Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6519655ybi;
        Wed, 29 May 2019 09:00:02 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyYBgs4gFd/97Wh2H1vwOJkACnWiI7N0LcoxekrSSvEKOi5sMFQwizUNZpv06xIM0ZZvJr7
X-Received: by 2002:a63:9dc8:: with SMTP id i191mr138013318pgd.91.1559145602083;
        Wed, 29 May 2019 09:00:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559145602; cv=none;
        d=google.com; s=arc-20160816;
        b=ymG9fcBLEN7UJZ1wKq8q7ZhKIIAwDmDBGhYLvPQQjYzH1XxR2ZGRBTtpgWd5XOP7vz
         fYfQqiRw9WqiDWirNuXlfsjLlxj1/J5ZuOiCiFaQPYztSPlMlf3GYVWUBM+iis+0Ld2H
         FCn5J5qhGoAaloImbiApeSiqalywTql9EswH+nNFn4meMz+a/klI67dbrDvTvuxfEbeT
         VYMkwXeNvMY2BRtpfyU1R2DK2cs6W2IwCu5fKyh3LJXzCCc6EtiwCJmLnbBiaRKXgnO5
         y+QDG/307RCtaWDw1VeX959dFeqV/ts6W/HGnPUVIqBT8nrnKHglsMoVbO8yp+zFoiW3
         Is1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :content-language:accept-language:in-reply-to:references:message-id
         :date:thread-index:thread-topic:subject:cc:to:from;
        bh=rp8RmzpYDpYSWIsaSGh9xRs/ltzYXNFwhKNI9QuwHpE=;
        b=QbWcaGZOulGZaNJ7vN1zpF3Gpuo8tn3t5NYwp7SWTz749ALNfngAMTM1Mg9ZWn1N6A
         /9EyklZ16mv/pmdS+JKbniJ+lyTjS/llkigG9HXE5WD09nHQEC3nbb3eJxln3NP5oRQh
         CvoGYfcLO5G22aQQpyr+7lksMgYpgNTn3FxOfLijP6xcKgxy0a1DOkNyKV6W3EFcRSBk
         5boAazhVwTo79d0ECyNofCo3nFi3xH4/Ld07v+0FSa0mBOSDnXYWUa7fV5TW4wB2OeAG
         cdKlxrhQBwWu8CM8BUgJj8qq9jFRM5KJwmpt7e6FImPHiOwdV+2DGyHPibqBhTaRD9eh
         dzUw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t18si15818710plr.5.2019.05.29.08.59.44;
        Wed, 29 May 2019 09:00:02 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726699AbfE2P5L convert rfc822-to-8bit (ORCPT
        <rfc822;learnos2017@gmail.com> + 99 others);
        Wed, 29 May 2019 11:57:11 -0400
Received: from eu-smtp-delivery-151.mimecast.com ([207.82.80.151]:58474 "EHLO
        eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726330AbfE2P5L (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 May 2019 11:57:11 -0400
Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-44-DsTTXp3NMOGiB7xDBxoT-w-1; Wed, 29 May 2019 16:57:08 +0100
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP
 Server (TLS) id 15.0.1347.2; Wed, 29 May 2019 16:57:07 +0100
Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by
 AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000;
 Wed, 29 May 2019 16:57:07 +0100
From:   David Laight <David.Laight@ACULAB.COM>
To:     'Neil Horman' <nhorman@tuxdriver.com>
CC:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Steve Grubb <sgrubb@redhat.com>, Theodore Ts'o <tytso@mit.edu>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: RE: [PATCH] Fix xoring of arch_get_random_long into crng->state array
Thread-Topic: [PATCH] Fix xoring of arch_get_random_long into crng->state
 array
Thread-Index: AQHVFiSGW6uE5jAIekyknyRep1UK46aCHqcQgAARLgCAABHlkA==
Date:   Wed, 29 May 2019 15:57:07 +0000
Message-ID: <a3b2a53687004601873914931e9ee75a@AcuMS.aculab.com>
References: <20190402220025.14499-1-nhorman@tuxdriver.com>
 <20190529134200.GA31099@hmswarspite.think-freely.org>
 <f13de0f3159a478796a8fe6c34dc00ce@AcuMS.aculab.com>
 <20190529155156.GB31099@hmswarspite.think-freely.org>
In-Reply-To: <20190529155156.GB31099@hmswarspite.think-freely.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
X-MC-Unique: DsTTXp3NMOGiB7xDBxoT-w-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Neil Horman [mailto:nhorman@tuxdriver.com]
> Sent: 29 May 2019 16:52
> On Wed, May 29, 2019 at 01:51:24PM +0000, David Laight wrote:
> > From: Neil Horman
> > > Sent: 29 May 2019 14:42
> > > On Tue, Apr 02, 2019 at 06:00:25PM -0400, Neil Horman wrote:
> > > > When _crng_extract is called, any arch that has a registered
> > > > arch_get_random_long method, attempts to mix an unsigned long value into
> > > > the crng->state buffer, it only mixes in 32 of the 64 bits available,
> > > > because the state buffer is an array of u32 values, even though 2 u32
> > > > are expected to be filled (owing to the fact that it expects indexes 14
> > > > and 15 to be filled).
> > > >
> > > > Bring the expected behavior into alignment by casting index 14 to an
> > > > unsignled long pointer, and xoring that in instead.
> > ...
> > > > diff --git a/drivers/char/random.c b/drivers/char/random.c
> > > > index 38c6d1af6d1c..8178618458ac 100644
> > > > --- a/drivers/char/random.c
> > > > +++ b/drivers/char/random.c
> > > > @@ -975,14 +975,16 @@ static void _extract_crng(struct crng_state *crng,
> > > >  			  __u8 out[CHACHA_BLOCK_SIZE])
> > > >  {
> > > >  	unsigned long v, flags;
> > > > -
> > > > +	unsigned long *archrnd;
> > > >  	if (crng_ready() &&
> > > >  	    (time_after(crng_global_init_time, crng->init_time) ||
> > > >  	     time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
> > > >  		crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
> > > >  	spin_lock_irqsave(&crng->lock, flags);
> > > > -	if (arch_get_random_long(&v))
> > > > -		crng->state[14] ^= v;
> > > > +	if (arch_get_random_long(&v)) {
> > > > +		archrnd = (unsigned long *)&crng->state[14];
> > > > +		*archrnd ^= v;
> > > > +	}
> >
> > Isn't that likely to generate a misaligned memory access?
> >
> I'm not quite sure how it would, crng->state is an array of _u32's, and so every
> even element should be on a 64 bit boundary.

Only if the first item is aligned....
Add a u32 before it and you'll probably flip the alignment.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)