Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6358659ybi;
        Wed, 29 May 2019 06:46:01 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxn+/PoYJM0icH7DJX/Wit+duEfuFk6JXOK1GqNAl877789A2STWhOcpkRo9K5wJpw85LiB
X-Received: by 2002:a17:90a:214f:: with SMTP id a73mr12165624pje.4.1559137560954;
        Wed, 29 May 2019 06:46:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559137560; cv=none;
        d=google.com; s=arc-20160816;
        b=FOsCWNsL4GKOP8G30MaJdg0HChiY2ryNLdbsWIkIKM9Z2t8yfnCvN/MONBn+P4mGud
         MUMcvd02+husCfVarP8M3QaZe454UG2MdjOkFkG6aU2IC8aOn4plqwcwoszrdsryx1Gq
         /NShJPMpjNkBs9H351anvpCIFjt5zhGpwbI+V6M+XZ7ajPqzQ3PR9nrzEaY8LMiEMqwH
         oAFlUuBQWpWmpmYN/j7hOZQAPh8XPBoobmsQ1UYcbv5RK1CoSmpILHvJcvkCgiUD03lv
         f6aWS0kFky/H6wiyRV2lZGOCnLSFKNIPy6/ghijqudYI6YDfu0EkTnR1j48aXxlf6nNv
         fzLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=U5NjlR1QE3kZDK+gHpO19LGg/cou7M6OMrKI16MC8Gg=;
        b=Jbz2xpQramuqJtB2J23tiCSvQn+EtChu0B7Y0IwU68CnE9to7OZ45eNAvNfrXv9NXg
         FF6xLgJ6m1xTBwkqRVMeS2VTxwdcqYaHMpwcNVuWjor0Yt4V27ED9+dyIfZa3gDFXd/I
         Cw43aZzKGw+ZEOhle813Tf7Q2bXY92cRSHn+UrmzsD95y6BOBHvUqU6QMxbU+0QM4gcf
         I/wLyO/Qj6KYnjV3yXy58/EhPNyQ3xaEMZZ2It16Tcw/qYEWYWGU7n1nbU48mzC6RXJ1
         K4jqbTEbH144ZWx6aScg3ag091Yr61c+m9b8VCJafmFkAfPFYqh4/jPYVZ2XcjWpwHA4
         yPpg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id ay1si24313946plb.96.2019.05.29.06.45.44;
        Wed, 29 May 2019 06:46:00 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727353AbfE2Nnh (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Wed, 29 May 2019 09:43:37 -0400
Received: from charlotte.tuxdriver.com ([70.61.120.58]:48400 "EHLO
        smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726702AbfE2Nng (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 May 2019 09:43:36 -0400
Received: from cpe-2606-a000-111b-405a-0-0-0-162e.dyn6.twc.com ([2606:a000:111b:405a::162e] helo=localhost)
        by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256)
        (Exim 4.63)
        (envelope-from <nhorman@tuxdriver.com>)
        id 1hVyqZ-0000lu-Gj; Wed, 29 May 2019 09:43:34 -0400
Date:   Wed, 29 May 2019 09:42:00 -0400
From:   Neil Horman <nhorman@tuxdriver.com>
To:     linux-kernel@vger.kernel.org
Cc:     Steve Grubb <sgrubb@redhat.com>, Theodore Ts'o <tytso@mit.edu>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] Fix xoring of arch_get_random_long into crng->state array
Message-ID: <20190529134200.GA31099@hmswarspite.think-freely.org>
References: <20190402220025.14499-1-nhorman@tuxdriver.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190402220025.14499-1-nhorman@tuxdriver.com>
User-Agent: Mutt/1.11.3 (2019-02-01)
X-Spam-Score: -2.9 (--)
X-Spam-Status: No
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 02, 2019 at 06:00:25PM -0400, Neil Horman wrote:
> When _crng_extract is called, any arch that has a registered
> arch_get_random_long method, attempts to mix an unsigned long value into
> the crng->state buffer, it only mixes in 32 of the 64 bits available,
> because the state buffer is an array of u32 values, even though 2 u32
> are expected to be filled (owing to the fact that it expects indexes 14
> and 15 to be filled).
> 
> Bring the expected behavior into alignment by casting index 14 to an
> unsignled long pointer, and xoring that in instead.
> 
> Tested successfully by myself
> 
> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
> Reported-by: Steve Grubb <sgrubb@redhat.com>
> CC: "Theodore Ts'o" <tytso@mit.edu>
> CC: Arnd Bergmann <arnd@arndb.de>
> CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/char/random.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 38c6d1af6d1c..8178618458ac 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -975,14 +975,16 @@ static void _extract_crng(struct crng_state *crng,
>  			  __u8 out[CHACHA_BLOCK_SIZE])
>  {
>  	unsigned long v, flags;
> -
> +	unsigned long *archrnd;
>  	if (crng_ready() &&
>  	    (time_after(crng_global_init_time, crng->init_time) ||
>  	     time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
>  		crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
>  	spin_lock_irqsave(&crng->lock, flags);
> -	if (arch_get_random_long(&v))
> -		crng->state[14] ^= v;
> +	if (arch_get_random_long(&v)) {
> +		archrnd = (unsigned long *)&crng->state[14];
> +		*archrnd ^= v;
> +	}
>  	chacha20_block(&crng->state[0], out);
>  	if (crng->state[12] == 0)
>  		crng->state[13]++;
> -- 
> 2.20.1
> 
> 

Ping, Arnd, Ted, Greg, any comment here?
Neil