[PATCH] efi: READ_ONCE rng seed size before munmap

[PATCH] efi: READ_ONCE rng seed size before munmap

[Jason A. Donenfeld]

This function is consistent with using size instead of seed->size
(except for one place that this patch fixes), but it reads seed->size
without using READ_ONCE, which means the compiler might still do
something unwanted. So, this commit simply adds the READ_ONCE
wrapper.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: stable@vger.kernel.org
---
 drivers/firmware/efi/efi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 621220ab3d0e..21ea99f65113 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -552,7 +552,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
 
 		seed = early_memremap(efi.rng_seed, sizeof(*seed));
 		if (seed != NULL) {
-			size = seed->size;
+			size = READ_ONCE(seed->size);
 			early_memunmap(seed, sizeof(*seed));
 		} else {
 			pr_err("Could not map UEFI random seed!\n");
@@ -562,7 +562,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
 					      sizeof(*seed) + size);
 			if (seed != NULL) {
 				pr_notice("seeding entropy pool\n");
-				add_bootloader_randomness(seed->bits, seed->size);
+				add_bootloader_randomness(seed->bits, size);
 				early_memunmap(seed, sizeof(*seed) + size);
 			} else {
 				pr_err("Could not map UEFI random seed!\n");
-- 
2.25.0

Re: [PATCH] efi: READ_ONCE rng seed size before munmap

[Ard Biesheuvel]

On Mon, 17 Feb 2020 at 13:34, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> This function is consistent with using size instead of seed->size
> (except for one place that this patch fixes), but it reads seed->size
> without using READ_ONCE, which means the compiler might still do
> something unwanted. So, this commit simply adds the READ_ONCE
> wrapper.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: stable@vger.kernel.org

Thanks Jason

I've queued this in efi/urgent with a fixes: tag rather than a cc:
stable, since it only applies clean to v5.4 and later. We'll need a
backport to 4.14 and 4.19 as well, which has a trivial conflict
(s/add_bootloader_randomness/add_device_randomness/) but we'll need to
wait for this patch to hit Linus's tree first.


> ---
>  drivers/firmware/efi/efi.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 621220ab3d0e..21ea99f65113 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -552,7 +552,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
>
>                 seed = early_memremap(efi.rng_seed, sizeof(*seed));
>                 if (seed != NULL) {
> -                       size = seed->size;
> +                       size = READ_ONCE(seed->size);
>                         early_memunmap(seed, sizeof(*seed));
>                 } else {
>                         pr_err("Could not map UEFI random seed!\n");
> @@ -562,7 +562,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
>                                               sizeof(*seed) + size);
>                         if (seed != NULL) {
>                                 pr_notice("seeding entropy pool\n");
> -                               add_bootloader_randomness(seed->bits, seed->size);
> +                               add_bootloader_randomness(seed->bits, size);
>                                 early_memunmap(seed, sizeof(*seed) + size);
>                         } else {
>                                 pr_err("Could not map UEFI random seed!\n");
> --
> 2.25.0
>

Re: [PATCH] efi: READ_ONCE rng seed size before munmap

[Greg KH]

On Mon, Feb 17, 2020 at 04:23:03PM +0100, Ard Biesheuvel wrote:
> On Mon, 17 Feb 2020 at 13:34, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> >
> > This function is consistent with using size instead of seed->size
> > (except for one place that this patch fixes), but it reads seed->size
> > without using READ_ONCE, which means the compiler might still do
> > something unwanted. So, this commit simply adds the READ_ONCE
> > wrapper.
> >
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Cc: stable@vger.kernel.org
> 
> Thanks Jason
> 
> I've queued this in efi/urgent with a fixes: tag rather than a cc:
> stable, since it only applies clean to v5.4 and later.

Why do that?  That just makes it harder for me to know to pick it up for
5.4 and newer.

> We'll need a
> backport to 4.14 and 4.19 as well, which has a trivial conflict
> (s/add_bootloader_randomness/add_device_randomness/) but we'll need to
> wait for this patch to hit Linus's tree first.

Ok, if you are going to send it on to me for stable, that's fine, but
usually you can just wait for the rejection notices for older kernels
before having to worry about this.  In other words, you are doing more
work than you have to here :)

thanks,

greg k-h

Re: [PATCH] efi: READ_ONCE rng seed size before munmap

[Ard Biesheuvel]

On Mon, 17 Feb 2020 at 16:54, Greg KH <greg@kroah.com> wrote:
>
> On Mon, Feb 17, 2020 at 04:23:03PM +0100, Ard Biesheuvel wrote:
> > On Mon, 17 Feb 2020 at 13:34, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> > >
> > > This function is consistent with using size instead of seed->size
> > > (except for one place that this patch fixes), but it reads seed->size
> > > without using READ_ONCE, which means the compiler might still do
> > > something unwanted. So, this commit simply adds the READ_ONCE
> > > wrapper.
> > >
> > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > Cc: stable@vger.kernel.org
> >
> > Thanks Jason
> >
> > I've queued this in efi/urgent with a fixes: tag rather than a cc:
> > stable, since it only applies clean to v5.4 and later.
>
> Why do that?  That just makes it harder for me to know to pick it up for
> 5.4 and newer.
>
> > We'll need a
> > backport to 4.14 and 4.19 as well, which has a trivial conflict
> > (s/add_bootloader_randomness/add_device_randomness/) but we'll need to
> > wait for this patch to hit Linus's tree first.
>
> Ok, if you are going to send it on to me for stable, that's fine, but
> usually you can just wait for the rejection notices for older kernels
> before having to worry about this.  In other words, you are doing more
> work than you have to here :)
>

So just

Cc: <stable@vger.kernel.org>

without any context is your preferred method?

Re: [PATCH] efi: READ_ONCE rng seed size before munmap

[Greg KH]

On Mon, Feb 17, 2020 at 05:09:00PM +0100, Ard Biesheuvel wrote:
> On Mon, 17 Feb 2020 at 16:54, Greg KH <greg@kroah.com> wrote:
> >
> > On Mon, Feb 17, 2020 at 04:23:03PM +0100, Ard Biesheuvel wrote:
> > > On Mon, 17 Feb 2020 at 13:34, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> > > >
> > > > This function is consistent with using size instead of seed->size
> > > > (except for one place that this patch fixes), but it reads seed->size
> > > > without using READ_ONCE, which means the compiler might still do
> > > > something unwanted. So, this commit simply adds the READ_ONCE
> > > > wrapper.
> > > >
> > > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > Cc: stable@vger.kernel.org
> > >
> > > Thanks Jason
> > >
> > > I've queued this in efi/urgent with a fixes: tag rather than a cc:
> > > stable, since it only applies clean to v5.4 and later.
> >
> > Why do that?  That just makes it harder for me to know to pick it up for
> > 5.4 and newer.
> >
> > > We'll need a
> > > backport to 4.14 and 4.19 as well, which has a trivial conflict
> > > (s/add_bootloader_randomness/add_device_randomness/) but we'll need to
> > > wait for this patch to hit Linus's tree first.
> >
> > Ok, if you are going to send it on to me for stable, that's fine, but
> > usually you can just wait for the rejection notices for older kernels
> > before having to worry about this.  In other words, you are doing more
> > work than you have to here :)
> >
> 
> So just
> 
> Cc: <stable@vger.kernel.org>
> 
> without any context is your preferred method?

If you can provide a "Fixes:" tag showing what commit it does fix,
that's even better as that way I _know_ to try to apply it to older
kernels and if it fails, you will get an email saying it failed.  With
just a cc: stable, I do a "best guess" and don't work very hard if older
kernels do not apply as I don't know if it is relevant or not.

thanks,

greg k-h

Re: [PATCH] efi: READ_ONCE rng seed size before munmap

[Ard Biesheuvel]

On Mon, 17 Feb 2020 at 17:33, Greg KH <greg@kroah.com> wrote:
>
> On Mon, Feb 17, 2020 at 05:09:00PM +0100, Ard Biesheuvel wrote:
> > On Mon, 17 Feb 2020 at 16:54, Greg KH <greg@kroah.com> wrote:
> > >
> > > On Mon, Feb 17, 2020 at 04:23:03PM +0100, Ard Biesheuvel wrote:
> > > > On Mon, 17 Feb 2020 at 13:34, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> > > > >
> > > > > This function is consistent with using size instead of seed->size
> > > > > (except for one place that this patch fixes), but it reads seed->size
> > > > > without using READ_ONCE, which means the compiler might still do
> > > > > something unwanted. So, this commit simply adds the READ_ONCE
> > > > > wrapper.
> > > > >
> > > > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > > Cc: stable@vger.kernel.org
> > > >
> > > > Thanks Jason
> > > >
> > > > I've queued this in efi/urgent with a fixes: tag rather than a cc:
> > > > stable, since it only applies clean to v5.4 and later.
> > >
> > > Why do that?  That just makes it harder for me to know to pick it up for
> > > 5.4 and newer.
> > >
> > > > We'll need a
> > > > backport to 4.14 and 4.19 as well, which has a trivial conflict
> > > > (s/add_bootloader_randomness/add_device_randomness/) but we'll need to
> > > > wait for this patch to hit Linus's tree first.
> > >
> > > Ok, if you are going to send it on to me for stable, that's fine, but
> > > usually you can just wait for the rejection notices for older kernels
> > > before having to worry about this.  In other words, you are doing more
> > > work than you have to here :)
> > >
> >
> > So just
> >
> > Cc: <stable@vger.kernel.org>
> >
> > without any context is your preferred method?
>
> If you can provide a "Fixes:" tag showing what commit it does fix,
> that's even better as that way I _know_ to try to apply it to older
> kernels and if it fails, you will get an email saying it failed.  With
> just a cc: stable, I do a "best guess" and don't work very hard if older
> kernels do not apply as I don't know if it is relevant or not.
>

OK, will do.

[tip: efi/urgent] efi: READ_ONCE rng seed size before munmap

[tip-bot2 for Jason A. Donenfeld]

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     be36f9e7517e17810ec369626a128d7948942259
Gitweb:        https://git.kernel.org/tip/be36f9e7517e17810ec369626a128d7948942259
Author:        Jason A. Donenfeld <Jason@zx2c4.com>
AuthorDate:    Fri, 21 Feb 2020 09:48:49 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Wed, 26 Feb 2020 15:31:43 +01:00

efi: READ_ONCE rng seed size before munmap

This function is consistent with using size instead of seed->size
(except for one place that this patch fixes), but it reads seed->size
without using READ_ONCE, which means the compiler might still do
something unwanted. So, this commit simply adds the READ_ONCE
wrapper.

Fixes: 636259880a7e ("efi: Add support for seeding the RNG from a UEFI ...")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: linux-efi@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20200217123354.21140-1-Jason@zx2c4.com
Link: https://lore.kernel.org/r/20200221084849.26878-5-ardb@kernel.org
---
 drivers/firmware/efi/efi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 621220a..21ea99f 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -552,7 +552,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
 
 		seed = early_memremap(efi.rng_seed, sizeof(*seed));
 		if (seed != NULL) {
-			size = seed->size;
+			size = READ_ONCE(seed->size);
 			early_memunmap(seed, sizeof(*seed));
 		} else {
 			pr_err("Could not map UEFI random seed!\n");
@@ -562,7 +562,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
 					      sizeof(*seed) + size);
 			if (seed != NULL) {
 				pr_notice("seeding entropy pool\n");
-				add_bootloader_randomness(seed->bits, seed->size);
+				add_bootloader_randomness(seed->bits, size);
 				early_memunmap(seed, sizeof(*seed) + size);
 			} else {
 				pr_err("Could not map UEFI random seed!\n");