This buffer may contain entropic data that shouldn't stick around longer
than needed, zero it out our temporary buffer at the end of
write_pool().

Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 drivers/char/random.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 81cfbbf5f462..9c7a0297a7d4 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1357,19 +1357,24 @@ static __poll_t random_poll(struct file *file, poll_table *wait)
 static int write_pool(const char __user *ubuf, size_t count)
 {
 	size_t len;
+	int ret = 0;
 	u8 block[BLAKE2S_BLOCK_SIZE];
 
 	while (count) {
 		len = min(count, sizeof(block));
-		if (copy_from_user(block, ubuf, len))
-			return -EFAULT;
+		if (copy_from_user(block, ubuf, len)) {
+			ret = -EFAULT;
+			goto out;
+		}
 		count -= len;
 		ubuf += len;
 		mix_pool_bytes(block, len);
 		cond_resched();
 	}
 
-	return 0;
+out:
+	memzero_explicit(block, sizeof(block));
+	return ret;
 }
 
 static ssize_t random_write(struct file *file, const char __user *buffer,
-- 
2.35.0

On Wed, Feb 09, 2022 at 06:44:56PM +0100, Jason A. Donenfeld wrote:
> This buffer may contain entropic data that shouldn't stick around longer
> than needed, zero it out our temporary buffer at the end of
> write_pool().
> 
> Cc: Dominik Brodowski <linux@dominikbrodowski.net>
> Cc: Jann Horn <jannh@google.com>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
> ---
>  drivers/char/random.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 

Reviewed-by: Eric Biggers <ebiggers@google.com>

- Eric