From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 9 Feb 2022 18:42:13 +0100
Subject: random: zero buffer after reading entropy from userspace
Patch-mainline: v5.18-rc1
Git-commit: 7b5164fb1279bf0251371848e40bae646b59b3a8
References: bsc#1204911
This buffer may contain entropic data that shouldn't stick around longer
than needed, so zero out the temporary buffer at the end of write_pool().
Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[nstange@suse.de: adapted diff context for backport]
Acked-by: Nicolai Stange <nstange@suse.de>
---
drivers/char/random.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1892,6 +1892,7 @@ static int
write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
{
size_t bytes;
+ int ret = 0;
__u32 t, buf[16];
const char __user *p = buffer;
@@ -1899,8 +1900,10 @@ write_pool(struct entropy_store *r, cons
int b, i = 0;
bytes = min(count, sizeof(buf));
- if (copy_from_user(&buf, p, bytes))
- return -EFAULT;
+ if (copy_from_user(&buf, p, bytes)) {
+ ret = -EFAULT;
+ goto out;
+ }
for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) {
if (!arch_get_random_int(&t))
@@ -1915,7 +1918,9 @@ write_pool(struct entropy_store *r, cons
cond_resched();
}
- return 0;
+out:
+ memzero_explicit(buf, sizeof(buf));
+ return ret;
}
static ssize_t random_write(struct file *file, const char __user *buffer,