From faae7530c9c0a8a87a166533f337d04a854285f2 Mon Sep 17 00:00:00 2001 From: Jeff Liu Date: Fri, 9 Nov 2012 14:05:10 +1100 Subject: [PATCH] binfmt_elf.c: use get_random_int() to fix entropy depleting Entropy is quickly depleted under normal operations like ls(1), cat(1), etc... between 2.6.30 to current mainline, for instance: $ cat /proc/sys/kernel/random/entropy_avail 3428 $ cat /proc/sys/kernel/random/entropy_avail 2911 $cat /proc/sys/kernel/random/entropy_avail 2620 We observed this problem has been occurring since 2.6.30 with fs/binfmt_elf.c: create_elf_tables()->get_random_bytes(), introduced by f06295b44c296c8f ("ELF: implement AT_RANDOM for glibc PRNG seeding"). /* * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); The patch introduces a wrapper around get_random_int() which has lower overhead than calling get_random_bytes() directly. With this patch applied: $ cat /proc/sys/kernel/random/entropy_avail 2731 $ cat /proc/sys/kernel/random/entropy_avail 2802 $ cat /proc/sys/kernel/random/entropy_avail 2878 Analyzed by John Sobecki. Signed-off-by: Jie Liu Cc: John Sobecki Cc: Al Viro Cc: Andreas Dilger Cc: Alan Cox Cc: Arnd Bergmann Cc: James Morris Cc: Ted Ts'o Cc: Greg Kroah-Hartman Cc: Kees Cook Cc: Jakub Jelinek Cc: Ulrich Drepper Signed-off-by: Andrew Morton --- fs/binfmt_elf.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 0c42cdbabecf..172a5b178008 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -48,6 +48,7 @@ static int load_elf_binary(struct linux_binprm *bprm); static int load_elf_library(struct file *); static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long); +static void randomize_stack_user(unsigned char *buf, size_t nbytes); /* * If we don't support core dumping, then supply a NULL so we @@ -200,7 +201,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, /* * Generate 16 random bytes for userspace PRNG seeding. */ - get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); + randomize_stack_user(k_rand_bytes, sizeof(k_rand_bytes)); u_rand_bytes = (elf_addr_t __user *) STACK_ALLOC(p, sizeof(k_rand_bytes)); if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) @@ -558,6 +559,29 @@ static unsigned long randomize_stack_top(unsigned long stack_top) #endif } +/* + * A wrapper of get_random_int() to generate random bytes which has lower + * overhead than call get_random_bytes() directly. + * create_elf_tables() call this function to generate 16 random bytes for + * userspace PRNG seeding. + */ +static void randomize_stack_user(unsigned char *buf, size_t nbytes) +{ + unsigned char *p = buf; + + while (nbytes) { + unsigned int random_variable; + size_t chunk = min(nbytes, sizeof(unsigned int)); + + random_variable = get_random_int() & STACK_RND_MASK; + random_variable <<= PAGE_SHIFT; + + memcpy(p, &random_variable, chunk); + p += chunk; + nbytes -= chunk; + } +} + static int load_elf_binary(struct linux_binprm *bprm) { struct file *interpreter = NULL; /* to shut gcc up */ -- 2.39.5