Received: by 2002:ac2:464d:0:0:0:0:0 with SMTP id s13csp2002595lfo;
        Sat, 28 May 2022 13:27:49 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzuxZKzUFavbGaXyt/5ZZwwcAyPh1pFUpFJUhzOhaWXnYN3s0kbuH3ykhfRyX7jKdZ4R0w8
X-Received: by 2002:a63:6cc7:0:b0:3f6:ba59:1bcc with SMTP id h190-20020a636cc7000000b003f6ba591bccmr36522831pgc.188.1653769669623;
        Sat, 28 May 2022 13:27:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1653769669; cv=none;
        d=google.com; s=arc-20160816;
        b=sjZwPSjhN+VT9qtPHRA8QoJwBrLLOB5V4EVvmgel1DhPhyjSTlk4TN7e3fwgniDOiN
         7WDd3HST6vfLnvy0It1Zp85IubaSq4/T1LqSFjYpXDYWftg6HH3iQovipar6XR83m4P5
         PhCT+W0jrRi0s0CyoU5i53A8cwRy0s06adYFDwxKP9D0bYl+Ez464JUhQgOopHOUUIHw
         yyCSh/CAtRgkq6QEzD/AwfrJBYOKPBKFzdHDrsJUT1DY2XZWEMtg3bbItsnum+6VQvnQ
         89OsOt/8NM+zIwa1H56E2oy8zAFD2ErGiHxWh+MmqAPqKVB+AucnSxHTIlkwagBr6NQo
         W9EQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=YdJbVdQuXu0j4bVr0dHuTFMGG4XwPXNI8yfMULGBMAk=;
        b=MwK0zY+F6BsYala9PknNydU0h4R0PDE+vUnAt6X6eY8zA78PPPQl8o9lJoCkcC2CsB
         zk5uAJkTSL+7BXBceAXlv6LxQ8p/zXcXvoI0Pi7ozXHGT4BWV+3XRIEwlMoCcWZBIc3A
         41ZVH8DKij4BJMkzC1zu7IM0VuzV8iXtWaLXVR7+WWk7FfRQ3PewVKSRci0j55yMx1Tk
         lrlNsl+DY3V3ixaerti72c7q5xwyQHBZhjEBrAFq/DEmQzdTJVOP7L4TVq5PtlR1STkl
         ZlTf4wmI0Bg6PN+OK4K17eiiK5bP9LfrI1SdgQsp7U494uUQF98YvW5Rosbe7cnGzMdu
         Q8cg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FWKfPHEe;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id g13-20020a63110d000000b003862e2b721dsi10830602pgl.129.2022.05.28.13.27.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 28 May 2022 13:27:49 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FWKfPHEe;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id E1F2318FF0E;
	Sat, 28 May 2022 12:34:39 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1350112AbiE0IyX (ORCPT <rfc822;48199929arowggi@gmail.com>
        + 99 others); Fri, 27 May 2022 04:54:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33302 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1350095AbiE0Ixl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 May 2022 04:53:41 -0400
Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E653F5BE74;
        Fri, 27 May 2022 01:52:53 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by sin.source.kernel.org (Postfix) with ESMTPS id 4E49ECE23D0;
        Fri, 27 May 2022 08:52:52 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2772EC385A9;
        Fri, 27 May 2022 08:52:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1653641570;
        bh=s6T+HuT78bAP0HH1vMwcpZGWnTvNxrhKCd8tLlgc4lE=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=FWKfPHEeUnbUdUFe5Mard6fS+hBaFW/bO+aNZ66tYPJ4rslMeJt8SAwVH4BSJG2NX
         DRY7QUXxUpV4aY003vtTjNN1IHWnE9sFfpoaO4fFiFoOLFfEs6Y0qu23kvfjXVxiLS
         5ImK7CtEqdJa7MM21Xs24NR6nO3uhfSVFnaQKES4=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH 5.18 29/47] random: avoid initializing twice in credit race
Date:   Fri, 27 May 2022 10:50:09 +0200
Message-Id: <20220527084806.323914184@linuxfoundation.org>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220527084801.223648383@linuxfoundation.org>
References: <20220527084801.223648383@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: "Jason A. Donenfeld" <Jason@zx2c4.com>

commit fed7ef061686cc813b1f3d8d0edc6c35b4d3537b upstream.

Since all changes of crng_init now go through credit_init_bits(), we can
fix a long standing race in which two concurrent callers of
credit_init_bits() have the new bit count >= some threshold, but are
doing so with crng_init as a lower threshold, checked outside of a lock,
resulting in crng_reseed() or similar being called twice.

In order to fix this, we can use the original cmpxchg value of the bit
count, and only change crng_init when the bit count transitions from
below a threshold to meeting the threshold.

Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/char/random.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -821,7 +821,7 @@ static void extract_entropy(void *buf, s
 
 static void credit_init_bits(size_t nbits)
 {
-	unsigned int init_bits, orig, add;
+	unsigned int new, orig, add;
 	unsigned long flags;
 
 	if (crng_ready() || !nbits)
@@ -831,12 +831,12 @@ static void credit_init_bits(size_t nbit
 
 	do {
 		orig = READ_ONCE(input_pool.init_bits);
-		init_bits = min_t(unsigned int, POOL_BITS, orig + add);
-	} while (cmpxchg(&input_pool.init_bits, orig, init_bits) != orig);
+		new = min_t(unsigned int, POOL_BITS, orig + add);
+	} while (cmpxchg(&input_pool.init_bits, orig, new) != orig);
 
-	if (!crng_ready() && init_bits >= POOL_READY_BITS)
+	if (orig < POOL_READY_BITS && new >= POOL_READY_BITS)
 		crng_reseed();
-	else if (unlikely(crng_init == CRNG_EMPTY && init_bits >= POOL_EARLY_BITS)) {
+	else if (orig < POOL_EARLY_BITS && new >= POOL_EARLY_BITS) {
 		spin_lock_irqsave(&base_crng.lock, flags);
 		if (crng_init == CRNG_EMPTY) {
 			extract_entropy(base_crng.key, sizeof(base_crng.key));