From patchwork Mon Jun 26 23:30:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9810601 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 132AD60329 for ; Mon, 26 Jun 2017 23:30:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 10A3C28448 for ; Mon, 26 Jun 2017 23:30:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 051302844E; Mon, 26 Jun 2017 23:30:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 1051228448 for ; Mon, 26 Jun 2017 23:30:53 +0000 (UTC) Received: (qmail 19821 invoked by uid 550); 26 Jun 2017 23:30:52 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 19788 invoked from network); 26 Jun 2017 23:30:51 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=rdvEgRl5f1S633NiNXjCmmgPKBQfgJhkFkNapEjcuzM=; b=Gn8gsuuFiwklsavJLGGqRUMPFF457Zq77YUoj/Nw6zR1cEXSe6HTa0+f7E2zCb8whj hBIzzHG0TJThW20KUtTU4JeTn9XaolxKMolNi9TXHWamBaWP5IifyJLlpgy997mqEGx4 YClDFSvp08rV+y+wBa0CUhsMAeQwjQWRtGz38= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=rdvEgRl5f1S633NiNXjCmmgPKBQfgJhkFkNapEjcuzM=; b=qxff+BQ+2Dzel/qezPn8iw2b136FZqA5L1enPHlaSil8jJVJajLweU4K2yJfyK//nf 1+LuKJfbYEcUmJIs8HQx0o9tWu1K9Xl5g6B4IWyWxp7ZP9kkvXpuDD1hZdv2fx0DFT6p SFkCShGrHKRsW1Js0eu2z8hCuOGavI9qsXamn7fGHShhXp4rdnzvVt5Yn1rMBMFzX9oD Cy6LbkzSVO+02JTsQHcgXjPaC5kFX3MQiVGaaB7exnZXisKDAalXNYbyFcBLxRpKdOsn 1e8+JNUNkEzijJSpJ5FfLJMihg3GQ77CeY0NDNYuRXywt8Y7yQOoi3RIjq73NC7X5RYD 06sg== X-Gm-Message-State: AKS2vOxWe3KdVSv2HQ3wTrPoiXI8hYp3WZTek6ZfSj7BgZ44vdjnICpv 4lxbBZTGTAFmPDye X-Received: by 10.84.217.150 with SMTP id p22mr2642815pli.270.1498519839629; Mon, 26 Jun 2017 16:30:39 -0700 (PDT) Date: Mon, 26 Jun 2017 16:30:38 -0700 From: Kees Cook To: Theodore Ts'o Cc: Arnd Bergmann , Greg Kroah-Hartman , Ingo Molnar , Andrew Morton , Jessica Yu , "Steven Rostedt (VMware)" , Viresh Kumar , Tejun Heo , Prarit Bhargava , Lokesh Vutla , Nicholas Piggin , AKASHI Takahiro , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Message-ID: <20170626233038.GA48751@beast> MIME-Version: 1.0 Content-Disposition: inline Subject: [kernel-hardening] [PATCH] random: Do not ignore early device randomness X-Virus-Scanned: ClamAV using ClamSMTP The add_device_randomness() function would ignore incoming bytes if the crng wasn't ready. This additionally makes sure to make an early enough call to add_latent_entropy() to influence the initial stack canary, which is especially important on non-x86 systems where it stays the same through the life of the boot. Signed-off-by: Kees Cook --- drivers/char/random.c | 5 +++++ init/main.c | 1 + 2 files changed, 6 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 01a260f67437..23cab7a8c1c1 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -987,6 +987,11 @@ void add_device_randomness(const void *buf, unsigned int size) unsigned long time = random_get_entropy() ^ jiffies; unsigned long flags; + if (!crng_ready()) { + crng_fast_load(buf, size); + return; + } + trace_add_device_randomness(size, _RET_IP_); spin_lock_irqsave(&input_pool.lock, flags); _mix_pool_bytes(&input_pool, buf, size); diff --git a/init/main.c b/init/main.c index f866510472d7..6b2c3ab7d76b 100644 --- a/init/main.c +++ b/init/main.c @@ -497,6 +497,7 @@ asmlinkage __visible void __init start_kernel(void) /* * Set up the initial canary ASAP: */ + add_latent_entropy(); boot_init_stack_canary(); cgroup_init_early();