Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp964736iob; Fri, 13 May 2022 17:56:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy7Bd5rlhvbr2FiNxkLrNoCGjMKnp69sNWej+pX1ZP9k8Ci8qSgGXESJMX2E0K5Ej2a4Au6 X-Received: by 2002:a5d:424e:0:b0:20c:f8e4:6b38 with SMTP id s14-20020a5d424e000000b0020cf8e46b38mr695625wrr.579.1652489796584; Fri, 13 May 2022 17:56:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652489796; cv=none; d=google.com; s=arc-20160816; b=DCt01APmd+RwoOnu/u/B2uR6wOKlHLDcrOLthBkJiw7PxTbaIoc3qvlsDJpySo5Htx FW64h78uJ7dGg0gGHqhv49uMia0HCZ57O0lrcdYjwumsdRrdSX84YBHGV21+c7WaUlJG vyC+QIFl0t4nJgjT+Kkx0wAnM1zOis+POnurlOQRO08yW2g/3yjC+MWHbx+qNHZxRMhR xkg1U1IPhRvoJYWix9zNgW5AhZ3+5lJbeVweyrjvctuI9+01U+IaWMeZsoOQ1ADQOr+b lrV8/nf7hjdVNdmktzbeGuZUUQcrBzhq6GKIz2arEmCk1aQKjIhPsLh9Sn3GhCgFxZPW uGzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=SlvgHIrAw0FOIzB5cN01dt7F11/64somDCphlLj8D/I=; b=YiO7B3pWvQqfzdbaV6tnKC4x/QuWHTuXKEAckFyRAi8PQgWIPvrtK4w7J9MVSos2mk TQIbLf9i26oKkCZ4FYpF1HG8VFf3pk67UhEAzCK5hWwc7ENxAZpu6WkaoQr836pyGZIb chA1rRHtcNrgWLct5ZtLmKBuKJpp7a31uuIw8lrwn7vHpIrOpWuc7jsIWIQmY0YkStxb o+4yPipS3Se035VzcH4dhF5QGwP7qmGnxu+DKCeLJYabfBNzVZSKIu7ldfcHXkCfnK3F hSunXP38IQaCRYCfWVzID2oGZ9aFsF5tYrqwI/SHyx/kbdijUPbuofzLTsGpAU+GFF8V bryQ== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id d13-20020a05600c34cd00b0039447ab4d17si3863003wmq.52.2022.05.13.17.56.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:56:36 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 86D11355846; Fri, 13 May 2022 16:31:56 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377365AbiEMG0n (ORCPT + 99 others); Fri, 13 May 2022 02:26:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35234 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377307AbiEMG0Y (ORCPT ); Fri, 13 May 2022 02:26:24 -0400 Received: from isilmar-4.linta.de (isilmar-4.linta.de [136.243.71.142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BC322A711; Thu, 12 May 2022 23:26:21 -0700 (PDT) X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id E5D2B2013F8; Fri, 13 May 2022 06:26:05 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id D23B680A2A; Fri, 13 May 2022 08:25:12 +0200 (CEST) Date: Fri, 13 May 2022 08:25:12 +0200 From: Dominik Brodowski To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, Theodore Ts'o Subject: Re: [PATCH] random: mix in timestamps and reseed on system restore Message-ID: References: <20220501123849.3858-1-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220501123849.3858-1-Jason@zx2c4.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Sun, May 01, 2022 at 02:38:49PM +0200 schrieb Jason A. Donenfeld: > Since the RNG loses freshness system suspend/hibernation, when we > resume, immediately reseed using whatever data we can, which for this > particular case is the various timestamps regarding system suspend time, > in addition to more generally the RDSEED/RDRAND/RDTSC values that happen > whenever the crng reseeds. > > On systems that suspend and resume automatically all the time -- such as > Android -- we skip the reseeding on suspend resumption, since that could > wind up being far too busy. This is the same trade-off made in > WireGuard. > > In addition to reseeding upon resumption always mix into the pool these > various stamps on every power notification event. > > Cc: Theodore Ts'o > Signed-off-by: Jason A. Donenfeld > --- > drivers/char/random.c | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/drivers/char/random.c b/drivers/char/random.c > index 0935a140795e..48eac27214ea 100644 > --- a/drivers/char/random.c > +++ b/drivers/char/random.c > @@ -53,6 +53,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -966,6 +967,37 @@ static int __init parse_trust_bootloader(char *arg) > early_param("random.trust_cpu", parse_trust_cpu); > early_param("random.trust_bootloader", parse_trust_bootloader); > > +static int random_pm_notification(struct notifier_block *nb, unsigned long action, void *data) > +{ > + unsigned long flags, entropy = random_get_entropy(); > + > + /* > + * Encode a representation of how long the system has been suspended, > + * in a way that is distinct from prior system suspends. > + */ > + ktime_t stamps[] = { > + ktime_get(), > + ktime_get_boottime(), > + ktime_get_real() > + }; > + > + spin_lock_irqsave(&input_pool.lock, flags); > + _mix_pool_bytes(&action, sizeof(action)); > + _mix_pool_bytes(stamps, sizeof(stamps)); > + _mix_pool_bytes(&entropy, sizeof(entropy)); > + spin_unlock_irqrestore(&input_pool.lock, flags); > + > + if (action == PM_RESTORE_PREPARE || > + (action == PM_POST_SUSPEND && > + !IS_ENABLED(CONFIG_PM_AUTOSLEEP) && !IS_ENABLED(CONFIG_ANDROID))) { > + crng_reseed(true); > + pr_notice("crng reseeded on system resumption\n"); > + } > + return 0; > +} Should this also wake up any thread waiting in add_hwgenerator_randomness() / "use" the input already in store there? Thanks, Dominik