1. Patchew
  2. linux
  3. [PATCH v2 0/4] add usage hints to prandom and switch to Xoshiro
  4. View patch

[PATCH v2 3/4] prandom/random32: add checks against invalid state

Markus Theil posted 4 patches 3 months ago
[PATCH v2 3/4] prandom/random32: add checks against invalid state
Posted by Markus Theil 3 months ago 
Xoshiro256++ will not work in the very unlikely case,
that it is used with an all zeroes state. Add checks against
this in all necessary places.

Signed-off-by: Markus Theil <theil.markus@gmail.com>
---
 lib/random32.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/lib/random32.c b/lib/random32.c
index 64fccfd64717..c01b763a7d40 100644
--- a/lib/random32.c
+++ b/lib/random32.c
@@ -26,6 +26,8 @@
 #include <linux/slab.h>
 #include <linux/unaligned.h>
 
+#define IS_ALL_ZERO_STATE(state) (!state->s[0] && !state->s[1] && !state->s[2] && !state->s[3])
+
 /**
  *	prandom_u64_state - seeded pseudo-random number generator.
  *	@state: pointer to state structure holding seeded state.
@@ -40,6 +42,9 @@ u64 prandom_u64_state(struct rnd_state *state)
 	const u64 result = rol64(state->s[0] + state->s[3], 23) + state->s[0];
 	const u64 t = state->s[1] << 17;
 
+	/* defensive check, as this fn returns always zero otherwise */
+	BUG_ON(IS_ALL_ZERO_STATE(state));
+
 	state->s[2] ^= state->s[0];
 	state->s[3] ^= state->s[1];
 	state->s[1] ^= state->s[2];
@@ -108,6 +113,12 @@ EXPORT_SYMBOL(prandom_bytes_state);
  *
  * splitmix64 init as suggested for xoshiro256++
  * See: https://prng.di.unimi.it/splitmix64.c
+ *
+ * Seeding with this routine cannot result in an
+ * all zeroes state due to the addition operation
+ * with the fixed constant 0x9e3779b97f4a7c15!
+ * Nevertheless check early for such a state
+ * as a defensive mechanism.
  */
 void prandom_seed_state(struct rnd_state *state, u64 seed)
 {
@@ -120,6 +131,9 @@ void prandom_seed_state(struct rnd_state *state, u64 seed)
 		z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
 		state->s[i] = z ^ (z >> 31);
 	}
+
+	/* shall never happen */
+	BUG_ON(IS_ALL_ZERO_STATE(state));
 }
 EXPORT_SYMBOL(prandom_seed_state);
 
@@ -133,7 +147,16 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state)
 
 	for_each_possible_cpu(i) {
 		struct rnd_state *state = per_cpu_ptr(pcpu_state, i);
-		get_random_bytes(&state->s, sizeof(state->s));
+		memset(state, 0, sizeof(struct rnd_state));
+		/*
+		 * Internal state MUST not be all zeroes. Check and repeat if necessary.
+		 *
+		 * Highly unlikely, that we ever need more than one round. Just defensive
+		 * coding, as this could happen in theory.
+		 */
+		while (IS_ALL_ZERO_STATE(state)) {
+			get_random_bytes(&state->s, sizeof(state->s));
+		}
 	}
 }
 EXPORT_SYMBOL(prandom_seed_full_state);
-- 
2.49.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.