NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
383025aa0f
kumquat-buildroot/package/util-linux/0002-lib-randutils-Do-not-block-on-getrandom.patch
Peter Korsgaard c4d86707cd util-linux: add two upstream patches to fix blocking on getrandom() with recent kernels 
As part of the fix for CVE-2018-1108 (kernel drivers before version 4.17-rc1
are vulnerable to a weakness in the Linux kernel's implementation of random
seed data.  Programs, early in the boot sequence, could use the data
allocated for the seed before it was sufficiently generated), the kernel
random number generator initialization routine was changed.  See the
project-zero writeup for more details:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1559

These changes have now also been backported to 4.14.x (since 4.14.39) and
4.16.x (since 4.16.7).

This change unfortunately causes users of libuuid from util-linux to block
for a very long time waiting for sufficient entropy.  An example of this is
mke2fs, which uses libuuid to generate the filesystem UUID.

Fix this by backporting two post-2.31 fixes from upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-28 09:48:18 +02:00

53 lines
1.6 KiB
Diff
Raw Blame History

From a9cf659e0508c1f56813a7d74c64f67bbc962538 Mon Sep 17 00:00:00 2001
From: Carlo Caione <carlo@endlessm.com>
Date: Mon, 19 Mar 2018 10:31:07 +0000
Subject: [PATCH] lib/randutils: Do not block on getrandom()
In Endless we have hit a problem when using 'sfdisk' on the really first
boot to automatically expand the rootfs partition. On this platform
'sfdisk' is blocking on getrandom() because not enough random bytes are
available. This is an ARM platform without a hwrng.
We fix this passing GRND_NONBLOCK to getrandom(). 'sfdisk' will use the
best entropy it has available and fallback only as necessary.
Signed-off-by: Carlo Caione <carlo@endlessm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
lib/randutils.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/randutils.c b/lib/randutils.c
index e1c4059e1..02c3d9eb0 100644
--- a/lib/randutils.c
+++ b/lib/randutils.c
@@ -36,6 +36,8 @@
#if !defined(HAVE_GETRANDOM) && defined(SYS_getrandom)
/* libc without function, but we have syscal */
+#define GRND_NONBLOCK 0x01
+#define GRND_RANDOM 0x02
static int getrandom(void *buf, size_t buflen, unsigned int flags)
{
return (syscall(SYS_getrandom, buf, buflen, flags));
@@ -104,13 +106,15 @@ void random_get_bytes(void *buf, size_t nbytes)
int x;
errno = 0;
- x = getrandom(cp, n, 0);
+ x = getrandom(cp, n, GRND_NONBLOCK);
if (x > 0) { /* success */
n -= x;
cp += x;
lose_counter = 0;
} else if (errno == ENOSYS) /* kernel without getrandom() */
break;
+ else if (errno == EAGAIN)
+ break;
else if (lose_counter++ > 16) /* entropy problem? */
break;
}
--
2.11.0
Reference in New Issue View Git Blame Copy Permalink