Jason A. Donenfeld aba120cc10 random: do not allow user to keep crng key around on stack ... The fast key erasure RNG design relies on the key that's used to be used and then discarded. We do this, making judicious use of memzero_explicit(). However, reads to /dev/urandom and calls to getrandom() involve a copy_to_user(), and userspace can use FUSE or userfaultfd, or make a massive call, dynamically remap memory addresses as it goes, and set the process priority to idle, in order to keep a kernel stack alive indefinitely. By probing /proc/sys/kernel/random/entropy_avail to learn when the crng key is refreshed, a malicious userspace could mount this attack every 5 minutes thereafter, breaking the crng's forward secrecy. In order to fix this, we just overwrite the stack's key with the first 32 bytes of the "free" fast key erasure output. If we're returning <= 32 bytes to the user, then we can still return those bytes directly, so that short reads don't become slower. And for long reads, the difference is hopefully lost in the amortization, so it doesn't change much, with that amortization helping variously for medium reads. We don't need to do this for get_random_bytes() and the various kernel-space callers, and later, if we ever switch to always batching, this won't be necessary either, so there's no need to change the API of these functions. Cc: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jann Horn <jannh@google.com> Fixes: c92e040d57 ("random: add backtracking protection to the CRNG") Fixes: 186873c549 ("random: use simpler fast key erasure flow on per-cpu keys") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>		2022-04-06 15:05:10 +02:00
..
accessibility
acpi	More ACPI updates for 5.18-rc1	2022-03-31 13:08:13 -07:00
amba
android
ata	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
atm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-03-17 13:56:58 -07:00
auxdisplay	auxdisplay: lcd2s: Use array size explicitly in lcd2s_gotoxy()	2022-03-18 20:31:14 +01:00
base	Device properties code update for 5.18-rc1	2022-03-29 11:30:12 -07:00
bcma	Core MTD changes:	2022-03-25 13:35:34 -07:00
block	for-5.18/drivers-2022-04-02	2022-04-02 11:03:03 -07:00
bluetooth	Bluetooth: ath3k: remove superfluous header files	2022-03-18 17:12:09 +01:00
bus	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
cdrom	SCSI misc on 20220324	2022-03-24 19:37:53 -07:00
char	random: do not allow user to keep crng key around on stack	2022-04-06 15:05:10 +02:00
clk	A single revert to fix a boot regression seen when clk_put() started	2022-04-03 12:21:14 -07:00
clocksource	asm-generic updates for 5.18	2022-03-23 18:03:08 -07:00
comedi
connector
counter	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
cpufreq	Merge branch 'cpufreq/arm/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm	2022-03-22 12:15:47 +01:00
cpuidle	RISC-V CPU Idle Support	2022-03-30 16:17:54 -07:00
crypto	virtio: features, fixes	2022-03-31 13:57:15 -07:00
cxl	cxl/core/port: Fix NULL but dereferenced coccicheck error	2022-03-22 10:51:17 -07:00
dax	dax for 5.18	2022-03-24 18:12:09 -07:00
dca
devfreq
dio
dma	dmaengine updates for v5.18-rc1	2022-03-30 10:54:49 -07:00
dma-buf
edac	Merge branch 'edac-amd64' into edac-updates-for-v5.18	2022-03-21 10:34:57 +01:00
eisa
extcon
firewire
firmware	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
fpga
fsi
gnss
gpio	gpio fixes for v5.18-rc1	2022-04-01 10:26:09 -07:00
gpu	xen: branch for v5.18-rc1	2022-03-28 14:32:39 -07:00
greybus
hid	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2022-04-01 10:14:32 -07:00
hsi
hv	hyperv-next for 5.18	2022-03-24 12:30:37 -07:00
hwmon	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
hwspinlock
hwtracing	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
i2c	Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux	2022-03-26 12:46:08 -07:00
i3c
idle	cpuidle: intel_idle: Drop redundant backslash at line end	2022-03-17 14:32:59 +01:00
iio	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
infiniband	SCSI misc on 20220324	2022-03-24 19:37:53 -07:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2022-04-01 10:14:32 -07:00
interconnect
iommu	dma-mapping updates for Linux 5.18	2022-03-29 08:50:14 -07:00
ipack
irqchip	asm-generic updates for 5.18	2022-03-23 18:03:08 -07:00
isdn	mISDN: fix typo "frame to short" -> "frame too short"	2022-03-21 13:26:38 +00:00
leds	LED updates for 5.18-rc1. Nothing major here, there are two drivers	2022-03-27 14:09:48 -07:00
macintosh
mailbox
mcb
md	- Fix DM integrity shrink crash due to journal entry not being marked	2022-04-01 15:57:27 -07:00
media	drm for 5.18-rc1	2022-03-24 16:19:43 -07:00
memory	ARM driver updates for 5.18	2022-03-23 18:23:13 -07:00
memstick
message
mfd	- New Drivers	2022-03-25 13:56:18 -07:00
misc	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
mmc	TTY/Serial driver changes for 5.18-rc1	2022-03-28 13:00:51 -07:00
most
mtd	This pull request contains fixes for JFFS2, UBI and UBIFS	2022-03-31 16:09:41 -07:00
mux
net	virtio: features, fixes	2022-03-31 13:57:15 -07:00
nfc	spi: Updates for v5.18	2022-03-21 18:33:57 -07:00
ntb
nubus
nvdimm	libnvdimm for 5.18	2022-03-30 10:04:11 -07:00
nvme	for-5.18/drivers-2022-04-01	2022-04-01 16:26:57 -07:00
nvmem	nvmem: brcm_nvram: parse NVRAM content into NVMEM cells	2022-03-18 14:08:36 +01:00
of	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
opp
parisc	parisc: Fix CPU affinity for Lasi, WAX and Dino chips	2022-03-29 21:37:12 +02:00
parport	parport_pc: Also enable driver for PCI systems	2022-03-18 14:01:41 +01:00
pci	pci-v5.18-changes-2	2022-04-02 10:54:52 -07:00
pcmcia
peci
perf	RISC-V Patches for the 5.18 Merge Window, Part 1	2022-03-25 10:11:38 -07:00
phy	phy: PHY_FSL_LYNX_28G should depend on ARCH_LAYERSCAPE	2022-03-29 08:45:16 -07:00
pinctrl	Pin control bulk changes for the v5.18 kernel cycle	2022-03-28 11:52:53 -07:00
platform	chrome platform changes for 5.18	2022-04-02 10:44:18 -07:00
pnp	PNP update for 5.18-rc1	2022-03-21 14:46:01 -07:00
power	Driver core changes for 5.18-rc1	2022-03-28 12:41:28 -07:00
powercap
pps	pps: generators: pps_gen_parport: Switch to use module_parport_driver()	2022-03-18 14:01:19 +01:00
ps3
ptp	ptp: ocp: handle error from nvmem_device_find	2022-03-30 12:08:11 -07:00
pwm
rapidio
ras
regulator	regulator: Fixes for v5.18	2022-03-30 10:58:28 -07:00
remoteproc	remoteproc updates for v5.18	2022-03-30 10:50:48 -07:00
reset
rpmsg
rtc	RTC for 5.18	2022-04-01 09:37:18 -07:00
s390	s390: cleanup timer API use	2022-03-27 22:18:39 +02:00
sbus
scsi	xen: branch for v5.18-rc1	2022-03-28 14:32:39 -07:00
sh
siox
slimbus
soc	Networking changes for 5.18.	2022-03-24 13:13:26 -07:00
soundwire	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
spi	Core MTD changes:	2022-03-25 13:35:34 -07:00
spmi
ssb
staging	Staging driver update for 5.18-rc1	2022-03-28 12:50:50 -07:00
target	SCSI misc on 20220324	2022-03-24 19:37:53 -07:00
tc
tee	ARM driver updates for 5.18	2022-03-23 18:23:13 -07:00
thermal	Merge branch 'thermal-hfi'	2022-03-18 19:00:26 +01:00
thunderbolt	Char/Misc and other driver updates for 5.18-rc1	2022-03-28 12:27:35 -07:00
tty	TTY/Serial driver changes for 5.18-rc1	2022-03-28 13:00:51 -07:00
uio
usb	xen: branch for v5.18-rc1	2022-03-28 14:32:39 -07:00
vdpa	virtio: features, fixes	2022-03-31 13:57:15 -07:00
vfio
vhost	virtio: features, fixes	2022-03-31 13:57:15 -07:00
video	Driver core changes for 5.18-rc1	2022-03-28 12:41:28 -07:00
virt	Random number generator fixes for Linux 5.18-rc1.	2022-03-31 14:51:34 -07:00
virtio	virtio: features, fixes	2022-03-31 13:57:15 -07:00
visorbus
vlynq
vme
w1	w1: w1_therm: Add support for Maxim MAX31850 thermoelement IF.	2022-03-18 14:07:09 +01:00
watchdog	linux-watchdog 5.18-rc1 tag	2022-03-31 14:14:03 -07:00
xen	xen: don't hang when resuming PCI device	2022-03-25 14:22:15 -05:00
zorro
Kconfig
Makefile