From patchwork Wed Jun  7 23:26:01 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 9773279
Return-Path: 
 <kernel-hardening-return-8430-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B9B7960234 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed,  7 Jun 2017 23:27:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE35F283AD
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed,  7 Jun 2017 23:27:27 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A2FB72848D; Wed,  7 Jun 2017 23:27:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id D36D0283AD
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed,  7 Jun 2017 23:27:26 +0000 (UTC)
Received: (qmail 26294 invoked by uid 550); 7 Jun 2017 23:26:32 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 26179 invoked from network); 7 Jun 2017 23:26:28 -0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references; s=mail; bh=GwUy
	SR4DsEka5UeoPU3RDAyhxQ4=; b=tYdSbf78VplTYtcnjyLb/lmPARTBIQY5RRNx
	vf1KmjFr1j/xy8sBegATGtuiXZE9WAk7jWQa/UJCtD3Ob29QPrI5sPZoL1OPnBRl
	S8TuC0J/qVJMdhHqPBGQgkoA5B8POif44VjemB8JuvDO5TxOQu42vqzCTElHPAnq
	euBp6NZnxnKn+gPEpE0cJZcyWZeivtvIQuNzZ3StvvgpnbRRI5i5zDDJR0ERYvvm
	IwLzDbqER3Om1m3ILvzWZwoEltamWblkNzR3YvPf6m9+mZdO9Pme9+sMfawZ/OeP
	YInmovtXaUkiqFqminSLbqawzehdAUcvShYjoI4hpKo9PhHT6Q==
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Theodore Ts'o <tytso@mit.edu>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>, kernel-hardening@lists.openwall.com,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Eric Biggers <ebiggers3@gmail.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	David Miller <davem@davemloft.net>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	Ilya Dryomov <idryomov@gmail.com>, "Yan, Zheng" <zyan@redhat.com>,
	Sage Weil <sage@redhat.com>
Date: Thu,  8 Jun 2017 01:26:01 +0200
Message-Id: <20170607232607.26870-8-Jason@zx2c4.com>
In-Reply-To: <20170607232607.26870-1-Jason@zx2c4.com>
References: <20170607232607.26870-1-Jason@zx2c4.com>
Subject: [kernel-hardening] [PATCH v5 07/13] ceph: ensure RNG is seeded
	before using
X-Virus-Scanned: ClamAV using ClamSMTP

Ceph uses the RNG for various nonce generations, and it shouldn't accept
using bad randomness. So, we wait for the RNG to be properly seeded. We
do this by calling wait_for_random_bytes() in a function that is
certainly called in process context, early on, so that all subsequent
calls to get_random_bytes are necessarily acceptable.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: "Yan, Zheng" <zyan@redhat.com>
Cc: Sage Weil <sage@redhat.com>
---
 net/ceph/ceph_common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index 47e94b560ba0..0368a04995b3 100644
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -598,7 +598,11 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private)
 {
 	struct ceph_client *client;
 	struct ceph_entity_addr *myaddr = NULL;
-	int err = -ENOMEM;
+	int err;
+
+	err = wait_for_random_bytes();
+	if (err < 0)
+		return ERR_PTR(err);
 
 	client = kzalloc(sizeof(*client), GFP_KERNEL);
 	if (client == NULL)