The random number generator may use uninitialized memory, but it may not return uninitialized values. Unpoison the output buffer in _extract_crng() to prevent false reports. Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx> To: Alexander Potapenko <glider@xxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Jens Axboe <axboe@xxxxxxxxx> Cc: "Theodore Ts'o" <tytso@xxxxxxx> Cc: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> Cc: Martin K. Petersen <martin.petersen@xxxxxxxxxx> Cc: "Michael S. Tsirkin" <mst@xxxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxx> Cc: Eric Dumazet <edumazet@xxxxxxxxxx> Cc: Eric Van Hensbergen <ericvh@xxxxxxxxx> Cc: Takashi Iwai <tiwai@xxxxxxxx> Cc: Vegard Nossum <vegard.nossum@xxxxxxxxxx> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx> Cc: linux-mm@xxxxxxxxx --- This patch was previously known as "kmsan: unpoisoning buffers from devices etc.", but it turned out to be possible to drop most of the annotations from that patch, so it only relates to /dev/random now. Change-Id: Id460e7a86ce564f1357469f53d0c7410ca08f0e9 --- drivers/char/random.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index de434feb873a..9b1639c73b65 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -320,6 +320,7 @@ #include <linux/fs.h> #include <linux/genhd.h> #include <linux/interrupt.h> +#include <linux/kmsan-checks.h> #include <linux/mm.h> #include <linux/nodemask.h> #include <linux/spinlock.h> @@ -1061,6 +1062,11 @@ static void _extract_crng(struct crng_state *crng, spin_lock_irqsave(&crng->lock, flags); if (arch_get_random_long(&v)) crng->state[14] ^= v; + /* + * Regardless of where the random data comes from, KMSAN should treat + * it as initialized. + */ + kmsan_unpoison_shadow(crng->state, sizeof(crng->state)); chacha20_block(&crng->state[0], out); if (crng->state[12] == 0) crng->state[13]++; -- 2.24.0.432.g9d3f5f5b63-goog
