Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2952411pxk; Mon, 21 Sep 2020 01:03:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyWxapGzHd3LM7Hu+K25s6tta91PjsQmaEXILolNi36qeMVNfr+8cYiU9LnB576g2OAPMai X-Received: by 2002:a17:906:16da:: with SMTP id t26mr47645757ejd.172.1600675424623; Mon, 21 Sep 2020 01:03:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600675424; cv=none; d=google.com; s=arc-20160816; b=hWSXj1bS3u2HPz5Ui5JLAb/kVv/NFuuSTFeHC0+B4VaOXTfezWVyebcPwunRAs6qFo LZNg3UUfFof3yu4ha3EjR5DtBLjtj1tlBE18OMcitU9QCxxXU7vx5dqz7cAPmUyXhqPp lZA4iml0pdl1TnIqtLeAR10tOTu0LFCmBxRNPg/rdGAJDJj5+mZGRp5ILbNIKWOQMpM/ MTvAYGX5K295Apv1TLaUiYoqueUSkn0BzckcQ/HVnHbteFSMkowdC0F8L0r17amrPenz gmzv6N04AFi6Clgguor9471iPy69tWpTPUhqsKaCbibiyHu0gycMjqiXe4LBwZqmEArd FQsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=HLGnQRhc6XOSyf3QjBr42s+dY10LhUcaNZsj+PBU6Fg=; b=PCzq/4E64Uow1wtgNOZEBX5yR0icEMYDTxYdbm9bEKE6HKaE8t6eW9ZRcK7wLseoGd 06s/WeO+bPNnEoHBBnfs9y7fccu+bhbAEjZwgtBO4tCpkOD1fATQEbTCt15TxTWdIi5J 9Wjhax2NfQc1XPiHHZP1/f1Ny5l8tfLrPJK5IxikzoyM35mHYVhF+iZ3wbxtxwzDI/8A wVZc4OHGfEt2E8PNoY0brFPuQ85ngInZWAGCgM+knNzdN9PoSiNmLlPCr3YbvF/17Zg/ 5iazmSQRbMA1/SKq1fP0KHA3kIQ2bNGCzWa6r3dk/QQcc97bGRNiqrSLowSPFZcEyJcG sT/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ga5si9442188ejb.547.2020.09.21.01.03.21; Mon, 21 Sep 2020 01:03:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726853AbgIUIBf (ORCPT + 99 others); Mon, 21 Sep 2020 04:01:35 -0400 Received: from mx2.suse.de ([195.135.220.15]:56798 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726581AbgIUH7j (ORCPT ); Mon, 21 Sep 2020 03:59:39 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 60A82B535; Mon, 21 Sep 2020 08:00:12 +0000 (UTC) From: Nicolai Stange To: "Theodore Y. Ts'o" Cc: linux-crypto@vger.kernel.org, LKML , Arnd Bergmann , Greg Kroah-Hartman , "Eric W. Biederman" , "Alexander E. Patrakov" , "Ahmed S. Darwish" , Willy Tarreau , Matthew Garrett , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , Andy Lutomirski , Florian Weimer , Lennart Poettering , Peter Matthias , Marcelo Henrique Cerri , Roman Drahtmueller , Neil Horman , Randy Dunlap , Julia Lawall , Dan Carpenter , Andy Lavr , Eric Biggers , "Jason A. Donenfeld" , =?UTF-8?q?Stephan=20M=C3=BCller?= , Torsten Duwe , Petr Tesarik , Nicolai Stange Subject: [RFC PATCH 40/41] random: trigger startup health test on any failure of the health tests Date: Mon, 21 Sep 2020 09:58:56 +0200 Message-Id: <20200921075857.4424-41-nstange@suse.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200921075857.4424-1-nstange@suse.de> References: <20200921075857.4424-1-nstange@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The startup health tests to be executed at boot as required by NIST 800-90B consist of running the contiuous health tests, i.e. the Adaptive Proportion Test (APT) and the Repetition Count Test (RCT), until a certain amount of noise samples have been examined. In case of test failure during this period, the startup tests would get restarted by means of reinitializing the fast_pool's ->warmup member with the original number of total samples to examine during startup. A future patch will enable dynamically switching from the initial H=1 or 1/8 per-IRQ min-entropy estimates to lower values upon health test failures in order to keep those systems going where these more or less arbitrary per-IRQ entropy estimates turn out to simply be wrong. It is certainly desirable to restart the startup health tests upon such a switch. In order to keep the upcoming code comprehensible, move the startup test restart logic from health_test_process() into add_interrupt_randomness(). For simplicity, make add_interrupt_randomness() trigger a startup test on each health test failure. Note that there's a change in behaviour: up to now, only the bootime startup tests would have restarted themselves upon failure, whereas now even a failure of the continuous health tests can potentially trigger a startup test long after boot. Note that as it currently stands, rerunning the full startup tests after the crng has received its initial seed has the only effect to inhibit entropy dispatch for a while and thus, to potentially delay those best effort crng reseeds during runtime. As reseeds never reduce a crng state's entropy, this behaviour is admittedly questionable. However, further patches introducing forced reseeds might perhaps become necessary in the future, c.f. the specification of "reseed_interval" in NIST SP800-90A. Thus, it's better to keep the startup health test restart logic consistent for now. Signed-off-by: Nicolai Stange --- drivers/char/random.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 86dd87588b1b..bb79dcb96882 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1098,8 +1098,6 @@ health_test_process(struct health_test *h, unsigned int event_entropy_shift, * Something is really off, get_cycles() has become * (or always been) a constant. */ - if (h->warmup) - health_test_reset(h, event_entropy_shift); return health_discard; } @@ -1110,8 +1108,6 @@ health_test_process(struct health_test *h, unsigned int event_entropy_shift, */ apt = health_test_apt(h, event_entropy_shift, sample_delta); if (unlikely(h->warmup) && --h->warmup) { - if (apt == health_discard) - health_test_reset(h, event_entropy_shift); /* * Don't allow the caller to dispatch until warmup * has completed. @@ -1928,6 +1924,14 @@ void add_interrupt_randomness(int irq, int irq_flags) health_test_process(&fast_pool->health, fast_pool->event_entropy_shift, cycles); + if (unlikely(health_result == health_discard)) { + /* + * Oops, something's odd. Restart the startup + * tests. + */ + health_test_reset(&fast_pool->health, + fast_pool->event_entropy_shift); + } } if (unlikely(crng_init == 0)) { -- 2.26.2