Received: by 2002:ac2:464d:0:0:0:0:0 with SMTP id s13csp2002509lfo; Sat, 28 May 2022 13:27:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw64cK6WMIRs8RuKQ8KK27wX18baDsCvu0pf08vAtzv8gn0H1YERW7AbsCNw0j26OMW7o8Z X-Received: by 2002:a62:7b4f:0:b0:518:26e1:d77a with SMTP id w76-20020a627b4f000000b0051826e1d77amr49371202pfc.68.1653769647619; Sat, 28 May 2022 13:27:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653769647; cv=none; d=google.com; s=arc-20160816; b=JBwDrs1RlMKEV/oRD3wPMNpJcDdnCYefpmQcIcx6ah8yD1Hy7XnflPOv5W2TLdJ+iP 1aTxASyGN6jKLZM9TIWwMiW09/8BYVwlZdTaTMd9jerxh61UpNclaoavD1DIv6R82rLD cbYd7zuOOQgikR95+HJRIqC1SVsZ6Ex8jeKTouIaGLgXJ9uIKpjROASNUMtU3bzRWvkc jSUNMAEPtPzcDq1NO0QKKVKO0FPhBaDr+BCtQUhjFWF+0y/5Auco6pxeau7qYNX1219S U3zov1lHv0STnEKuMVkiaHOfJj4JNkCgQXfTgmbVD9xAlscQb5tqgxuLTcVNWX1rft9Q /7BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=0CqpeDmTSykRXC40Cnv/28DFDKXHdcsq+7ZRPReaKrQ=; b=AMt1Rzi4B91GkYSDgzfoFpExr1o8xRIxvDXmhhqcHWLXzUUlntVElGpriUlC16TstL bqoJCxGC5oHaXNfoCIVIbYCg0ce8gP4s8tZc/15+zIhllus4qEKA0NLVEe9F2LrlXpIp L+1qBvTa6nOghAv+j/dYiKWqrChNUch60V1tjREax5y4/j61/NlP92MeeZ75XTWmJIh8 2kzxDIHDJgpx/RCMWbpSVnQh812H2K8PeeI+d+Olt3o3chC+CvVX7TWFw2EEZ7jHqmp3 0GUHbkICidTjUJ0z+Ov68uTYUKiIx73JDk8FvqtiDScjgOsXCe/c3d1WIxNAQyDXqRQ7 I6eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=BQezBE2J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id q17-20020a056a00089100b0051072f6d074si12216419pfj.138.2022.05.28.13.27.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 May 2022 13:27:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=BQezBE2J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A4B8F19322E; Sat, 28 May 2022 12:35:04 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352217AbiE0Lw4 (ORCPT + 99 others); Fri, 27 May 2022 07:52:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352042AbiE0Lsj (ORCPT ); Fri, 27 May 2022 07:48:39 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECA9314CA10; Fri, 27 May 2022 04:43:50 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3197B61D46; Fri, 27 May 2022 11:43:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B442C385A9; Fri, 27 May 2022 11:43:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1653651829; bh=vTKQqfjX4F70+FXW6akEB42FGx0gbfSWX/LAI81xnYI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BQezBE2J3DCjn6bhiBf4hGHs2TzvnT5a57tM2hV+CCOAzGAQFiZ37ziCLC7d7Skoa pP0LYjj43hS/C6EO2eAWwL6fDXz4iTMxI6F6xwSZ1rM0ppaLtLOjcE9AVD2jE8CoAX cCZb8H6oehapT9sOg76W2nSXbkdRLhrONOiNmQ8w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sultan Alsawaf , Eric Biggers , Dominik Brodowski , "Jason A. Donenfeld" Subject: [PATCH 5.15 042/145] random: make credit_entropy_bits() always safe Date: Fri, 27 May 2022 10:49:03 +0200 Message-Id: <20220527084855.991765846@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220527084850.364560116@linuxfoundation.org> References: <20220527084850.364560116@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Jason A. Donenfeld" commit a49c010e61e1938be851f5e49ac219d49b704103 upstream. This is called from various hwgenerator drivers, so rather than having one "safe" version for userspace and one "unsafe" version for the kernel, just make everything safe; the checks are cheap and sensible to have anyway. Reported-by: Sultan Alsawaf Reviewed-by: Eric Biggers Reviewed-by: Dominik Brodowski Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -447,18 +447,15 @@ static void process_random_ready_list(vo spin_unlock_irqrestore(&random_ready_list_lock, flags); } -/* - * Credit (or debit) the entropy store with n bits of entropy. - * Use credit_entropy_bits_safe() if the value comes from userspace - * or otherwise should be checked for extreme values. - */ static void credit_entropy_bits(int nbits) { int entropy_count, orig; - if (!nbits) + if (nbits <= 0) return; + nbits = min(nbits, POOL_BITS); + do { orig = READ_ONCE(input_pool.entropy_count); entropy_count = min(POOL_BITS, orig + nbits); @@ -470,18 +467,6 @@ static void credit_entropy_bits(int nbit crng_reseed(&primary_crng, true); } -static int credit_entropy_bits_safe(int nbits) -{ - if (nbits < 0) - return -EINVAL; - - /* Cap the value to avoid overflows */ - nbits = min(nbits, POOL_BITS); - - credit_entropy_bits(nbits); - return 0; -} - /********************************************************************* * * CRNG using CHACHA20 @@ -1526,7 +1511,10 @@ static long random_ioctl(struct file *f, return -EPERM; if (get_user(ent_count, p)) return -EFAULT; - return credit_entropy_bits_safe(ent_count); + if (ent_count < 0) + return -EINVAL; + credit_entropy_bits(ent_count); + return 0; case RNDADDENTROPY: if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -1539,7 +1527,8 @@ static long random_ioctl(struct file *f, retval = write_pool((const char __user *)p, size); if (retval < 0) return retval; - return credit_entropy_bits_safe(ent_count); + credit_entropy_bits(ent_count); + return 0; case RNDZAPENTCNT: case RNDCLEARPOOL: /*