git.itanic.dy.fi Git - linux-stable/commit

author	Theodore Ts'o <tytso@mit.edu>
	Mon, 16 Jun 2014 01:04:32 +0000 (21:04 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 1 Jul 2014 03:14:04 +0000 (20:14 -0700)
commit	02bbff7274ac3f4a08536874a316e055d3be3ff5
tree	abe61743fc79260491afe89d76e2224dcfd25103	tree \| snapshot
parent	faf067b39a509e17682b6276cc54012b67683dc3	commit \| diff

random: fix nasty entropy accounting bug

commit e33ba5fa7afce1a9f159704121d4e4d110df8185 upstream.

Commit 0fb7a01af5b0 "random: simplify accounting code", introduced in
v3.15, has a very nasty accounting problem when the entropy pool has
has fewer bytes of entropy than the number of requested reserved
bytes.  In that case, "have_bytes - reserved" goes negative, and since
size_t is unsigned, the expression:

       ibytes = min_t(size_t, ibytes, have_bytes - reserved);

... does not do the right thing.  This is rather bad, because it
defeats the catastrophic reseeding feature in the
xfer_secondary_pool() path.

It also can cause the "BUG: spinlock trylock failure on UP" for some
kernel configurations when prandom_reseed() calls get_random_bytes()
in the early init, since when the entropy count gets corrupted,
credit_entropy_bits() erroneously believes that the nonblocking pool
has been fully initialized (when in fact it is not), and so it calls
prandom_reseed(true) recursively leading to the spinlock BUG.

The logic is *not* the same it was originally, but in the cases where
it matters, the behavior is the same, and the resulting code is
hopefully easier to read and understand.

Fixes: 0fb7a01af5b0 "random: simplify accounting code"
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: Greg Price <price@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>