--- /dev/null
+From 44e4360fa3384850d65dd36fb4e6e5f2f112709b Mon Sep 17 00:00:00 2001
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Date: Thu, 12 Apr 2012 12:49:12 -0700
+Subject: drivers/char/random.c: fix boot id uniqueness race
+
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+
+commit 44e4360fa3384850d65dd36fb4e6e5f2f112709b upstream.
+
+/proc/sys/kernel/random/boot_id can be read concurrently by userspace
+processes. If two (or more) user-space processes concurrently read
+boot_id when sysctl_bootid is not yet assigned, a race can occur making
+boot_id differ between the reads. Because the whole point of the boot id
+is to be unique across a kernel execution, fix this by protecting this
+operation with a spinlock.
+
+Given that this operation is not frequently used, hitting the spinlock
+on each call should not be an issue.
+
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: "Theodore Ts'o" <tytso@mit.edu>
+Cc: Matt Mackall <mpm@selenic.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Cc: Greg Kroah-Hartman <greg@kroah.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1260,10 +1260,15 @@ static int proc_do_uuid(ctl_table *table
+ uuid = table->data;
+ if (!uuid) {
+ uuid = tmp_uuid;
+- uuid[8] = 0;
+- }
+- if (uuid[8] == 0)
+ generate_random_uuid(uuid);
++ } else {
++ static DEFINE_SPINLOCK(bootid_spinlock);
++
++ spin_lock(&bootid_spinlock);
++ if (!uuid[8])
++ generate_random_uuid(uuid);
++ spin_unlock(&bootid_spinlock);
++ }
+
+ sprintf(buf, "%pU", uuid);
+
--- /dev/null
+From bd29e568a4cb6465f6e5ec7c1c1f3ae7d99cbec1 Mon Sep 17 00:00:00 2001
+From: "Luck, Tony" <tony.luck@intel.com>
+Date: Wed, 16 Nov 2011 10:50:56 -0800
+Subject: fix typo/thinko in get_random_bytes()
+
+From: "Luck, Tony" <tony.luck@intel.com>
+
+commit bd29e568a4cb6465f6e5ec7c1c1f3ae7d99cbec1 upstream.
+
+If there is an architecture-specific random number generator we use it
+to acquire randomness one "long" at a time. We should put these random
+words into consecutive words in the result buffer - not just overwrite
+the first word again and again.
+
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Acked-by: H. Peter Anvin <hpa@zytor.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -941,7 +941,7 @@ void get_random_bytes(void *buf, int nby
+ if (!arch_get_random_long(&v))
+ break;
+
+- memcpy(buf, &v, chunk);
++ memcpy(p, &v, chunk);
+ p += chunk;
+ nbytes -= chunk;
+ }
--- /dev/null
+From 2dac8e54f988ab58525505d7ef982493374433c3 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+Date: Mon, 16 Jan 2012 11:23:29 -0800
+Subject: random: Adjust the number of loops when initializing
+
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+
+commit 2dac8e54f988ab58525505d7ef982493374433c3 upstream.
+
+When we are initializing using arch_get_random_long() we only need to
+loop enough times to touch all the bytes in the buffer; using
+poolwords for that does twice the number of operations necessary on a
+64-bit machine, since in the random number generator code "word" means
+32 bits.
+
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Cc: "Theodore Ts'o" <tytso@mit.edu>
+Link: http://lkml.kernel.org/r/1324589281-31931-1-git-send-email-tytso@mit.edu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -975,7 +975,7 @@ static void init_std_data(struct entropy
+
+ now = ktime_get_real();
+ mix_pool_bytes(r, &now, sizeof(now));
+- for (i = r->poolinfo->poolwords; i; i--) {
++ for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof flags) {
+ if (!arch_get_random_long(&flags))
+ break;
+ mix_pool_bytes(r, &flags, sizeof(flags));
}
#ifdef CONFIG_BLOCK
-@@ -970,6 +1038,7 @@ static void init_std_data(struct entropy
+@@ -971,6 +1039,7 @@ static void init_std_data(struct entropy
spin_lock_irqsave(&r->lock, flags);
r->entropy_count = 0;
--- /dev/null
+From 3e88bdff1c65145f7ba297ccec69c774afe4c785 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 22 Dec 2011 16:28:01 -0500
+Subject: random: Use arch-specific RNG to initialize the entropy store
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit 3e88bdff1c65145f7ba297ccec69c774afe4c785 upstream.
+
+If there is an architecture-specific random number generator (such as
+RDRAND for Intel architectures), use it to initialize /dev/random's
+entropy stores. Even in the worst case, if RDRAND is something like
+AES(NSA_KEY, counter++), it won't hurt, and it will definitely help
+against any other adversaries.
+
+Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+Link: http://lkml.kernel.org/r/1324589281-31931-1-git-send-email-tytso@mit.edu
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -965,6 +965,7 @@ EXPORT_SYMBOL(get_random_bytes);
+ */
+ static void init_std_data(struct entropy_store *r)
+ {
++ int i;
+ ktime_t now;
+ unsigned long flags;
+
+@@ -974,6 +975,11 @@ static void init_std_data(struct entropy
+
+ now = ktime_get_real();
+ mix_pool_bytes(r, &now, sizeof(now));
++ for (i = r->poolinfo->poolwords; i; i--) {
++ if (!arch_get_random_long(&flags))
++ break;
++ mix_pool_bytes(r, &flags, sizeof(flags));
++ }
+ mix_pool_bytes(r, utsname(), sizeof(*(utsname())));
+ }
+
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/char/random.c | 78 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 39 insertions(+), 39 deletions(-)
+
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -418,9 +418,9 @@ struct entropy_store {
/* mix one byte at a time to simplify size handling and churn faster */
while (nbytes--) {
-@@ -514,19 +512,23 @@ static void mix_pool_bytes_extract(struct entropy_store *r, const void *in,
+@@ -514,19 +512,23 @@ static void mix_pool_bytes_extract(struc
input_rotate += i ? 7 : 14;
}
}
struct fast_pool {
-@@ -564,23 +566,22 @@ static void fast_mix(struct fast_pool *f, const void *in, int nbytes)
+@@ -564,23 +566,22 @@ static void fast_mix(struct fast_pool *f
*/
static void credit_entropy_bits(struct entropy_store *r, int nbits)
{
if (!r->initialized && nbits > 0) {
r->entropy_total += nbits;
-@@ -593,7 +594,6 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits)
+@@ -593,7 +594,6 @@ static void credit_entropy_bits(struct e
wake_up_interruptible(&random_read_wait);
kill_fasync(&fasync, SIGIO, POLL_IN);
}
}
/*********************************************************************
-@@ -680,7 +680,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+@@ -680,7 +680,7 @@ static void add_timer_randomness(struct
sample.cycles = get_cycles();
sample.num = num;
/*
* Calculate number of bits of randomness we probably added.
-@@ -764,7 +764,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+@@ -764,7 +764,7 @@ void add_interrupt_randomness(int irq, i
fast_pool->last = now;
r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool;
/*
* If we don't have a valid cycle counter, and we see
* back-to-back timer interrupts, then skip giving credit for
-@@ -829,7 +829,7 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
+@@ -829,7 +829,7 @@ static void xfer_secondary_pool(struct e
bytes = extract_entropy(r->pull, tmp, bytes,
random_read_wakeup_thresh / 8, rsvd);
credit_entropy_bits(r, bytes*8);
}
}
-@@ -890,9 +890,11 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -890,9 +890,11 @@ static void extract_buf(struct entropy_s
int i;
__u32 hash[5], workspace[SHA_WORKSPACE_WORDS];
__u8 extract[64];
for (i = 0; i < r->poolinfo->poolwords; i += 16)
sha_transform(hash, (__u8 *)(r->pool + i), workspace);
-@@ -905,7 +907,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -905,7 +907,8 @@ static void extract_buf(struct entropy_s
* brute-forcing the feedback as hard as brute-forcing the
* hash.
*/
/*
* To avoid duplicates, we atomically extract a portion of the
-@@ -928,11 +931,10 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -928,11 +931,10 @@ static void extract_buf(struct entropy_s
}
static ssize_t extract_entropy(struct entropy_store *r, void *buf,
xfer_secondary_pool(r, nbytes);
nbytes = account(r, nbytes, min, reserved);
-@@ -941,6 +943,8 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -941,6 +943,8 @@ static ssize_t extract_entropy(struct en
extract_buf(r, tmp);
if (fips_enabled) {
}
static int rand_initialize(void)
-@@ -1186,7 +1186,7 @@ write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
+@@ -1186,7 +1186,7 @@ write_pool(struct entropy_store *r, cons
count -= bytes;
p += bytes;
mac80211-cancel-mesh-path-timer.patch
x86-nops-missing-break-resulting-in-incorrect-selection-on-intel.patch
random-add-support-for-architectural-random-hooks.patch
+fix-typo-thinko-in-get_random_bytes.patch
random-use-arch_get_random_int-instead-of-cycle-counter-if-avail.patch
+random-use-arch-specific-rng-to-initialize-the-entropy-store.patch
+random-adjust-the-number-of-loops-when-initializing.patch
+drivers-char-random.c-fix-boot-id-uniqueness-race.patch
random-make-add_interrupt_randomness-do-something-sane.patch
random-use-lockless-techniques-in-the-interrupt-path.patch
random-create-add_device_randomness-interface.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
