All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] hwrng: fix khwrng lifecycle
@ 2020-12-14 17:29 Luca Dariz
  0 siblings, 0 replies; only message in thread
From: Luca Dariz @ 2020-12-14 17:29 UTC (permalink / raw)
  To: linux-crypto
  Cc: Luca Dariz, Matt Mackall, Herbert Xu, Colin Ian King,
	Holger Brunck, Valentin Longchamp

There are two issues with the management of the kernel thread to gather
entropy:
* it can terminate also if the rng is removed, and in this case it doesn't
  synchronize with kthread_should_stop(), but it directly sets hwrng_fill
  to NULL. If this happens after the NULL check but before kthread_stop()
  is called, we'll have a NULL pointer dereference.
* if we have a register/unregister too fast, it can happen that the kthread
  is not yet started when kthread_stop is called, and this seems to leave a
  corrupted or uninitialized kthread struct. This is detected by the
  WARN_ON at kernel/kthread.c:75 and later causes a page domain fault.

CC: Matt Mackall <mpm@selenic.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: Colin Ian King <colin.king@canonical.com>
CC: Holger Brunck <holger.brunck@hitachi-powergrids.com>
CC: Valentin Longchamp <valentin.longchamp@hitachi-powergrids.com>
Signed-off-by: Luca Dariz <luca.dariz@hitachi-powergrids.com>
---
 drivers/char/hw_random/core.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index 8c1c47dd9f46..5845da93c7f4 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -31,6 +31,7 @@ static struct hwrng *current_rng;
 /* the current rng has been explicitly chosen by user via sysfs */
 static int cur_rng_set_by_user;
 static struct task_struct *hwrng_fill;
+static struct completion hwrng_started = COMPLETION_INITIALIZER(hwrng_started);
 /* list of registered rngs, sorted decending by quality */
 static LIST_HEAD(rng_list);
 /* Protects rng_list and current_rng */
@@ -432,12 +433,15 @@ static int hwrng_fillfn(void *unused)
 {
 	long rc;
 
+	complete(&hwrng_started);
 	while (!kthread_should_stop()) {
 		struct hwrng *rng;
 
 		rng = get_current_rng();
-		if (IS_ERR(rng) || !rng)
-			break;
+		if (IS_ERR(rng) || !rng) {
+			msleep_interruptible(10000);
+			continue;
+		}
 		mutex_lock(&reading_mutex);
 		rc = rng_get_data(rng, rng_fillbuf,
 				  rng_buffer_size(), 1);
@@ -462,6 +466,8 @@ static void start_khwrngd(void)
 	if (IS_ERR(hwrng_fill)) {
 		pr_err("hwrng_fill thread creation failed\n");
 		hwrng_fill = NULL;
+	} else {
+		wait_for_completion(&hwrng_started);
 	}
 }
 
-- 
2.24.3


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2020-12-14 21:17 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-14 17:29 [PATCH] hwrng: fix khwrng lifecycle Luca Dariz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.