hr/WEksG4RYqeEUfTnTNePyjtUr11DXBZIRF bR6RL6PDd2GDdlM8SU4HjGVfq7RsMBmgYuPpNoR1cCZlZEgXcp0BUIvh6vFzkFYLJJyH +hqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=PVrwKLB/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f59-v6si9652460plb.106.2018.04.23.00.23.38; Mon, 23 Apr 2018 00:23:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=PVrwKLB/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754100AbeDWHV5 (ORCPT + 99 others); Mon, 23 Apr 2018 03:21:57 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:36302 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751404AbeDWHVx (ORCPT ); Mon, 23 Apr 2018 03:21:53 -0400 Received: by mail-wr0-f196.google.com with SMTP id u18-v6so10908366wrg.3; Mon, 23 Apr 2018 00:21:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=bxICzaivY7Awii8QG4TVRdm4R3A40HQ65RsO2TkkhlI=; b=PVrwKLB/WgnvgR6DRDIDXuzo5uFNkiCgwlv1QXFYEC+sm6ixEdw78+zpPUP2x9m/HZ ZdxOZ7xkf/GcVFyR3GfnMfu+cKBGWrbzKU7RBeHkeytFsmIaZdfU0egAXVQDeYntIS16 UmwlQzhYMsQrsMGHtx1O3JPqPn0QdxZ5DyufsPO5b6bbd5ECU6v1N+dDiAUESGeSc4sE kyfN3A1cB3cBx68sn02dpJOyW/Sn3Zbo/Tlmu2v/wFHA1XbbxrBlQnXR4/YuQtFfziGa O61HHh91dbara3Vd4ZMS1RDYfAaZ0tGU0CrE5zcCV/o+jeL9RJBJ6+bCOkaXGmIvLyV9 n8Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=bxICzaivY7Awii8QG4TVRdm4R3A40HQ65RsO2TkkhlI=; b=GdbBbCq5qhDVSwonlP4S0dZ2Q0yt0JS7DQugXQ6um9N3/WwWJdS+2dPWFJbdAJ7fvM QIWeJz9ZRNcmYAkDO6XroRPY+ylXY41M6GqoSMCBGkgu2OAYezBl9c1P0YRVhtB5U2Jt IK1+zsXvEZ8M97BMWx+U6s2zCns89JMtp0fG0n/CWz+dqMVR6+UzjyU9SF4QZVaoxUM0 YKvc792Ai2wgcvvAIlBznKgNVKuXhOCNZyxc21/+xVl9kmHnqFVrqjQnir5JwWveLvE2 HN9yXOJC/Ko8FhiIlfsXTKJhdYx2xn1mUQhFzR2q0lChXd4CymTpFeShAfcLU4DQLhig uIJQ== X-Gm-Message-State: ALQs6tCyfd1reX+tyq3gU30YG/bs/RyZ6uWrkYAE5bFT/EsoHL7M8fdP fV7ukFVFuVxFFNII3fRPkhU= X-Received: by 10.80.179.230 with SMTP id t35mr26773519edd.173.1524468112411; Mon, 23 Apr 2018 00:21:52 -0700 (PDT) Received: from lorien (lorien.valinor.li. [2a01:4f8:192:61d5::2]) by smtp.gmail.com with ESMTPSA id l91sm7460087ede.50.2018.04.23.00.21.48 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 23 Apr 2018 00:21:48 -0700 (PDT) Date: Mon, 23 Apr 2018 09:21:48 +0200 From: Salvatore Bonaccorso To: Ben Hutchings , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, Theodore Tso Cc: stable@vger.kernel.org, Jann Horn , stable@kernel.org Subject: Re: [PATCH 4.9 75/95] random: set up the NUMA crng instances after the CRNG is fully initialized Message-ID: <20180423072148.jbnd2dodf47ffwej@lorien.valinor.li> References: <20180422135210.432103639@linuxfoundation.org> <20180422135213.491879480@linuxfoundation.org> <49fa7d5f484a06f02946afec0688c33849e018de.camel@decadent.org.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="cgtqqot7eikssngs" Content-Disposition: inline In-Reply-To: <49fa7d5f484a06f02946afec0688c33849e018de.camel@decadent.org.uk> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --cgtqqot7eikssngs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi On Sun, Apr 22, 2018 at 11:28:52PM +0100, Ben Hutchings wrote: > On Sun, 2018-04-22 at 15:53 +0200, Greg Kroah-Hartman wrote: > > 4.9-stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Theodore Ts'o > > > > commit 8ef35c866f8862df074a49a93b0309725812dea8 upstream. > > > > Until the primary_crng is fully initialized, don't initialize the NUMA > > crng nodes. Otherwise users of /dev/urandom on NUMA systems before > > the CRNG is fully initialized can get very bad quality randomness. Of > > course everyone should move to getrandom(2) where this won't be an > > issue, but there's a lot of legacy code out there. This related to > > CVE-2018-1108. > > > > Reported-by: Jann Horn > > Fixes: 1e7f583af67b ("random: make /dev/urandom scalable for silly...") > > Cc: stable@kernel.org # 4.8+ > > Signed-off-by: Theodore Ts'o > > Signed-off-by: Greg Kroah-Hartman > > In 4.9 (and probably older branches too) this leads to a deadlock: > > crng_reseed(primary_crng, ...) takes primary_crng.lock > -> numa_rcng_init() > -> crng_initialize() > -> get_random_bytes() > -> extract_crng() > -> _extract_crng(primary_crng, ...) tries to take primary_crng.lock > > I think this can be fixed by backporting commit 4a072c71f49b > "random: silence compiler warnings and fix race" but I'm not sure > whether that depends on other changes. That is, the following test patch on top of the 4.9-stable review queue seem to resolve the issue. The commit message of the original commit 4a072c71f49b0a0e495ea13423bdb850da73c58c would though not match anymore. Regards, Salvatore --cgtqqot7eikssngs Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="random-silence-compiler-warnings-and-fix-race.patch" From: "Jason A. Donenfeld" Date: Thu, 15 Jun 2017 00:45:26 +0200 Subject: random: silence compiler warnings and fix race Origin: https://git.kernel.org/linus/4a072c71f49b0a0e495ea13423bdb850da73c58c Odd versions of gcc for the sh4 architecture will actually warn about flags being used while uninitialized, so we set them to zero. Non crazy gccs will optimize that out again, so it doesn't make a difference. Next, over aggressive gccs could inline the expression that defines use_lock, which could then introduce a race resulting in a lock imbalance. By using READ_ONCE, we prevent that fate. Finally, we make that assignment const, so that gcc can still optimize a nice amount. Finally, we fix a potential deadlock between primary_crng.lock and batched_entropy_reset_lock, where they could be called in opposite order. Moving the call to invalidate_batched_entropy to outside the lock rectifies this issue. Fixes: b169c13de473a85b3c859bb36216a4cb5f00a54a Signed-off-by: Jason A. Donenfeld Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org [Salvatore Bonaccorso: backport to 4.9: context changes, only apply change to address potential deadlock] --- drivers/char/random.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) Index: linux-stable/drivers/char/random.c =================================================================== --- linux-stable.orig/drivers/char/random.c +++ linux-stable/drivers/char/random.c @@ -810,12 +810,12 @@ static int crng_fast_load(const char *cp p[crng_init_cnt % CHACHA20_KEY_SIZE] ^= *cp; cp++; crng_init_cnt++; len--; } + spin_unlock_irqrestore(&primary_crng.lock, flags); if (crng_init_cnt >= CRNG_INIT_CNT_THRESH) { crng_init = 1; wake_up_interruptible(&crng_init_wait); pr_notice("random: fast init done\n"); } - spin_unlock_irqrestore(&primary_crng.lock, flags); return 1; } @@ -873,6 +873,7 @@ static void crng_reseed(struct crng_stat } memzero_explicit(&buf, sizeof(buf)); crng->init_time = jiffies; + spin_unlock_irqrestore(&crng->lock, flags); if (crng == &primary_crng && crng_init < 2) { numa_crng_init(); crng_init = 2; @@ -880,7 +881,6 @@ static void crng_reseed(struct crng_stat wake_up_interruptible(&crng_init_wait); pr_notice("random: crng init done\n"); } - spin_unlock_irqrestore(&crng->lock, flags); } static inline void maybe_reseed_primary_crng(void) --cgtqqot7eikssngs--