Hi
On Sun, Apr 22, 2018 at 11:28:52PM +0100, Ben Hutchings wrote:
On Sun, 2018-04-22 at 15:53 +0200, Greg Kroah-Hartman wrote:
4.9-stable review patch. If anyone has any objections, please let me know.
From: Theodore Ts'o tytso@mit.edu
commit 8ef35c866f8862df074a49a93b0309725812dea8 upstream.
Until the primary_crng is fully initialized, don't initialize the NUMA crng nodes. Otherwise users of /dev/urandom on NUMA systems before the CRNG is fully initialized can get very bad quality randomness. Of course everyone should move to getrandom(2) where this won't be an issue, but there's a lot of legacy code out there. This related to CVE-2018-1108.
Reported-by: Jann Horn jannh@google.com Fixes: 1e7f583af67b ("random: make /dev/urandom scalable for silly...") Cc: stable@kernel.org # 4.8+ Signed-off-by: Theodore Ts'o tytso@mit.edu Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
In 4.9 (and probably older branches too) this leads to a deadlock:
crng_reseed(primary_crng, ...) takes primary_crng.lock -> numa_rcng_init() -> crng_initialize() -> get_random_bytes() -> extract_crng() -> _extract_crng(primary_crng, ...) tries to take primary_crng.lock
I think this can be fixed by backporting commit 4a072c71f49b "random: silence compiler warnings and fix race" but I'm not sure whether that depends on other changes.
That is, the following test patch on top of the 4.9-stable review queue seem to resolve the issue. The commit message of the original commit 4a072c71f49b0a0e495ea13423bdb850da73c58c would though not match anymore.
Regards, Salvatore