From patchwork Mon Jun 5 03:47:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 9765411 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 342B060353 for ; Mon, 5 Jun 2017 03:49:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2482D27F8F for ; Mon, 5 Jun 2017 03:49:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 17FCB26E69; Mon, 5 Jun 2017 03:49:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 4AD5726E69 for ; Mon, 5 Jun 2017 03:49:22 +0000 (UTC) Received: (qmail 11481 invoked by uid 550); 5 Jun 2017 03:48:57 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11350 invoked from network); 5 Jun 2017 03:48:56 -0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc :subject:date:message-id:in-reply-to:references; s=mail; bh=xMK8 DFrVjItGXiyAyLVVMjvBWcM=; b=eyHTeDLcxu0q7e1BFu6FVRkAX2tZXv/xZqV0 EkDtmPcgcMP9VnhparMkObwloBHeesuy3pCFA0BD2+9ZzkWgKM1rfaBw+j0MHYLu JcYFUH+zd5kODG5WW2ba+bPiVh5kK18zRAC2JRLgDq5ymX16DTYwPl7LvGSXHzSg C/yUBbaUklabtAwY7INMmgRTUpj26/DD03X3qz2nBArIjph+5E0Grt/mXyFimBCf M6Fz8LpmFnnfFXJ172P/vIbUonb0jgToMMdDl0rj/alfUY5i5jdW9Mw/XlFI6KHL d/u1UUwbi3yIYgqkTqXV/UbtWBOzjmC2H9M33+m4y7MVKK0/Pg== From: "Jason A. Donenfeld" To: Theodore Ts'o , Linux Crypto Mailing List , LKML , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman Cc: "Jason A. Donenfeld" , Ilya Dryomov , "Yan, Zheng" , Sage Weil Date: Mon, 5 Jun 2017 05:47:57 +0200 Message-Id: <20170605034757.4803-9-Jason@zx2c4.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20170605034757.4803-1-Jason@zx2c4.com> References: <20170605034757.4803-1-Jason@zx2c4.com> Subject: [kernel-hardening] [PATCH RFC v2 8/8] ceph: ensure RNG is seeded before using X-Virus-Scanned: ClamAV using ClamSMTP Ceph uses the RNG for various nonce generations, and it shouldn't accept using bad randomness. So, we wait for the RNG to be properly seeded. We do this by calling wait_for_random_bytes() in a function that is certainly called in process context, early on, so that all subsequent calls to get_random_bytes are necessarily acceptable. Signed-off-by: Jason A. Donenfeld Cc: Ilya Dryomov Cc: "Yan, Zheng" Cc: Sage Weil --- net/ceph/ceph_common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index 4fd02831beed..26ab58665f77 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c @@ -611,7 +611,11 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private) { struct ceph_client *client; struct ceph_entity_addr *myaddr = NULL; - int err = -ENOMEM; + int err; + + err = wait_for_random_bytes(); + if (err < 0) + return ERR_PTR(err); client = kzalloc(sizeof(*client), GFP_KERNEL); if (client == NULL)