random: CVE-2018-1108

random: fix crng_ready() test Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.9.y&id=4dfb3442bb7e1fb80515df4a199ca5a7a8edf900 Change-Id: Ibd02ab7de61291eef85169c12cf5e7a97cb60604 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
author: Andreas Wellving <andreas.wellving@enea.com> 2018-10-26 13:26:31 +0200
committer: Andreas Wellving <andreas.wellving@enea.com> 2018-10-26 13:26:31 +0200
commit: 6a68947178d47c7e473a0a4a25d73be51a252803 (patch)
tree: 999fcb4391b6b852cc78e6c45debed1815a039fc
parent: 53fccbc963044818e6f5afb73c09bf91a88518a3 (diff)
download: enea-kernel-cache-6a68947178d47c7e473a0a4a25d73be51a252803.tar.gz
2 files changed, 87 insertions, 0 deletions
diff --git a/patches/cve/4.9.x.scc b/patches/cve/4.9.x.scc
index 4dad7d1..788052b 100644
--- a/patches/cve/4.9.x.scc
+++ b/patches/cve/4.9.x.scc
@@ -3,3 +3,6 @@ patch CVE-2018-7480-blkcg-fix-double-free-of-new_blkg-in-blkcg_init_queu.patch
 #CVEs fixed in 4.9.91:
 SRC_URI += "file://CVE-2018-8781-drm-udl-Properly-check-framebuffer-mmap-offsets.patch"
+#CVEs fixed in 4.9.96:
+SRC_URI += "file://CVE-2018-1108-random-fix-crng_ready-test.patch"
diff --git a/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
new file mode 100644
index 0000000..4f7297b
--- /dev/null
+++ b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
@@ -0,0 +1,84 @@
+From 4dfb3442bb7e1fb80515df4a199ca5a7a8edf900 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 11 Apr 2018 13:27:52 -0400
+Subject: [PATCH] random: fix crng_ready() test
+commit 43838a23a05fbd13e47d750d3dfd77001536dd33 upstream.
+The crng_init variable has three states:
+0: The CRNG is not initialized at all
+1: The CRNG has a small amount of entropy, hopefully good enough for
+   early-boot, non-cryptographical use cases
+2: The CRNG is fully initialized and we are sure it is safe for
+   cryptographic use cases.
+The crng_ready() function should only return true once we are in the
+last state.  This addresses CVE-2018-1108.
+Reported-by: Jann Horn <jannh@google.com>
+Fixes: e192be9d9a30 ("random: replace non-blocking pool...")
+Cc: stable@kernel.org # 4.8+
+CVE: CVE-2018-1108
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.9.y&id=4dfb3442bb7e1fb80515df4a199ca5a7a8edf900]
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Jann Horn <jannh@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ drivers/char/random.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index cf1b91e33a28..4f82fe0789e4 100644
+--- a/drivers/char/random.c
+++ b/drivers/char/random.c
+@@ -434,7 +434,7 @@ struct crng_state primary_crng = {
+  * its value (from 0->1->2).
+  */
+ static int crng_init = 0;
+-#define crng_ready() (likely(crng_init > 0))
+#define crng_ready() (likely(crng_init > 1))
+ static int crng_init_cnt = 0;
+ #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
+ static void _extract_crng(struct crng_state *crng,
+@@ -800,7 +800,7 @@ static int crng_fast_load(const char *cp, size_t len)
+ 
+        if (!spin_trylock_irqsave(&primary_crng.lock, flags))
+                return 0;
+-       if (crng_ready()) {
+       if (crng_init != 0) {
+                spin_unlock_irqrestore(&primary_crng.lock, flags);
+                return 0;
+        }
+@@ -872,7 +872,7 @@ static void _extract_crng(struct crng_state *crng,
+ {
+        unsigned long v, flags;
+ 
+-       if (crng_init > 1 &&
+       if (crng_ready() &&
+            time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
+                crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
+        spin_lock_irqsave(&crng->lock, flags);
+@@ -1153,7 +1153,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+        fast_mix(fast_pool);
+        add_interrupt_bench(cycles);
+ 
+-       if (!crng_ready()) {
+       if (unlikely(crng_init == 0)) {
+                if ((fast_pool->count >= 64) &&
+                    crng_fast_load((char *) fast_pool->pool,
+                                   sizeof(fast_pool->pool))) {
+@@ -2148,7 +2148,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
+ {
+        struct entropy_store *poolp = &input_pool;
+ 
+-       if (!crng_ready()) {
+       if (unlikely(crng_init == 0)) {
+                crng_fast_load(buffer, count);
+                return;
+        }
author	Andreas Wellving <andreas.wellving@enea.com>	2018-10-26 13:26:31 +0200
committer	Andreas Wellving <andreas.wellving@enea.com>	2018-10-26 13:26:31 +0200
commit	6a68947178d47c7e473a0a4a25d73be51a252803 (patch)
tree	999fcb4391b6b852cc78e6c45debed1815a039fc
parent	53fccbc963044818e6f5afb73c09bf91a88518a3 (diff)
download	enea-kernel-cache-6a68947178d47c7e473a0a4a25d73be51a252803.tar.gz

diff --git a/patches/cve/4.9.x.scc b/patches/cve/4.9.x.scc index 4dad7d1..788052b 100644 --- a/patches/cve/4.9.x.scc +++ b/patches/cve/4.9.x.scc
@@ -3,3 +3,6 @@ patch CVE-2018-7480-blkcg-fix-double-free-of-new_blkg-in-blkcg_init_queu.patch
3		3
4	#CVEs fixed in 4.9.91:	4	#CVEs fixed in 4.9.91:
5	SRC_URI += "file://CVE-2018-8781-drm-udl-Properly-check-framebuffer-mmap-offsets.patch"	5	SRC_URI += "file://CVE-2018-8781-drm-udl-Properly-check-framebuffer-mmap-offsets.patch"
		6
		7	#CVEs fixed in 4.9.96:
		8	SRC_URI += "file://CVE-2018-1108-random-fix-crng_ready-test.patch"


diff --git a/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch new file mode 100644 index 0000000..4f7297b --- /dev/null +++ b/patches/cve/CVE-2018-1108-random-fix-crng_ready-test.patch
@@ -0,0 +1,84 @@
		1	From 4dfb3442bb7e1fb80515df4a199ca5a7a8edf900 Mon Sep 17 00:00:00 2001
		2	From: Theodore Ts'o <tytso@mit.edu>
		3	Date: Wed, 11 Apr 2018 13:27:52 -0400
		4	Subject: [PATCH] random: fix crng_ready() test
		5
		6	commit 43838a23a05fbd13e47d750d3dfd77001536dd33 upstream.
		7
		8	The crng_init variable has three states:
		9
		10	0: The CRNG is not initialized at all
		11	1: The CRNG has a small amount of entropy, hopefully good enough for
		12	early-boot, non-cryptographical use cases
		13	2: The CRNG is fully initialized and we are sure it is safe for
		14	cryptographic use cases.
		15
		16	The crng_ready() function should only return true once we are in the
		17	last state. This addresses CVE-2018-1108.
		18
		19	Reported-by: Jann Horn <jannh@google.com>
		20	Fixes: e192be9d9a30 ("random: replace non-blocking pool...")
		21	Cc: stable@kernel.org # 4.8+
		22
		23	CVE: CVE-2018-1108
		24	Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.9.y&id=4dfb3442bb7e1fb80515df4a199ca5a7a8edf900]
		25
		26	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
		27	Reviewed-by: Jann Horn <jannh@google.com>
		28	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
		29	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
		30	---
		31	drivers/char/random.c \| 10 +++++-----
		32	1 file changed, 5 insertions(+), 5 deletions(-)
		33
		34	diff --git a/drivers/char/random.c b/drivers/char/random.c
		35	index cf1b91e33a28..4f82fe0789e4 100644
		36	--- a/drivers/char/random.c
		37	+++ b/drivers/char/random.c
		38	@@ -434,7 +434,7 @@ struct crng_state primary_crng = {
		39	* its value (from 0->1->2).
		40	*/
		41	static int crng_init = 0;
		42	-#define crng_ready() (likely(crng_init > 0))
		43	+#define crng_ready() (likely(crng_init > 1))
		44	static int crng_init_cnt = 0;
		45	#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
		46	static void _extract_crng(struct crng_state *crng,
		47	@@ -800,7 +800,7 @@ static int crng_fast_load(const char *cp, size_t len)
		48
		49	if (!spin_trylock_irqsave(&primary_crng.lock, flags))
		50	return 0;
		51	- if (crng_ready()) {
		52	+ if (crng_init != 0) {
		53	spin_unlock_irqrestore(&primary_crng.lock, flags);
		54	return 0;
		55	}
		56	@@ -872,7 +872,7 @@ static void _extract_crng(struct crng_state *crng,
		57	{
		58	unsigned long v, flags;
		59
		60	- if (crng_init > 1 &&
		61	+ if (crng_ready() &&
		62	time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
		63	crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
		64	spin_lock_irqsave(&crng->lock, flags);
		65	@@ -1153,7 +1153,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
		66	fast_mix(fast_pool);
		67	add_interrupt_bench(cycles);
		68
		69	- if (!crng_ready()) {
		70	+ if (unlikely(crng_init == 0)) {
		71	if ((fast_pool->count >= 64) &&
		72	crng_fast_load((char *) fast_pool->pool,
		73	sizeof(fast_pool->pool))) {
		74	@@ -2148,7 +2148,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
		75	{
		76	struct entropy_store *poolp = &input_pool;
		77
		78	- if (!crng_ready()) {
		79	+ if (unlikely(crng_init == 0)) {
		80	crng_fast_load(buffer, count);
		81	return;
		82	}
		83
		84