[GIT PULL] /dev/random bug fixes for 4.12

[GIT PULL] /dev/random bug fixes for 4.12

[Theodore Ts'o]

The following changes since commit 08332893e37af6ae779367e78e444f8f9571511d:

  Linux 4.12-rc2 (2017-05-21 19:30:23 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random.git tags/random_for_linus_stable

for you to fetch changes up to 9dfa7bba35ac08a63565d58c454dccb7e1bb0a08:

  fix race in drivers/char/random.c:get_reg() (2017-05-24 17:41:26 -0400)

----------------------------------------------------------------
Fix a race on architectures with prioritized interrupts (such as m68k)
which can causes crashes in drivers/char/random.c:get_reg().

----------------------------------------------------------------
Michael Schmitz (1):
      fix race in drivers/char/random.c:get_reg()

 drivers/char/random.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Re: [GIT PULL] /dev/random bug fixes for 4.12

[Linus Torvalds]

[-- Attachment #1: Type: text/plain, Size: 774 bytes --]

On Fri, Jun 2, 2017 at 2:30 PM, Theodore Ts'o <tytso@mit.edu> wrote:
>
> Fix a race on architectures with prioritized interrupts (such as m68k)
> which can causes crashes in drivers/char/random.c:get_reg().

I don't think this has anything to do with prioritized interrupts,
just possibility of nesting (which can happen anywhere).

I've pulled this, but I really am not all that happy about it. It adds
a interrupt disable/enable in something that might be pretty
timing-ciritcal.

And I really don't think it needs it. We don't actually care about the
reg_idx value being reliable, so the code could easily have just done
some READ_ONCE/WRITE_ONCE thing. Something like the attached
(UNTESTED!) patch instead.

But it's in my tree now in your form.

                Linus

[-- Attachment #2: patch.diff --]
[-- Type: text/plain, Size: 813 bytes --]

 drivers/char/random.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index a561f0c2f428..473ad34378f2 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1097,15 +1097,15 @@ static void add_interrupt_bench(cycles_t start)
 static __u32 get_reg(struct fast_pool *f, struct pt_regs *regs)
 {
 	__u32 *ptr = (__u32 *) regs;
-	unsigned long flags;
+	unsigned int idx;
 
 	if (regs == NULL)
 		return 0;
-	local_irq_save(flags);
-	if (f->reg_idx >= sizeof(struct pt_regs) / sizeof(__u32))
-		f->reg_idx = 0;
-	ptr += f->reg_idx++;
-	local_irq_restore(flags);
+	idx = READ_ONCE(f->reg_idx);
+	if (idx >= sizeof(struct pt_regs) / sizeof(__u32))
+		idx = 0;
+	ptr += idx++;
+	WRITE_ONCE(f->reg_idx, idx);
 	return *ptr;
 }
 

Re: [GIT PULL] /dev/random bug fixes for 4.12

[Geert Uytterhoeven]

Hi Linus,

On Sat, Jun 3, 2017 at 1:30 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Fri, Jun 2, 2017 at 2:30 PM, Theodore Ts'o <tytso@mit.edu> wrote:
>> Fix a race on architectures with prioritized interrupts (such as m68k)
>> which can causes crashes in drivers/char/random.c:get_reg().
>
> I don't think this has anything to do with prioritized interrupts,
> just possibility of nesting (which can happen anywhere).
>
> I've pulled this, but I really am not all that happy about it. It adds
> a interrupt disable/enable in something that might be pretty
> timing-ciritcal.
>
> And I really don't think it needs it. We don't actually care about the
> reg_idx value being reliable, so the code could easily have just done
> some READ_ONCE/WRITE_ONCE thing. Something like the attached
> (UNTESTED!) patch instead.

I agree with your analysis, and your patch looks OK to me.

Thanks!

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds