Date: Wed, 30 Dec 1998 20:55:14 -0500 (EST) From: Steven Ji <sdjames@research.poc.net> To: freebsd-bugs@FreeBSD.ORG Subject: signal handling in urandom can cause lockup Message-ID: <Pine.BSF.4.05.9812302053180.17259-100000@ouch.Oof.NET>
next in thread | raw e-mail | index | archive | help
dd if=/dev/urandom of=/dev/null bs=100000k count=20000
I just tried this on -stable (12/2/98), and the machine seemed to
completely lock up.
Box is a P6@200MHz x 2.
---------- Forwarded message ----------
Date: Sun, 27 Dec 1998 20:40:32 +0100
From: Andrea Arcangeli <andrea@E-MIND.COM>
To: BUGTRAQ@netspace.org
Subject: [patch] fix for urandom read(2) not interruptible
After having read phrak54 about Linux /dev/u?random (and this is the reason
I am CCing also to bugtraq ;), I was playing a bit
with the random driver it and I noticed that was difficult to kill `dd
if=/dev/urandom of=/dev/null bs=100000k count=20000' once started ;)). The
machine was eavily loaded and the process was unkillable and I the fastest
thing to restore the system is been a reset...
It's a bug in random.c that doesn' t check for signal pending inside the
read(2) code, so you have no chance to kill the process via signals until
the read(2) syscall is finished, and it could take a lot of time before
return, if the buffer given to the read syscall is very big...
Here the fix against 2.1.132:
Index: linux/drivers/char/random.c
diff -u linux/drivers/char/random.c:1.1.1.1 linux/drivers/char/random.c:1.1.1.1.2.3
--- linux/drivers/char/random.c:1.1.1.1 Fri Nov 20 00:02:25 1998
+++ linux/drivers/char/random.c Sun Dec 27 20:19:16 1998
@@ -232,6 +232,11 @@
* Eastlake, Steve Crocker, and Jeff Schiller.
*/
+/*
+ * Added a check for signal pending in the extract_entropy() loop to allow
+ * the read(2) syscall to be interrupted. Copyright (C) 1998 Andrea Arcangeli
+ */
+
#include <linux/utsname.h>
#include <linux/config.h>
#include <linux/kernel.h>
@@ -1269,7 +1274,14 @@
buf += i;
add_timer_randomness(r, &extract_timer_state, nbytes);
if (to_user && current->need_resched)
+ {
+ if (signal_pending(current))
+ {
+ ret = -EINTR;
+ break;
+ }
schedule();
+ }
}
/* Wipe data just returned from memory */
And here a fix against 2.0.36:
--- linux/drivers/char/random.c.orig Sun Dec 27 20:22:53 1998
+++ linux/drivers/char/random.c Sun Dec 27 20:24:17 1998
@@ -226,6 +226,11 @@
* Eastlake, Steve Crocker, and Jeff Schiller.
*/
+/*
+ * Added a check for signal pending in the extract_entropy() loop to allow
+ * the read(2) syscall to be interrupted. Copyright (C) 1998 Andrea Arcangeli
+ */
+
#include <linux/config.h> /* CONFIG_RST_COOKIES and CONFIG_SYN_COOKIES */
#include <linux/utsname.h>
#include <linux/kernel.h>
@@ -1004,7 +1009,14 @@
buf += i;
add_timer_randomness(r, &extract_timer_state, nbytes);
if (to_user && need_resched)
+ {
+ if (signal_pending(current))
+ {
+ ret = -EINTR;
+ break;
+ }
schedule();
+ }
}
/* Wipe data from memory */
Andrea Arcangeli
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9812302053180.17259-100000>