Re: [PATCH v5 30/38] kmsan: handle /dev/[u]random

Andrey Konovalov <andreyknvl@xxxxxxxxxx> · Wed, 8 Apr 2020 18:03:07 +0200



On Wed, Mar 25, 2020 at 5:14 PM <glider@xxxxxxxxxx> wrote:
>
> The random number generator may use uninitialized memory, but it may not
> return uninitialized values. Unpoison the output buffer in
> _extract_crng() to prevent false reports.
>
> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
> To: Alexander Potapenko <glider@xxxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Jens Axboe <axboe@xxxxxxxxx>
> Cc: "Theodore Ts'o" <tytso@xxxxxxx>
> Cc: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
> Cc: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
> Cc: "Michael S. Tsirkin" <mst@xxxxxxxxxx>
> Cc: Christoph Hellwig <hch@xxxxxx>
> Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
> Cc: Eric Van Hensbergen <ericvh@xxxxxxxxx>
> Cc: Takashi Iwai <tiwai@xxxxxxxx>
> Cc: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> Cc: Marco Elver <elver@xxxxxxxxxx>
> Cc: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
> Cc: linux-mm@xxxxxxxxx

Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

>
> ---
> This patch was previously known as "kmsan: unpoisoning buffers from
> devices etc.", but it turned out to be possible to drop most of the
> annotations from that patch, so it only relates to /dev/random now.
>
> Change-Id: Id460e7a86ce564f1357469f53d0c7410ca08f0e9
> ---
>  drivers/char/random.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 0d10e31fd342f..7cd36c726b045 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -322,6 +322,7 @@
>  #include <linux/fs.h>
>  #include <linux/genhd.h>
>  #include <linux/interrupt.h>
> +#include <linux/kmsan-checks.h>
>  #include <linux/mm.h>
>  #include <linux/nodemask.h>
>  #include <linux/spinlock.h>
> @@ -1007,6 +1008,11 @@ static void _extract_crng(struct crng_state *crng,
>         spin_lock_irqsave(&crng->lock, flags);
>         if (arch_get_random_long(&v))
>                 crng->state[14] ^= v;
> +       /*
> +        * Regardless of where the random data comes from, KMSAN should treat
> +        * it as initialized.
> +        */
> +       kmsan_unpoison_shadow(crng->state, sizeof(crng->state));
>         chacha20_block(&crng->state[0], out);
>         if (crng->state[12] == 0)
>                 crng->state[13]++;
> --
> 2.25.1.696.g5e7596f4ac-goog
>