Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2885079pxu; Mon, 14 Dec 2020 13:18:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJx1bcRvD9nG7lyPnht1K5Kt7qR2K+88FVW1dSO9a/Dtmqdkzz14pqLl6EhhLIAxBRG+Hl/x X-Received: by 2002:a17:906:3114:: with SMTP id 20mr24272326ejx.460.1607980704332; Mon, 14 Dec 2020 13:18:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607980704; cv=none; d=google.com; s=arc-20160816; b=lCfuJGlQdfMu3RyUUWHFWVH3HioKSFxknvfWB7W9tyNgBdE0CuBAbVYCE4yA2Hn5DO PR/Pmfp1BboV7sjqMcakbXT6NtYpnEYkOsW00oVxAUi9LGm7VNnwg3JEJ4+iPQSTOUBY MYwZVFkDyMtMYbR26+YiZ0Rvfo54rbYXxGJ7CQnL+X/QEtQGhO6nWHYaopBVY4RdL9S+ FLHkIkhXkhZoRokC70OEL5sknRAT8w1dmDhQEo0j39oXhQs/ejxhtRSkk9F2AzaJiLtb Z1onWKh4+FjiCTNi6xiz8N2Dk43f+rkaVwpjsd+NWQD4ObZ6PUYmpD4/hQJefTce/9x6 CfGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=TXXDPj012+YfR4ZaTUksWUfXy3Qt6napLUY2ngFtQxU=; b=Daa86RFYDRmQftiOJvWnMUNrl5PEuIa7sP6nOMsj79w9EnBVKHHFv0MbKRwJzuZpf6 nb5yM7Y71av+X6oDNn110Beot4/ABs3aoIJ9D7M4YYe+aW8gz0E90V0isPhBKq2gBEvK vvT5Btwhr3/H1HIoCbzMxwEMvgxtY+Sh5XCtT0SEyb4R00pc8mrlKlvWpX0T/8+XiFKP SpUS42/RU+P0RzFIxw3tZzIv5yFfdV72IPDRbPVIbbOiK279lQ1KLhToXnJSE1n1f/63 eeMal7LDFv0PVBjgnSbIoWgMbqVSDnNXAPKKGnE38DFYsrnJwtwZKqisJu2bHfiZfhY6 1/qA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hitachi-powergrids.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f9si11142600edw.224.2020.12.14.13.18.00; Mon, 14 Dec 2020 13:18:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hitachi-powergrids.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387650AbgLNVQz (ORCPT + 99 others); Mon, 14 Dec 2020 16:16:55 -0500 Received: from inet10.abb.com ([138.225.1.74]:55964 "EHLO inet10.abb.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726557AbgLNVQy (ORCPT ); Mon, 14 Dec 2020 16:16:54 -0500 X-Greylist: delayed 13465 seconds by postgrey-1.27 at vger.kernel.org; Mon, 14 Dec 2020 16:16:53 EST Received: from gitsiv.ch.abb.com (gitsiv.keymile.net [10.41.156.251]) by inet10.abb.com (8.14.7/8.14.7) with SMTP id 0BEHUoXo010976; Mon, 14 Dec 2020 18:30:50 +0100 Received: from ch900154.keymile.net (ch900154.keymile.net [172.31.40.201]) by gitsiv.ch.abb.com (Postfix) with ESMTP id B6B10610841F; Mon, 14 Dec 2020 18:30:50 +0100 (CET) From: Luca Dariz To: linux-crypto@vger.kernel.org Cc: Luca Dariz , Matt Mackall , Herbert Xu , Colin Ian King , Holger Brunck , Valentin Longchamp Subject: [PATCH] hwrng: fix khwrng lifecycle Date: Mon, 14 Dec 2020 18:29:33 +0100 Message-Id: <20201214172933.25580-1-luca.dariz@hitachi-powergrids.com> X-Mailer: git-send-email 2.24.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org There are two issues with the management of the kernel thread to gather entropy: * it can terminate also if the rng is removed, and in this case it doesn'= t synchronize with kthread_should_stop(), but it directly sets hwrng_fill to NULL. If this happens after the NULL check but before kthread_stop() is called, we'll have a NULL pointer dereference. * if we have a register/unregister too fast, it can happen that the kthre= ad is not yet started when kthread_stop is called, and this seems to leave= a corrupted or uninitialized kthread struct. This is detected by the WARN_ON at kernel/kthread.c:75 and later causes a page domain fault. CC: Matt Mackall CC: Herbert Xu CC: Colin Ian King CC: Holger Brunck CC: Valentin Longchamp Signed-off-by: Luca Dariz --- drivers/char/hw_random/core.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.= c index 8c1c47dd9f46..5845da93c7f4 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -31,6 +31,7 @@ static struct hwrng *current_rng; /* the current rng has been explicitly chosen by user via sysfs */ static int cur_rng_set_by_user; static struct task_struct *hwrng_fill; +static struct completion hwrng_started =3D COMPLETION_INITIALIZER(hwrng_= started); /* list of registered rngs, sorted decending by quality */ static LIST_HEAD(rng_list); /* Protects rng_list and current_rng */ @@ -432,12 +433,15 @@ static int hwrng_fillfn(void *unused) { long rc; =20 + complete(&hwrng_started); while (!kthread_should_stop()) { struct hwrng *rng; =20 rng =3D get_current_rng(); - if (IS_ERR(rng) || !rng) - break; + if (IS_ERR(rng) || !rng) { + msleep_interruptible(10000); + continue; + } mutex_lock(&reading_mutex); rc =3D rng_get_data(rng, rng_fillbuf, rng_buffer_size(), 1); @@ -462,6 +466,8 @@ static void start_khwrngd(void) if (IS_ERR(hwrng_fill)) { pr_err("hwrng_fill thread creation failed\n"); hwrng_fill =3D NULL; + } else { + wait_for_completion(&hwrng_started); } } =20 --=20 2.24.3