| Message ID | 20200325161249.55095-31-glider@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add KernelMemorySanitizer infrastructure | expand |
On Wed, Mar 25, 2020 at 5:14 PM <glider@google.com> wrote: > > The random number generator may use uninitialized memory, but it may not > return uninitialized values. Unpoison the output buffer in > _extract_crng() to prevent false reports. > > Signed-off-by: Alexander Potapenko <glider@google.com> > To: Alexander Potapenko <glider@google.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Jens Axboe <axboe@kernel.dk> > Cc: "Theodore Ts'o" <tytso@mit.edu> > Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> > Cc: Martin K. Petersen <martin.petersen@oracle.com> > Cc: "Michael S. Tsirkin" <mst@redhat.com> > Cc: Christoph Hellwig <hch@lst.de> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Eric Van Hensbergen <ericvh@gmail.com> > Cc: Takashi Iwai <tiwai@suse.com> > Cc: Vegard Nossum <vegard.nossum@oracle.com> > Cc: Dmitry Vyukov <dvyukov@google.com> > Cc: Marco Elver <elver@google.com> > Cc: Andrey Konovalov <andreyknvl@google.com> > Cc: Matthew Wilcox <willy@infradead.org> > Cc: linux-mm@kvack.org Reviewed-by: Andrey Konovalov <andreyknvl@google.com> > > --- > This patch was previously known as "kmsan: unpoisoning buffers from > devices etc.", but it turned out to be possible to drop most of the > annotations from that patch, so it only relates to /dev/random now. > > Change-Id: Id460e7a86ce564f1357469f53d0c7410ca08f0e9 > --- > drivers/char/random.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/char/random.c b/drivers/char/random.c > index 0d10e31fd342f..7cd36c726b045 100644 > --- a/drivers/char/random.c > +++ b/drivers/char/random.c > @@ -322,6 +322,7 @@ > #include <linux/fs.h> > #include <linux/genhd.h> > #include <linux/interrupt.h> > +#include <linux/kmsan-checks.h> > #include <linux/mm.h> > #include <linux/nodemask.h> > #include <linux/spinlock.h> > @@ -1007,6 +1008,11 @@ static void _extract_crng(struct crng_state *crng, > spin_lock_irqsave(&crng->lock, flags); > if (arch_get_random_long(&v)) > crng->state[14] ^= v; > + /* > + * Regardless of where the random data comes from, KMSAN should treat > + * it as initialized. > + */ > + kmsan_unpoison_shadow(crng->state, sizeof(crng->state)); > chacha20_block(&crng->state[0], out); > if (crng->state[12] == 0) > crng->state[13]++; > -- > 2.25.1.696.g5e7596f4ac-goog >
diff --git a/drivers/char/random.c b/drivers/char/random.c index 0d10e31fd342f..7cd36c726b045 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -322,6 +322,7 @@ #include <linux/fs.h> #include <linux/genhd.h> #include <linux/interrupt.h> +#include <linux/kmsan-checks.h> #include <linux/mm.h> #include <linux/nodemask.h> #include <linux/spinlock.h> @@ -1007,6 +1008,11 @@ static void _extract_crng(struct crng_state *crng, spin_lock_irqsave(&crng->lock, flags); if (arch_get_random_long(&v)) crng->state[14] ^= v; + /* + * Regardless of where the random data comes from, KMSAN should treat + * it as initialized. + */ + kmsan_unpoison_shadow(crng->state, sizeof(crng->state)); chacha20_block(&crng->state[0], out); if (crng->state[12] == 0) crng->state[13]++;
The random number generator may use uninitialized memory, but it may not return uninitialized values. Unpoison the output buffer in _extract_crng() to prevent false reports. Signed-off-by: Alexander Potapenko <glider@google.com> To: Alexander Potapenko <glider@google.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Martin K. Petersen <martin.petersen@oracle.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Eric Dumazet <edumazet@google.com> Cc: Eric Van Hensbergen <ericvh@gmail.com> Cc: Takashi Iwai <tiwai@suse.com> Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Marco Elver <elver@google.com> Cc: Andrey Konovalov <andreyknvl@google.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: linux-mm@kvack.org --- This patch was previously known as "kmsan: unpoisoning buffers from devices etc.", but it turned out to be possible to drop most of the annotations from that patch, so it only relates to /dev/random now. Change-Id: Id460e7a86ce564f1357469f53d0c7410ca08f0e9 --- drivers/char/random.c | 6 ++++++ 1 file changed, 6 insertions(+)