Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2435893ioo; Sat, 28 May 2022 13:36:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz+eshwiqxOAdB6IQg2310JUy2wwf+OPWRs6ROZDqff3+FLP005IMVSRLCb7BQ74XkV7pyN X-Received: by 2002:a17:90b:3889:b0:1e0:5db7:b666 with SMTP id mu9-20020a17090b388900b001e05db7b666mr14868326pjb.10.1653770218046; Sat, 28 May 2022 13:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653770218; cv=none; d=google.com; s=arc-20160816; b=PrQxI9nHIY5B+ET5B0rkJn8D7/lJTEe4qjwsT8o58dk01nXqDcbEIIUgeTawyUYqF/ mRVQu39d63DbSVlMAtRDhuT5jljfYoMgBaEDMT25Nx0zgwv1Obx7ebWEBlHxjccxD9yC GScco6f1a3ADRZmBktMcvmy/GlIQ2tcgxfp7v1pGWmxUDftYQnS+FZNc72gcUSBupvQr 5ObFxGqpgeFziNMNyMsQ7EzEFVhcBY+zgeVY2zr0yKZvzOuruPrTbxb6jGZZn97pLrsz BxffbQ9aOqAsFjXnlhmlHF4mvgShy12zq/nhxiTz44/IaiTxAq6yxk0J5D2dx5dUgx8F PlYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=0CqpeDmTSykRXC40Cnv/28DFDKXHdcsq+7ZRPReaKrQ=; b=nr5Fl+hyN/l4TN37Pp99iMXF3/1SvnOWTN732SxhYgnlAsbhzTKIG93wBro+dYQDjV SAYA3wVn38GvgniX4Ub3NHdaJGvL1cI0iCpwoq8WebJ5+81CqOT1pewV6uKA3Glb3yGC p4v7c4VU2oPFHMY+NVSajxFHaHQ3wOG8kO9rgcUZ7x3Tu4xYotsyOoOe8qe5panHpp8Z eaF/YeVerNTotmzskQlAc2sCs0u+zufYvdBiX/tZ4gqyCrjGX6UqDdkqzrT2sLHtR7++ U1MJT+8/x3gr3H9Bfye7wi69Dg+vLbl56NUkUZ6usjnoVe8eBghUfVXCJYz6R3byXkyQ q2Uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=n+9m4sO3; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id b9-20020a170902e94900b00163abd0985esi2651340pll.134.2022.05.28.13.36.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 May 2022 13:36:58 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=n+9m4sO3; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A06DC1B175F; Sat, 28 May 2022 12:38:22 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352549AbiE0Lue (ORCPT + 99 others); Fri, 27 May 2022 07:50:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57058 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346310AbiE0Lrs (ORCPT ); Fri, 27 May 2022 07:47:48 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95DFD14AF4B; Fri, 27 May 2022 04:43:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5911A61CDB; Fri, 27 May 2022 11:43:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FA15C385A9; Fri, 27 May 2022 11:43:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1653651799; bh=vTKQqfjX4F70+FXW6akEB42FGx0gbfSWX/LAI81xnYI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n+9m4sO3b2M3MSQf1zocWXAzv1H2uTxRa8sDp0dnuenziDFBHjMgy0qrNuOqmbpr5 jO27bqTd1EeWZP9aFsveOo2+fXITksPu/epeM9+2kFkyRndMyLmf7pPpp1rUeFzPNl wYJiZEVBJUEA3d6CX0yk6mJr98hHw4VqI0hM4SNE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sultan Alsawaf , Eric Biggers , Dominik Brodowski , "Jason A. Donenfeld" Subject: [PATCH 5.10 060/163] random: make credit_entropy_bits() always safe Date: Fri, 27 May 2022 10:49:00 +0200 Message-Id: <20220527084836.427416319@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220527084828.156494029@linuxfoundation.org> References: <20220527084828.156494029@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Jason A. Donenfeld" commit a49c010e61e1938be851f5e49ac219d49b704103 upstream. This is called from various hwgenerator drivers, so rather than having one "safe" version for userspace and one "unsafe" version for the kernel, just make everything safe; the checks are cheap and sensible to have anyway. Reported-by: Sultan Alsawaf Reviewed-by: Eric Biggers Reviewed-by: Dominik Brodowski Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -447,18 +447,15 @@ static void process_random_ready_list(vo spin_unlock_irqrestore(&random_ready_list_lock, flags); } -/* - * Credit (or debit) the entropy store with n bits of entropy. - * Use credit_entropy_bits_safe() if the value comes from userspace - * or otherwise should be checked for extreme values. - */ static void credit_entropy_bits(int nbits) { int entropy_count, orig; - if (!nbits) + if (nbits <= 0) return; + nbits = min(nbits, POOL_BITS); + do { orig = READ_ONCE(input_pool.entropy_count); entropy_count = min(POOL_BITS, orig + nbits); @@ -470,18 +467,6 @@ static void credit_entropy_bits(int nbit crng_reseed(&primary_crng, true); } -static int credit_entropy_bits_safe(int nbits) -{ - if (nbits < 0) - return -EINVAL; - - /* Cap the value to avoid overflows */ - nbits = min(nbits, POOL_BITS); - - credit_entropy_bits(nbits); - return 0; -} - /********************************************************************* * * CRNG using CHACHA20 @@ -1526,7 +1511,10 @@ static long random_ioctl(struct file *f, return -EPERM; if (get_user(ent_count, p)) return -EFAULT; - return credit_entropy_bits_safe(ent_count); + if (ent_count < 0) + return -EINVAL; + credit_entropy_bits(ent_count); + return 0; case RNDADDENTROPY: if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -1539,7 +1527,8 @@ static long random_ioctl(struct file *f, retval = write_pool((const char __user *)p, size); if (retval < 0) return retval; - return credit_entropy_bits_safe(ent_count); + credit_entropy_bits(ent_count); + return 0; case RNDZAPENTCNT: case RNDCLEARPOOL: /*