From: Greg Price <price@MIT.EDU>
To: "Theodore Ts'o" <tytso@MIT.EDU>
Cc: linux-kernel@vger.kernel.org, Jiri Kosina <jkosina@suse.cz>
Subject: [PATCH 10/11] random: pull 'min' check in accounting to inside lockless update
Date: Thu, 7 Nov 2013 18:59:32 -0500 [thread overview]
Message-ID: <20131107235932.GM16018@ringworld.MIT.EDU> (raw)
In-Reply-To: <cover.1383868558.git.price@mit.edu>
Since 902c098a3 ("random: use lockless techniques in the interrupt
path") we have protected entropy_count only with cmpxchg, not the
lock. In 10b3a32d2 ("random: fix accounting race condition") we
put a cmpxchg-retry loop around most of the logic in account(),
but the enforcement of the 'min' parameter stayed outside.
Under concurrent accesses to /dev/urandom this can suffer a race
that defeats our "catastrophic reseed" measures so that our
reseeding isn't effective. If accesses to /dev/urandom and
/dev/random are interleaved in the wrong pattern, we could go
indefinitely long without a successful catastrophic reseed of
/dev/urandom, even while consuming an indefinite amount of entropy
in ineffective smaller reseeds.
NB that with or without this bug, if /dev/random is simply
accessed constantly, we can go indefinitely long without any
reseed of /dev/urandom. So the effect of the bug is not that big.
The race comes when two tasks are in account() on input_pool
and access ->entropy_count in the following order:
task A task B
if (r->entropy_count / 8
< min + reserved)
ACCESS_ONCE(r->entropy_count)
cmpxchg
ACCESS_ONCE(r->entropy_count)
cmpxchg
where B causes r->entropy_count / 8 to fall below A's
min + reserved but above reserved. Task A will cheerfully
take r->entropy_count / 8 - reserved bytes from the pool,
even though this is less than min.
Move the "min" check inside the ACCESS_ONCE/cmpxchg loop to
prevent the race.
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Price <price@mit.edu>
---
drivers/char/random.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 1bf6bf8..87d3728 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -842,18 +842,17 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
{
unsigned long flags;
int wakeup_write = 0;
+ int entropy_count, orig;
BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);
DEBUG_ENT("trying to extract %zu bits from %s\n",
nbytes * 8, r->name);
- /* Can we pull enough? */
- if (r->entropy_count / 8 < min + reserved) {
+retry:
+ entropy_count = orig = ACCESS_ONCE(r->entropy_count);
+ if (entropy_count / 8 < min + reserved) {
nbytes = 0;
} else {
- int entropy_count, orig;
-retry:
- entropy_count = orig = ACCESS_ONCE(r->entropy_count);
/* If limited, never pull more than available */
if (r->limit)
nbytes = min_t(size_t, nbytes, entropy_count/8 - reserved);
--
1.8.3.2
next prev parent reply other threads:[~2013-11-08 0:04 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-07 23:57 [PATCH 00/11] random: code cleanups Greg Price
2013-11-07 23:57 ` [PATCH 01/11] random: fix typos / spelling errors in comments Greg Price
2013-11-07 23:58 ` [PATCH 02/11] random: fix comment on proc_do_uuid Greg Price
2013-11-07 23:58 ` [PATCH 03/11] random: fix description of get_random_bytes Greg Price
2013-11-07 23:58 ` [PATCH 04/11] random: simplify loop in random_read Greg Price
2013-11-07 23:58 ` [PATCH 05/11] random: declare trickle_count unsigned Greg Price
2013-11-07 23:58 ` [PATCH 06/11] random: fix comment on "account" Greg Price
2013-11-07 23:58 ` [PATCH 07/11] random: simplify accounting code slightly Greg Price
2013-11-07 23:59 ` [PATCH 08/11] random: simplify accounting logic Greg Price
2013-11-07 23:59 ` [PATCH 09/11] random: forget lock in lockless accounting Greg Price
2013-11-07 23:59 ` Greg Price [this message]
2013-11-07 23:59 ` [PATCH 11/11] random: simplify accounting code Greg Price
2013-11-12 4:24 ` [PATCH 00/11] random: code cleanups Theodore Ts'o
2013-11-12 22:40 ` Greg Price
2013-11-13 3:32 ` Theodore Ts'o
2013-11-13 4:02 ` H. Peter Anvin
2013-11-13 4:37 ` Greg Price
2013-11-13 4:51 ` H. Peter Anvin
2013-11-13 6:06 ` Greg Price
2013-11-13 4:23 ` Greg Price
2013-11-13 6:08 ` Theodore Ts'o
2013-11-13 6:28 ` Greg Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131107235932.GM16018@ringworld.MIT.EDU \
--to=price@mit.edu \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@MIT.EDU \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).