From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Sultan Alsawaf <sultan@kerneltoast.com>
Subject: [PATCH] random: make credit_entropy_bits always safe
Date: Fri, 4 Feb 2022 01:53:31 +0100 [thread overview]
Message-ID: <20220204005331.67034-1-Jason@zx2c4.com> (raw)
This is called from various hwgenerator drivers, so rather than having
one "safe" version for userspace and one "unsafe" version for the
kernel, just make everything safe; the checks are cheap and sensible to
have anyway.
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Reported-by: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/char/random.c | 29 +++++++++--------------------
1 file changed, 9 insertions(+), 20 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index a1c681a616a6..7576a8b53c57 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -525,18 +525,15 @@ static void process_random_ready_list(void)
spin_unlock_irqrestore(&random_ready_list_lock, flags);
}
-/*
- * Credit (or debit) the entropy store with n bits of entropy.
- * Use credit_entropy_bits_safe() if the value comes from userspace
- * or otherwise should be checked for extreme values.
- */
static void credit_entropy_bits(int nbits)
{
int entropy_count, orig;
- if (!nbits)
+ if (nbits <= 0)
return;
+ nbits = min(nbits, POOL_BITS);
+
do {
entropy_count = orig = READ_ONCE(input_pool.entropy_count);
entropy_count = min(POOL_BITS, entropy_count + nbits);
@@ -548,18 +545,6 @@ static void credit_entropy_bits(int nbits)
crng_reseed(&primary_crng, true);
}
-static int credit_entropy_bits_safe(int nbits)
-{
- if (nbits < 0)
- return -EINVAL;
-
- /* Cap the value to avoid overflows */
- nbits = min(nbits, POOL_BITS);
-
- credit_entropy_bits(nbits);
- return 0;
-}
-
/*********************************************************************
*
* CRNG using CHACHA20
@@ -1606,7 +1591,10 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
return -EPERM;
if (get_user(ent_count, p))
return -EFAULT;
- return credit_entropy_bits_safe(ent_count);
+ if (ent_count < 0)
+ return -EINVAL;
+ credit_entropy_bits(ent_count);
+ return 0;
case RNDADDENTROPY:
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -1619,7 +1607,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
retval = write_pool((const char __user *)p, size);
if (retval < 0)
return retval;
- return credit_entropy_bits_safe(ent_count);
+ credit_entropy_bits(ent_count);
+ return 0;
case RNDZAPENTCNT:
case RNDCLEARPOOL:
/*
--
2.35.0
reply other threads:[~2022-02-04 0:53 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220204005331.67034-1-Jason@zx2c4.com \
--to=jason@zx2c4.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=sultan@kerneltoast.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox