random: CVE-2018-1108

random: fix crng_ready() test

References:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.9.y&id=4dfb3442bb7e1fb80515df4a199ca5a7a8edf900
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108

Change-Id: I85eb1123d6a4c5ef2b8f113551ac02df667e839d
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>

2 files changed, 82 insertions, 0 deletions

diff --git a/patches/cve/4.9.x.scc b/patches/cve/4.9.x.scc
index 4b6ec00..4e5c57f 100644
--- a/patches/cve/4.9.x.scc
+++ b/patches/cve/4.9.x.scc
@@ -14,3 +14,4 @@ patch CVE-2018-1130-dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch
 
 #CVEs fixed in 4.9.96:
 patch CVE-2018-1092-ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch
+patch CVE-2018-1108-random-fix-crng_ready-test.patch
diff --git a/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
new file mode 100644
index 0000000..63e63c1
--- /dev/null
+++ b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
@@ -0,0 +1,81 @@
+From 43838a23a05fbd13e47d750d3dfd77001536dd33 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 11 Apr 2018 13:27:52 -0400
+Subject: [PATCH] random: fix crng_ready() test
+
+The crng_init variable has three states:
+
+0: The CRNG is not initialized at all
+1: The CRNG has a small amount of entropy, hopefully good enough for
+   early-boot, non-cryptographical use cases
+2: The CRNG is fully initialized and we are sure it is safe for
+   cryptographic use cases.
+
+The crng_ready() function should only return true once we are in the
+last state.  This addresses CVE-2018-1108.
+
+CVE: CVE-2018-1108   
+Upstream-Status: Backport
+
+Reported-by: Jann Horn <jannh@google.com>
+Fixes: e192be9d9a30 ("random: replace non-blocking pool...")
+Cc: stable@kernel.org # 4.8+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Jann Horn <jannh@google.com>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ drivers/char/random.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index e027e7f..c8ec1e7 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -427,7 +427,7 @@ struct crng_state primary_crng = {
+  * its value (from 0->1->2).
+  */
+ static int crng_init = 0;
+-#define crng_ready() (likely(crng_init > 0))
++#define crng_ready() (likely(crng_init > 1))
+ static int crng_init_cnt = 0;
+ #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
+ static void _extract_crng(struct crng_state *crng,
+@@ -794,7 +794,7 @@ static int crng_fast_load(const char *cp, size_t len)
+ 
+        if (!spin_trylock_irqsave(&primary_crng.lock, flags))
+                return 0;
+-       if (crng_ready()) {
++       if (crng_init != 0) {
+                spin_unlock_irqrestore(&primary_crng.lock, flags);
+                return 0;
+        }
+@@ -856,7 +856,7 @@ static void _extract_crng(struct crng_state *crng,
+ {
+        unsigned long v, flags;
+ 
+-       if (crng_init > 1 &&
++       if (crng_ready() &&
+            time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
+                crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
+        spin_lock_irqsave(&crng->lock, flags);
+@@ -1139,7 +1139,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+        fast_mix(fast_pool);
+        add_interrupt_bench(cycles);
+ 
+-       if (!crng_ready()) {
++       if (unlikely(crng_init == 0)) {
+                if ((fast_pool->count >= 64) &&
+                    crng_fast_load((char *) fast_pool->pool,
+                                   sizeof(fast_pool->pool))) {
+@@ -2212,7 +2212,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
+ {
+        struct entropy_store *poolp = &input_pool;
+ 
+-       if (!crng_ready()) {
++       if (unlikely(crng_init == 0)) {
+                crng_fast_load(buffer, count);
+                return;
+        }
+-- 
+
+