Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp6128930iog; Thu, 23 Jun 2022 11:58:25 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sBtnhhV4hFQ4xKMUJPLLYnVSqkBD/ktbg2ab5Pml5+DKPxue1X7p0GH9iT/xzYxBvZ5tRd X-Received: by 2002:a05:6402:51ce:b0:435:c7f8:2a87 with SMTP id r14-20020a05640251ce00b00435c7f82a87mr6742744edd.411.1656010705689; Thu, 23 Jun 2022 11:58:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656010705; cv=none; d=google.com; s=arc-20160816; b=NA+9Qsqd2xgPlvKMvmDXq6z80ldQt0PzIjaSoLy7PmAtH/Q0p2tLbSgLhsHixwrBr+ Tth3HQntuRnNA82d47BlVcmJQNQ1XV2speSm4PKHOVN/gADv6gHdyAk//lcN6pn4Pp47 w6ACbZWqJZFG60Rl1ECGrzDSe2m40BfSyC0iYol6as7cIdS8K8vI/yf+Eoxi4a81M6gI UCxbLa1euq0FgNYVm9St2ttFg8qVV89Pl6Jol3tRrDxGNFv6OcbHo+BxJVZgICtkWiqQ 2QThw5YOQmOj0K5Y6N60S3Dy5tIDvxD0xTb50X3C7iYHhBQ3kuZJWafhSdi9IeGy418m isJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PyEgpKT/p/nkUWQUwbCv0R2DGH5jNx80rYpl8tXhKpE=; b=XvuLUalc3fB5FRyInK+A9Q6WoN3k2gMZ2lW+8ioueUrzQwhW93SmKMJNMnkGOnps4E XiZ0+MnicChwY2t3nMElHWiYK+7jO6CVQBpzhvEQ37NTDFqQn3GK3x1vLdySi2l7RI8F /vpsJJdbg6gZh/7cUZZGFy1uyWnXgvtiWsm8pUlfX076qQY/v+DsrkKeIIx7TCaTFNUr 2JEuPNMHxpSZ1orqjVaUORXkmSEjOK7K7kMvRAQbCNlNdwoC37nXXjJ0ohJGYu646Ftx NWPc/S8znKUEgGN4UfRIULFKN9aYRKes+ddkzxldHAtXmeHBJi0S0lhFYSbnjZsxuHNs Ggzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hTAIqgUT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y8-20020a056402440800b00435d7a4a529si442261eda.346.2022.06.23.11.58.00; Thu, 23 Jun 2022 11:58:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hTAIqgUT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236867AbiFWSQz (ORCPT + 99 others); Thu, 23 Jun 2022 14:16:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230254AbiFWSQf (ORCPT ); Thu, 23 Jun 2022 14:16:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9A175DF33; Thu, 23 Jun 2022 10:22:42 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 50E7661DE5; Thu, 23 Jun 2022 17:22:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23629C3411B; Thu, 23 Jun 2022 17:22:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1656004961; bh=OxBmzqVqX1mREF4WkljC/7yQplxzyWhFgFPRZ33k3wY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hTAIqgUTGd/kFDCzL8TAyzx/0HhqRTj6KuIkAoIIAGLp+SD0p4gUxL6+HvEd2gnoC iqRcXSgLaSa4XCDOigcvxPGZGQgoutYcGCA9K+Sdj/kq0285PVZEbXhJar8fqH+4Q1 Z31D8kk7g3wqkIEj3pmMgczXIpPMq6sX9wDOj8HA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dominik Brodowski , "Jason A. Donenfeld" Subject: [PATCH 4.19 169/234] random: check for signals after page of pool writes Date: Thu, 23 Jun 2022 18:43:56 +0200 Message-Id: <20220623164347.835067432@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220623164343.042598055@linuxfoundation.org> References: <20220623164343.042598055@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Jason A. Donenfeld" commit 1ce6c8d68f8ac587f54d0a271ac594d3d51f3efb upstream. get_random_bytes_user() checks for signals after producing a PAGE_SIZE worth of output, just like /dev/zero does. write_pool() is doing basically the same work (actually, slightly more expensive), and so should stop to check for signals in the same way. Let's also name it write_pool_user() to match get_random_bytes_user(), so this won't be misused in the future. Before this patch, massive writes to /dev/urandom would tie up the process for an extremely long time and make it unterminatable. After, it can be successfully interrupted. The following test program can be used to see this works as intended: #include #include #include #include static unsigned char x[~0U]; static void handle(int) { } int main(int argc, char *argv[]) { pid_t pid = getpid(), child; int fd; signal(SIGUSR1, handle); if (!(child = fork())) { for (;;) kill(pid, SIGUSR1); } fd = open("/dev/urandom", O_WRONLY); pause(); printf("interrupted after writing %zd bytes\n", write(fd, x, sizeof(x))); close(fd); kill(child, SIGTERM); return 0; } Result before: "interrupted after writing 2147479552 bytes" Result after: "interrupted after writing 4096 bytes" Cc: Dominik Brodowski Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1251,7 +1251,7 @@ static __poll_t random_poll(struct file return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; } -static ssize_t write_pool(struct iov_iter *iter) +static ssize_t write_pool_user(struct iov_iter *iter) { u8 block[BLAKE2S_BLOCK_SIZE]; ssize_t ret = 0; @@ -1266,7 +1266,13 @@ static ssize_t write_pool(struct iov_ite mix_pool_bytes(block, copied); if (!iov_iter_count(iter) || copied != sizeof(block)) break; - cond_resched(); + + BUILD_BUG_ON(PAGE_SIZE % sizeof(block) != 0); + if (ret % PAGE_SIZE == 0) { + if (signal_pending(current)) + break; + cond_resched(); + } } memzero_explicit(block, sizeof(block)); @@ -1275,7 +1281,7 @@ static ssize_t write_pool(struct iov_ite static ssize_t random_write_iter(struct kiocb *kiocb, struct iov_iter *iter) { - return write_pool(iter); + return write_pool_user(iter); } static ssize_t urandom_read_iter(struct kiocb *kiocb, struct iov_iter *iter) @@ -1342,7 +1348,7 @@ static long random_ioctl(struct file *f, ret = import_single_range(WRITE, p, len, &iov, &iter); if (unlikely(ret)) return ret; - ret = write_pool(&iter); + ret = write_pool_user(&iter); if (unlikely(ret < 0)) return ret; /* Since we're crediting, enforce that it was all written into the pool. */