From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Matt Mullins <mmullins@mmlx.us>,
Andy Lutomirski <luto@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.4 32/38] hwrng: core - Dont use a stack buffer in add_early_randomness()
Date: Thu, 17 Nov 2016 11:33:10 +0100 [thread overview]
Message-ID: <20161117103237.849337533@linuxfoundation.org> (raw)
In-Reply-To: <20161117103236.423602981@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Lutomirski <luto@kernel.org>
commit 6d4952d9d9d4dc2bb9c0255d95a09405a1e958f7 upstream.
hw_random carefully avoids using a stack buffer except in
add_early_randomness(). This causes a crash in virtio_rng if
CONFIG_VMAP_STACK=y.
Reported-by: Matt Mullins <mmullins@mmlx.us>
Tested-by: Matt Mullins <mmullins@mmlx.us>
Fixes: d3cc7996473a ("hwrng: fetch randomness only after device init")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hw_random/core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -84,14 +84,14 @@ static size_t rng_buffer_size(void)
static void add_early_randomness(struct hwrng *rng)
{
- unsigned char bytes[16];
int bytes_read;
+ size_t size = min_t(size_t, 16, rng_buffer_size());
mutex_lock(&reading_mutex);
- bytes_read = rng_get_data(rng, bytes, sizeof(bytes), 1);
+ bytes_read = rng_get_data(rng, rng_buffer, size, 1);
mutex_unlock(&reading_mutex);
if (bytes_read > 0)
- add_device_randomness(bytes, bytes_read);
+ add_device_randomness(rng_buffer, bytes_read);
}
static inline void cleanup_rng(struct kref *kref)
next prev parent reply other threads:[~2016-11-17 10:40 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-17 10:32 [PATCH 4.4 00/38] 4.4.33-stable review Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 01/38] ALSA: info: Return error for invalid read/write Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 02/38] ALSA: info: Limit the proc text input size Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 03/38] ASoC: cs4270: fix DAPM stream name mismatch Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 05/38] swapfile: fix memory corruption via malformed swapfile Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 06/38] coredump: fix unfreezable coredumping task Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 07/38] s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 08/38] ARC: timer: rtc: implement read loop in "C" vs. inline asm Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 09/38] pinctrl: cherryview: Serialize register access in suspend/resume Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 10/38] pinctrl: cherryview: Prevent possible interrupt storm on resume Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 11/38] staging: iio: ad5933: avoid uninitialized variable in error case Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 12/38] drivers: staging: nvec: remove bogus reset command for PS/2 interface Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 13/38] Revert "staging: nvec: ps2: change serio type to passthrough" Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 14/38] staging: nvec: remove managed resource from PS2 driver Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 15/38] USB: cdc-acm: fix TIOCMIWAIT Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 17/38] drbd: Fix kernel_sendmsg() usage - potential NULL deref Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 18/38] toshiba-wmi: Fix loading the driver on non Toshiba laptops Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 19/38] clk: qoriq: Dont allow CPU clocks higher than starting value Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 20/38] iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation Greg Kroah-Hartman
2016-11-17 10:32 ` [PATCH 4.4 21/38] iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver) Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 22/38] scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 23/38] scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 24/38] KVM: MIPS: Precalculate MMIO load resume PC Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 26/38] dmaengine: at_xdmac: fix spurious flag status for mem2mem transfers Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 28/38] iommu/amd: Free domain id when free a domain of struct dma_ops_domain Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 29/38] iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 30/38] mei: bus: fix received data size check in NFC fixup Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 31/38] lib/genalloc.c: start search from start of chunk Greg Kroah-Hartman
2016-11-17 10:33 ` Greg Kroah-Hartman [this message]
2016-11-17 10:33 ` [PATCH 4.4 33/38] i40e: fix call of ndo_dflt_bridge_getlink() Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 34/38] ACPI / APEI: Fix incorrect return value of ghes_proc() Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 35/38] ASoC: sun4i-codec: return error code instead of NULL when create_card fails Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 36/38] mmc: mxs: Initialize the spinlock prior to using it Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 37/38] btrfs: qgroup: Prevent qgroup->reserved from going subzero Greg Kroah-Hartman
2016-11-17 10:33 ` [PATCH 4.4 38/38] netfilter: fix namespace handling in nf_log_proc_dostring Greg Kroah-Hartman
2016-11-17 11:03 ` Pablo Neira Ayuso
2016-11-17 12:01 ` Greg Kroah-Hartman
2016-11-17 22:22 ` [PATCH 4.4 00/38] 4.4.33-stable review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161117103237.849337533@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mmullins@mmlx.us \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.