Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1771729pxb; Sat, 30 Oct 2021 23:37:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzAL8rN2GhLP9IKI2jSMTqc+USbLZTFhZX5HiAfnUoNjqe+zOgIjuQDI4t/cLzAvmtAyaPn X-Received: by 2002:a17:906:258d:: with SMTP id m13mr27656478ejb.208.1635662269103; Sat, 30 Oct 2021 23:37:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635662269; cv=none; d=google.com; s=arc-20160816; b=s6YuHRAbKthL8sTX6M3+7tHwbJ4+egG7giEoKigIuJeSXqQZNmX923FTSeAuQR3HqL a1dcJK14L9cV/p5TtXNw1JhR4rdBVeVxRJtinPRrEhZIUi6m70fh8HgddC2Nvp0ri9nV bH652wIFvZF2g9QQm7QAcRPQQhK1aSh4ioUeHOQWRt9LvjvGauTqJsEUtFx+pg1VM4o9 7uIS52F9powGSqAxvAE859PzWen02mz0Aqc4z058TpC8cWXJ5I/jdsAZTDGudOBlEGim AdR7thTPuJLgF6RQ7yBAlxuNlHjTeslyEO67ClJ8lRLiMi+L5oHhA4PyQYriftTtbO7O We+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=3VDySqGXPTJscbv48pzQNLUtTs1jTuMchMM64oFe+z8=; b=Vo39A4ZFgSaDl0QBEC7wXiOiterRZ+mcQSbrs/rgTPucWyxmhn8tlEWP/6eHssjysB MhylQysrxozHqTq8jitAOEwW7nFggInGqY1PCCkuwTTrUo6CSmfIbaCVdN+0PeiBIfPC ZIqSgJ+w5qw/znPthe+YAnRl/PzOCe810LeDO2us2CI46C40TexYcv7XohQPh24uOlop FDbA/6ObPKFoZm18Mvw+KSAW02//RcFfuUFvWODVgsQIskZahMwo+8hMN8X8/pgu4hCt AsymLW7+XKkk89gpprhlEnxzIKhgP0UcS8XNml8YhiQCg7nYLJk5fAqeQwoMU7VwQwKz lXQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id sg12si26641431ejc.729.2021.10.30.23.36.59; Sat, 30 Oct 2021 23:37:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229934AbhJaGeJ (ORCPT + 99 others); Sun, 31 Oct 2021 02:34:09 -0400 Received: from isilmar-4.linta.de ([136.243.71.142]:49048 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229638AbhJaGeI (ORCPT ); Sun, 31 Oct 2021 02:34:08 -0400 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from light.dominikbrodowski.net (brodo.linta [10.2.0.102]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 19BA0201306; Sun, 31 Oct 2021 06:31:36 +0000 (UTC) Received: by light.dominikbrodowski.net (Postfix, from userid 1000) id AB13520157; Sun, 31 Oct 2021 07:30:36 +0100 (CET) Date: Sun, 31 Oct 2021 07:30:36 +0100 From: Dominik Brodowski To: tytso@mit.edu Cc: "Ivan T. Ivanov" , Ard Biesheuvel , Bhupesh Sharma , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] random: fix crash on multiple early calls to add_bootloader_randomness() Message-ID: References: <20211012082708.121931-1-iivanov@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If add_bootloader_randomness() or add_hwgenerator_randomness() is called for the first time during early boot, crng_init equals 0. Then, crng_fast_load() gets called -- which is safe to do even if the input pool is not yet properly set up. If the added entropy suffices to increase crng_init to 1, future calls to add_bootloader_randomness() or add_hwgenerator_randomness() used to progress to credit_entropy_bits(). However, if the input pool is not yet properly set up, the cmpxchg call within that function can lead to an infinite recursion. This is not only a hypothetical problem, as qemu on x86 may provide bootloader entropy via EFI and via devicetree. As crng_global_init_time is set to != 0 once the input pool is properly set up, check (also) for this condition to determine which branch to take. Calls to crng_fast_load() do not modify the input pool; therefore, the entropy_count for the input pool must not be modified at that early stage. Reported-and-tested-by: Ivan T. Ivanov Fixes: 18b915ac6b0a ("efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness") Signed-off-by: Dominik Brodowski diff --git a/drivers/char/random.c b/drivers/char/random.c index 605969ed0f96..4211ff3092f9 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1763,8 +1763,8 @@ static void __init init_std_data(struct entropy_store *r) } /* - * Note that setup_arch() may call add_device_randomness() - * long before we get here. This allows seeding of the pools + * add_device_randomness() or add_bootloader_randomness() may be + * called long before we get here. This allows seeding of the pools * with some platform dependent data very early in the boot * process. But it limits our options here. We must use * statically allocated structures that already have all @@ -2274,7 +2274,12 @@ void add_hwgenerator_randomness(const char *buffer, size_t count, { struct entropy_store *poolp = &input_pool; - if (unlikely(crng_init == 0)) { + /* We cannot do much with the input pool until it is set up in + * rand_initalize(); therefore just mix into the crng state. + * As this does not affect the input pool, we cannot credit + * entropy for this. + */ + if (unlikely(crng_init == 0) || unlikely(crng_global_init_time == 0)) { crng_fast_load(buffer, count); return; }