[PATCH 4.14 092/237] random: make credit_entropy_bits() always safe

From: Greg Kroah-Hartman
Date: Thu Jun 23 2022 - 13:31:19 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.14 110/237] random: remove useless header comment"
Previous message: Greg Kroah-Hartman: "[PATCH 4.14 109/237] random: introduce drain_entropy() helper to declutter crng_reseed()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.14 109/237] random: introduce drain_entropy() helper to declutter crng_reseed()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.14 110/237] random: remove useless header comment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Jason A. Donenfeld" <Jason@xxxxxxxxx>

commit a49c010e61e1938be851f5e49ac219d49b704103 upstream.

This is called from various hwgenerator drivers, so rather than having
one "safe" version for userspace and one "unsafe" version for the
kernel, just make everything safe; the checks are cheap and sensible to
have anyway.

Reported-by: Sultan Alsawaf <sultan@xxxxxxxxxxxxxxx>
Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Reviewed-by: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/char/random.c | 29 +++++++++--------------------
1 file changed, 9 insertions(+), 20 deletions(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -447,18 +447,15 @@ static void process_random_ready_list(vo
spin_unlock_irqrestore(&random_ready_list_lock, flags);
}

-/*
- * Credit (or debit) the entropy store with n bits of entropy.
- * Use credit_entropy_bits_safe() if the value comes from userspace
- * or otherwise should be checked for extreme values.
- */
static void credit_entropy_bits(int nbits)
{
int entropy_count, orig;

- if (!nbits)
+ if (nbits <= 0)
return;

+ nbits = min(nbits, POOL_BITS);
+
do {
orig = READ_ONCE(input_pool.entropy_count);
entropy_count = min(POOL_BITS, orig + nbits);
@@ -470,18 +467,6 @@ static void credit_entropy_bits(int nbit
crng_reseed(&primary_crng, true);
}

-static int credit_entropy_bits_safe(int nbits)
-{
- if (nbits < 0)
- return -EINVAL;
-
- /* Cap the value to avoid overflows */
- nbits = min(nbits, POOL_BITS);
-
- credit_entropy_bits(nbits);
- return 0;
-}
-
/*********************************************************************
*
* CRNG using CHACHA20
@@ -1525,7 +1510,10 @@ static long random_ioctl(struct file *f,
return -EPERM;
if (get_user(ent_count, p))
return -EFAULT;
- return credit_entropy_bits_safe(ent_count);
+ if (ent_count < 0)
+ return -EINVAL;
+ credit_entropy_bits(ent_count);
+ return 0;
case RNDADDENTROPY:
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -1538,7 +1526,8 @@ static long random_ioctl(struct file *f,
retval = write_pool((const char __user *)p, size);
if (retval < 0)
return retval;
- return credit_entropy_bits_safe(ent_count);
+ credit_entropy_bits(ent_count);
+ return 0;
case RNDZAPENTCNT:
case RNDCLEARPOOL:
/*

Next message: Greg Kroah-Hartman: "[PATCH 4.14 110/237] random: remove useless header comment"
Previous message: Greg Kroah-Hartman: "[PATCH 4.14 109/237] random: introduce drain_entropy() helper to declutter crng_reseed()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.14 109/237] random: introduce drain_entropy() helper to declutter crng_reseed()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.14 110/237] random: remove useless header comment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]