Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2435092ioo; Sat, 28 May 2022 13:35:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJySNEYei3vq0G0y5MfdVSrmz/Fv2j5nQhbHlpVi8TbtstgwVntKKsv+L9dHxGZVpSEAClA3 X-Received: by 2002:a17:903:189:b0:163:6c22:8c9b with SMTP id z9-20020a170903018900b001636c228c9bmr16882247plg.95.1653770111735; Sat, 28 May 2022 13:35:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653770111; cv=none; d=google.com; s=arc-20160816; b=TY0ORnaSwxL4ILn96hAF2UPjmaLzEdqOdZEEqEAVawZQT6Tu4gtA3byEWEkAKIaa4e anWHgoUe3Ib37n0hKfleCs1VgVn4JdAt+lLij085NnoLRF/SwdvoACbzNblBC+N22UhR mKGeZtXPkeMdRpIugRdJULuowrvZ4zonyNOx6SMvNu6JtcxNWoa5CxunSvHLHN99WGSO qfBWiZA3Iz7yT//+m4VqhmzrLxax+R9MGSePN45uG/pghFVtC3RGzij3Z3IrKa7z+DAN vrGPkNWqo6JkobkTnl4cRv05SviVER53OQ43w0givl1gLIrwGgeJEQtef2N2BGrrCBmA syBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AkGKbJvQqJLtVe9Oi3QjmJLbyeq2E+k404/MOo+6sc4=; b=bT6ocrGx1YubHNG8opzSb3roGJ8x7EsbViHIBNpu309wMd++0d2lYVY7zA7M6LvLsf uLyoyKzP56I2I6LOVwGtoJGmbeETfkQ0U4Zzorxx3PJBrZs8rKCA849xyAfLrfGOLib4 nVN8ugx+OMXRgVWqsLXeSigl9zv4eSy4oOYetDbEI1IPo2xboEVq/hmEYgSlIqZrr1wC qHRCSneYxNHfGMJULqHYL0ojReXLusfsFndcAaBN8D0AHu9/XJEp0C6FPOUSWBMLypss A8lP/+Q+7Kg3s9ulkBo+N0J/3d6YXqSAojWTwu+nw+BnrGspiFAWgzjgvDduQX91ePtB H08g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=0E4lgKzP; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id h7-20020a636c07000000b003fbb432d3c1si6161245pgc.449.2022.05.28.13.35.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 May 2022 13:35:11 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=0E4lgKzP; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8DF145AA40; Sat, 28 May 2022 12:36:30 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350188AbiE0JDN (ORCPT + 99 others); Fri, 27 May 2022 05:03:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350518AbiE0JAD (ORCPT ); Fri, 27 May 2022 05:00:03 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 942F910274F; Fri, 27 May 2022 01:56:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D5D56B823D9; Fri, 27 May 2022 08:56:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EEB60C34100; Fri, 27 May 2022 08:56:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1653641763; bh=IRIB/nfddzpYszgOCi6TNfrnOf4M5Ta9hww7v3gomiQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0E4lgKzPGYrm4UkdSJEov2Dqdp2ww1OATHWGkcejLmZgi9mz0UE9nviL4SLxNvFvM IjxxDBLqnIhwnNBh1JliDO/Zn3Lmwwe8q3lEc9a5wum95/Je4LVq5FWDonGNub/B2+ 9+6yG35LkExw2M4crroccHfq17V0XtF6dNE6T1/E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Theodore Tso , Dominik Brodowski , Eric Biggers , "Jason A. Donenfeld" Subject: [PATCH 5.17 016/111] random: absorb fast pool into input pool after fast load Date: Fri, 27 May 2022 10:48:48 +0200 Message-Id: <20220527084821.509701521@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220527084819.133490171@linuxfoundation.org> References: <20220527084819.133490171@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Jason A. Donenfeld" commit c30c575db4858f0bbe5e315ff2e529c782f33a1f upstream. During crng_init == 0, we never credit entropy in add_interrupt_ randomness(), but instead dump it directly into the primary_crng. That's fine, except for the fact that we then wind up throwing away that entropy later when we switch to extracting from the input pool and xoring into (and later in this series overwriting) the primary_crng key. The two other early init sites -- add_hwgenerator_randomness()'s use crng_fast_load() and add_device_ randomness()'s use of crng_slow_load() -- always additionally give their inputs to the input pool. But not add_interrupt_randomness(). This commit fixes that shortcoming by calling mix_pool_bytes() after crng_fast_load() in add_interrupt_randomness(). That's partially verboten on PREEMPT_RT, where it implies taking spinlock_t from an IRQ handler. But this also only happens during early boot and then never again after that. Plus it's a trylock so it has the same considerations as calling crng_fast_load(), which we're already using. Cc: Theodore Ts'o Reviewed-by: Dominik Brodowski Reviewed-by: Eric Biggers Suggested-by: Eric Biggers Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -850,6 +850,10 @@ void add_interrupt_randomness(int irq) crng_fast_load((u8 *)fast_pool->pool, sizeof(fast_pool->pool)) > 0) { fast_pool->count = 0; fast_pool->last = now; + if (spin_trylock(&input_pool.lock)) { + _mix_pool_bytes(&fast_pool->pool, sizeof(fast_pool->pool)); + spin_unlock(&input_pool.lock); + } } return; }