[kernel] r14472 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Oct 28 03:45:26 UTC 2009
Author: dannf
Date: Wed Oct 28 03:45:24 2009
New Revision: 14472
Log:
random: make get_random_int() more random (CVE-2009-3238)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/19lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Wed Oct 28 03:37:26 2009 (r14471)
+++ dists/lenny-security/linux-2.6/debian/changelog Wed Oct 28 03:45:24 2009 (r14472)
@@ -1,6 +1,7 @@
linux-2.6 (2.6.26-19lenny2) UNRELEASED; urgency=high
* tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
+ * random: make get_random_int() more random (CVE-2009-3238)
-- dann frazier <dannf at debian.org> Tue, 27 Oct 2009 21:33:02 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/random-make-get_random_int-more-random.patch Wed Oct 28 03:45:24 2009 (r14472)
@@ -0,0 +1,65 @@
+commit 8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Tue May 5 08:17:43 2009 -0700
+
+ random: make get_random_int() more random
+
+ It's a really simple patch that basically just open-codes the current
+ "secure_ip_id()" call, but when open-coding it we now use a _static_
+ hashing area, so that it gets updated every time.
+
+ And to make sure somebody can't just start from the same original seed of
+ all-zeroes, and then do the "half_md4_transform()" over and over until
+ they get the same sequence as the kernel has, each iteration also mixes in
+ the same old "current->pid + jiffies" we used - so we should now have a
+ regular strong pseudo-number generator, but we also have one that doesn't
+ have a single seed.
+
+ Note: the "pid + jiffies" is just meant to be a tiny tiny bit of noise. It
+ has no real meaning. It could be anything. I just picked the previous
+ seed, it's just that now we keep the state in between calls and that will
+ feed into the next result, and that should make all the difference.
+
+ I made that hash be a per-cpu data just to avoid cache-line ping-pong:
+ having multiple CPU's write to the same data would be fine for randomness,
+ and add yet another layer of chaos to it, but since get_random_int() is
+ supposed to be a fast interface I did it that way instead. I considered
+ using "__raw_get_cpu_var()" to avoid any preemption overhead while still
+ getting the hash be _mostly_ ping-pong free, but in the end good taste won
+ out.
+
+ Signed-off-by: Ingo Molnar <mingo at elte.hu>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index f824ef8..b2ced39 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1665,15 +1665,20 @@ EXPORT_SYMBOL(secure_dccp_sequence_number);
+ * value is not cryptographically secure but for several uses the cost of
+ * depleting entropy is too high
+ */
++DEFINE_PER_CPU(__u32 [4], get_random_int_hash);
+ unsigned int get_random_int(void)
+ {
+- /*
+- * Use IP's RNG. It suits our purpose perfectly: it re-keys itself
+- * every second, from the entropy pool (and thus creates a limited
+- * drain on it), and uses halfMD4Transform within the second. We
+- * also mix it with jiffies and the PID:
+- */
+- return secure_ip_id((__force __be32)(current->pid + jiffies));
++ struct keydata *keyptr;
++ __u32 *hash = get_cpu_var(get_random_int_hash);
++ int ret;
++
++ keyptr = get_keyptr();
++ hash[0] += current->pid + jiffies + get_cycles() + (int)(long)&ret;
++
++ ret = half_md4_transform(hash, keyptr->secret);
++ put_cpu_var(get_random_int_hash);
++
++ return ret;
+ }
+
+ /*
Modified: dists/lenny-security/linux-2.6/debian/patches/series/19lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/19lenny2 Wed Oct 28 03:37:26 2009 (r14471)
+++ dists/lenny-security/linux-2.6/debian/patches/series/19lenny2 Wed Oct 28 03:45:24 2009 (r14472)
@@ -1 +1,2 @@
+ bugfix/all/tc-fix-pad-leak.patch
++ bugfix/all/random-make-get_random_int-more-random.patch
More information about the Kernel-svn-changes
mailing list