random: CVE-2018-1108

random: fix crng_ready() test Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1108 https://lkml.org/lkml/2018/4/12/711 Change-Id: I41a55b940d4edd6a46641173de23f39c00cbf6d6 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
author: Andreas Wellving <andreas.wellving@enea.com> 2019-05-22 06:25:35 +0200
committer: Adrian Mangeac <Adrian.Mangeac@enea.com> 2019-05-22 11:17:34 +0200
commit: 301dea2daaa37e2bce882c024ae910748f7246e5 (patch)
tree: 491cecdee4b2fae27e06609fa189cbb4a05ec79f
parent: 15562bca35796a4dca667df8a87181ffbeaafa12 (diff)
download: enea-kernel-cache-301dea2daaa37e2bce882c024ae910748f7246e5.tar.gz
1 files changed, 84 insertions, 0 deletions
diff --git a/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
new file mode 100644
index 0000000..7776557
--- /dev/null
+++ b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
@@ -0,0 +1,84 @@
+From 6e513bc20ca63f594632eca4e1968791240b8f18 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 11 Apr 2018 13:27:52 -0400
+Subject: [PATCH] random: fix crng_ready() test
+commit 43838a23a05fbd13e47d750d3dfd77001536dd33 upstream.
+The crng_init variable has three states:
+0: The CRNG is not initialized at all
+1: The CRNG has a small amount of entropy, hopefully good enough for
+   early-boot, non-cryptographical use cases
+2: The CRNG is fully initialized and we are sure it is safe for
+   cryptographic use cases.
+The crng_ready() function should only return true once we are in the
+last state.  This addresses CVE-2018-1108.
+CVE: CVE-2018-1108
+Upstream-Status: Backport [https://lkml.org/lkml/2018/4/12/711]
+Reported-by: Jann Horn <jannh@google.com>
+Fixes: e192be9d9a30 ("random: replace non-blocking pool...")
+Cc: stable@kernel.org # 4.8+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Jann Horn <jannh@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ drivers/char/random.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index e88a5c61eaa1..d7dc9727bcf0 100644
+--- a/drivers/char/random.c
+++ b/drivers/char/random.c
+@@ -427,7 +427,7 @@ struct crng_state primary_crng = {
+  * its value (from 0->1->2).
+  */
+ static int crng_init = 0;
+-#define crng_ready() (likely(crng_init > 0))
+#define crng_ready() (likely(crng_init > 1))
+ static int crng_init_cnt = 0;
+ #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
+ static void _extract_crng(struct crng_state *crng,
+@@ -793,7 +793,7 @@ static int crng_fast_load(const char *cp, size_t len)
+ 
+        if (!spin_trylock_irqsave(&primary_crng.lock, flags))
+                return 0;
+-       if (crng_ready()) {
+       if (crng_init != 0) {
+                spin_unlock_irqrestore(&primary_crng.lock, flags);
+                return 0;
+        }
+@@ -855,7 +855,7 @@ static void _extract_crng(struct crng_state *crng,
+ {
+        unsigned long v, flags;
+ 
+-       if (crng_init > 1 &&
+       if (crng_ready() &&
+            time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
+                crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
+        spin_lock_irqsave(&crng->lock, flags);
+@@ -1141,7 +1141,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+        fast_mix(fast_pool);
+        add_interrupt_bench(cycles);
+ 
+-       if (!crng_ready()) {
+       if (unlikely(crng_init == 0)) {
+                if ((fast_pool->count >= 64) &&
+                    crng_fast_load((char *) fast_pool->pool,
+                                   sizeof(fast_pool->pool))) {
+@@ -2214,7 +2214,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
+ {
+        struct entropy_store *poolp = &input_pool;
+ 
+-       if (!crng_ready()) {
+       if (unlikely(crng_init == 0)) {
+                crng_fast_load(buffer, count);
+                return;
+        }
+-- 
+2.20.1
author	Andreas Wellving <andreas.wellving@enea.com>	2019-05-22 06:25:35 +0200
committer	Adrian Mangeac <Adrian.Mangeac@enea.com>	2019-05-22 11:17:34 +0200
commit	301dea2daaa37e2bce882c024ae910748f7246e5 (patch)
tree	491cecdee4b2fae27e06609fa189cbb4a05ec79f
parent	15562bca35796a4dca667df8a87181ffbeaafa12 (diff)
download	enea-kernel-cache-301dea2daaa37e2bce882c024ae910748f7246e5.tar.gz

diff --git a/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch new file mode 100644 index 0000000..7776557 --- /dev/null +++ b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
@@ -0,0 +1,84 @@
	1	From 6e513bc20ca63f594632eca4e1968791240b8f18 Mon Sep 17 00:00:00 2001
	2	From: Theodore Ts'o <tytso@mit.edu>
	3	Date: Wed, 11 Apr 2018 13:27:52 -0400
	4	Subject: [PATCH] random: fix crng_ready() test
	5
	6	commit 43838a23a05fbd13e47d750d3dfd77001536dd33 upstream.
	7
	8	The crng_init variable has three states:
	9
	10	0: The CRNG is not initialized at all
	11	1: The CRNG has a small amount of entropy, hopefully good enough for
	12	early-boot, non-cryptographical use cases
	13	2: The CRNG is fully initialized and we are sure it is safe for
	14	cryptographic use cases.
	15
	16	The crng_ready() function should only return true once we are in the
	17	last state. This addresses CVE-2018-1108.
	18
	19	CVE: CVE-2018-1108
	20	Upstream-Status: Backport [https://lkml.org/lkml/2018/4/12/711]
	21
	22	Reported-by: Jann Horn <jannh@google.com>
	23	Fixes: e192be9d9a30 ("random: replace non-blocking pool...")
	24	Cc: stable@kernel.org # 4.8+
	25	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	26	Reviewed-by: Jann Horn <jannh@google.com>
	27	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	28	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	29	---
	30	drivers/char/random.c \| 10 +++++-----
	31	1 file changed, 5 insertions(+), 5 deletions(-)
	32
	33	diff --git a/drivers/char/random.c b/drivers/char/random.c
	34	index e88a5c61eaa1..d7dc9727bcf0 100644
	35	--- a/drivers/char/random.c
	36	+++ b/drivers/char/random.c
	37	@@ -427,7 +427,7 @@ struct crng_state primary_crng = {
	38	* its value (from 0->1->2).
	39	*/
	40	static int crng_init = 0;
	41	-#define crng_ready() (likely(crng_init > 0))
	42	+#define crng_ready() (likely(crng_init > 1))
	43	static int crng_init_cnt = 0;
	44	#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
	45	static void _extract_crng(struct crng_state *crng,
	46	@@ -793,7 +793,7 @@ static int crng_fast_load(const char *cp, size_t len)
	47
	48	if (!spin_trylock_irqsave(&primary_crng.lock, flags))
	49	return 0;
	50	- if (crng_ready()) {
	51	+ if (crng_init != 0) {
	52	spin_unlock_irqrestore(&primary_crng.lock, flags);
	53	return 0;
	54	}
	55	@@ -855,7 +855,7 @@ static void _extract_crng(struct crng_state *crng,
	56	{
	57	unsigned long v, flags;
	58
	59	- if (crng_init > 1 &&
	60	+ if (crng_ready() &&
	61	time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
	62	crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
	63	spin_lock_irqsave(&crng->lock, flags);
	64	@@ -1141,7 +1141,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
	65	fast_mix(fast_pool);
	66	add_interrupt_bench(cycles);
	67
	68	- if (!crng_ready()) {
	69	+ if (unlikely(crng_init == 0)) {
	70	if ((fast_pool->count >= 64) &&
	71	crng_fast_load((char *) fast_pool->pool,
	72	sizeof(fast_pool->pool))) {
	73	@@ -2214,7 +2214,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
	74	{
	75	struct entropy_store *poolp = &input_pool;
	76
	77	- if (!crng_ready()) {
	78	+ if (unlikely(crng_init == 0)) {
	79	crng_fast_load(buffer, count);
	80	return;
	81	}
	82	--
	83	2.20.1
	84