From: Greg Kroah-Hartman Date: Sun, 29 Apr 2018 10:33:34 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.16.7~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fb8959461825fba21f38f9c5650942c304c47a55;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: random-set-up-the-numa-crng-instances-after-the-crng-is-fully-initialized.patch --- diff --git a/queue-4.14/random-set-up-the-numa-crng-instances-after-the-crng-is-fully-initialized.patch b/queue-4.14/random-set-up-the-numa-crng-instances-after-the-crng-is-fully-initialized.patch new file mode 100644 index 00000000000..598f4a669fd --- /dev/null +++ b/queue-4.14/random-set-up-the-numa-crng-instances-after-the-crng-is-fully-initialized.patch @@ -0,0 +1,99 @@ +From 8ef35c866f8862df074a49a93b0309725812dea8 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Wed, 11 Apr 2018 15:23:56 -0400 +Subject: random: set up the NUMA crng instances after the CRNG is fully initialized + +From: Theodore Ts'o + +commit 8ef35c866f8862df074a49a93b0309725812dea8 upstream. + +Until the primary_crng is fully initialized, don't initialize the NUMA +crng nodes. Otherwise users of /dev/urandom on NUMA systems before +the CRNG is fully initialized can get very bad quality randomness. Of +course everyone should move to getrandom(2) where this won't be an +issue, but there's a lot of legacy code out there. This related to +CVE-2018-1108. + +Reported-by: Jann Horn +Fixes: 1e7f583af67b ("random: make /dev/urandom scalable for silly...") +Cc: stable@kernel.org # 4.8+ +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 46 +++++++++++++++++++++++++++------------------- + 1 file changed, 27 insertions(+), 19 deletions(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -787,6 +787,32 @@ static void crng_initialize(struct crng_ + crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; + } + ++#ifdef CONFIG_NUMA ++static void numa_crng_init(void) ++{ ++ int i; ++ struct crng_state *crng; ++ struct crng_state **pool; ++ ++ pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL); ++ for_each_online_node(i) { ++ crng = kmalloc_node(sizeof(struct crng_state), ++ GFP_KERNEL | __GFP_NOFAIL, i); ++ spin_lock_init(&crng->lock); ++ crng_initialize(crng); ++ pool[i] = crng; ++ } ++ mb(); ++ if (cmpxchg(&crng_node_pool, NULL, pool)) { ++ for_each_node(i) ++ kfree(pool[i]); ++ kfree(pool); ++ } ++} ++#else ++static void numa_crng_init(void) {} ++#endif ++ + /* + * crng_fast_load() can be called by code in the interrupt service + * path. So we can't afford to dilly-dally. +@@ -893,6 +919,7 @@ static void crng_reseed(struct crng_stat + spin_unlock_irqrestore(&crng->lock, flags); + if (crng == &primary_crng && crng_init < 2) { + invalidate_batched_entropy(); ++ numa_crng_init(); + crng_init = 2; + process_random_ready_list(); + wake_up_interruptible(&crng_init_wait); +@@ -1731,29 +1758,10 @@ static void init_std_data(struct entropy + */ + static int rand_initialize(void) + { +-#ifdef CONFIG_NUMA +- int i; +- struct crng_state *crng; +- struct crng_state **pool; +-#endif +- + init_std_data(&input_pool); + init_std_data(&blocking_pool); + crng_initialize(&primary_crng); + crng_global_init_time = jiffies; +- +-#ifdef CONFIG_NUMA +- pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL); +- for_each_online_node(i) { +- crng = kmalloc_node(sizeof(struct crng_state), +- GFP_KERNEL | __GFP_NOFAIL, i); +- spin_lock_init(&crng->lock); +- crng_initialize(crng); +- pool[i] = crng; +- } +- mb(); +- crng_node_pool = pool; +-#endif + return 0; + } + early_initcall(rand_initialize); diff --git a/queue-4.14/series b/queue-4.14/series index 57aeaaa34cc..76b918fd1f1 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -3,3 +3,4 @@ ext4-set-h_journal-if-there-is-a-failure-starting-a-reserved-handle.patch ext4-add-module_softdep-to-ensure-crc32c-is-included-in-the-initramfs.patch ext4-add-validity-checks-for-bitmap-block-numbers.patch ext4-fix-bitmap-position-validation.patch +random-set-up-the-numa-crng-instances-after-the-crng-is-fully-initialized.patch