mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 06:33:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Jason A. Donenfeld e3e33fc2ea random: do not use input pool from hard IRQs 
Years ago, a separate fast pool was added for interrupts, so that the
cost associated with taking the input pool spinlocks and mixing into it
would be avoided in places where latency is critical. However, one
oversight was that add_input_randomness() and add_disk_randomness()
still sometimes are called directly from the interrupt handler, rather
than being deferred to a thread. This means that some unlucky interrupts
will be caught doing a blake2s_compress() call and potentially spinning
on input_pool.lock, which can also be taken by unprivileged users by
writing into /dev/urandom.

In order to fix this, add_timer_randomness() now checks whether it is
being called from a hard IRQ and if so, just mixes into the per-cpu IRQ
fast pool using fast_mix(), which is much faster and can be done
lock-free. A nice consequence of this, as well, is that it means hard
IRQ context FPU support is likely no longer useful.

The entropy estimation algorithm used by add_timer_randomness() is also
somewhat different than the one used for add_interrupt_randomness(). The
former looks at deltas of deltas of deltas, while the latter just waits
for 64 interrupts for one bit or for one second since the last bit. In
order to bridge these, and since add_interrupt_randomness() runs after
an add_timer_randomness() that's called from hard IRQ, we add to the
fast pool credit the related amount, and then subtract one to account
for add_interrupt_randomness()'s contribution.

A downside of this, however, is that the num argument is potentially
attacker controlled, which puts a bit more pressure on the fast_mix()
sponge to do more than it's really intended to do. As a mitigating
factor, the first 96 bits of input aren't attacker controlled (a cycle
counter followed by zeros), which means it's essentially two rounds of
siphash rather than one, which is somewhat better. It's also not that
much different from add_interrupt_randomness()'s use of the irq stack
instruction pointer register.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Filipe Manana <fdmanana@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-05-18 15:53:52 +02:00
..
accessibility
acpi
amba
android
ata
atm
auxdisplay
base Driver core fixes for 5.18-rc5 2022-04-30 10:24:21 -07:00
bcma
block ataflop: use a statically allocated error counters 2022-05-08 10:01:48 -07:00
bluetooth
bus - Fix locking when accessing device MSI descriptors 2022-05-01 09:30:47 -07:00
cdrom
char random: do not use input pool from hard IRQs 2022-05-18 15:53:52 +02:00
clk Add missing sentinel, check return value and mark rtc-32k as critical 2022-04-25 16:47:24 -07:00
clocksource
comedi
connector
counter
cpufreq cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts 2022-04-26 12:08:31 +05:30
cpuidle
crypto
cxl
dax
dca
devfreq
dio
dma
dma-buf
edac
eisa
extcon
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-04-25 08:01:09 +02:00
firmware
fpga
fsi
gnss
gpio gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) 2022-05-06 16:59:29 +02:00
gpu Merge tag 'drm-msm-fixes-2022-04-30' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2022-05-06 11:22:03 +10:00
greybus
hid
hsi
hv
hwmon hwmon: (pmbus) delta-ahe50dc-fan: work around hardware quirk 2022-04-27 04:52:18 -07:00
hwspinlock
hwtracing
i2c
i3c
idle intel_idle: Fix SPR C6 optimization 2022-04-27 20:36:47 +02:00
iio
infiniband RDMA/rxe: Change mcg_lock to a _bh lock 2022-05-04 21:29:25 -03:00
input Input updates for v5.18-rc3 2022-04-23 09:52:07 -07:00
interconnect
iommu iommu: Make sysfs robust for non-API groups 2022-05-04 15:13:39 +02:00
ipack
irqchip
isdn
leds
macintosh
mailbox
mcb
md block-5.18-2022-04-22 2022-04-23 09:46:44 -07:00
media
memory
memstick
message
mfd
misc eeprom: at25: Use DMA safe buffers 2022-04-24 17:25:10 +02:00
mmc mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC 2022-05-04 12:31:55 +02:00
most
mtd
mux
net net/mlx5: Fix matching on inner TTC 2022-05-04 00:00:07 -07:00
nfc nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs 2022-05-01 13:26:05 +01:00
ntb
nubus
nvdimm
nvme
nvmem
of
opp
parisc
parport
pci
pcmcia
peci
perf
phy
pinctrl pinctrl: pistachio: fix use of irq_of_parse_and_map() 2022-04-24 16:24:09 +02:00
platform platform/x86/intel: pmc/core: change pmc_lpm_modes to static 2022-04-27 16:55:54 +02:00
pnp
power
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc
reset
rpmsg
rtc
s390 s390/dasd: Use kzalloc instead of kmalloc/memset 2022-05-05 20:08:27 -06:00
sbus
scsi
sh
siox
slimbus
soc
soundwire
spi
spmi
ssb
staging
target scsi: target: pscsi: Set SCF_TREAT_READ_AS_NORMAL flag only if there is valid data 2022-04-27 22:40:09 -04:00
tc
tee
thermal Merge branch 'thermal-int340x' 2022-04-28 16:51:24 +02:00
thunderbolt
tty tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() 2022-04-26 08:09:46 +02:00
uio
usb usb: phy: generic: Get the vbus supply 2022-04-26 14:10:54 +02:00
vdpa
vfio
vhost
video drm-misc-fixes for v5.18-rc6: 2022-05-06 10:56:38 +10:00
virt
virtio
visorbus
vlynq
vme
w1
watchdog
xen
zorro
Kconfig
Makefile