Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp6127875iog; Thu, 23 Jun 2022 11:57:01 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vFEJV39dDgbXt3zy5s6vgCLphAZZfpyIOWzjeDz18gT6qkPKjtphoO0gxuLmeTH71+aY6A X-Received: by 2002:a17:906:4452:b0:722:fb56:31d6 with SMTP id i18-20020a170906445200b00722fb5631d6mr7013803ejp.132.1656010621300; Thu, 23 Jun 2022 11:57:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656010621; cv=none; d=google.com; s=arc-20160816; b=PGqOnXF4h4Y8u1UjyQX5RYcdyThhmrF711M4TTs1JTlXzG917CzNYg0xe8O5Z6+lKv ptxi5MFhvIL8yImSLtWbgNjnalFJwjtwTJtlpi/AYPCcnLy8BBSp0wvoPuRUYBo5DoIe +HW19hQmKU3h1BZfbFi58exkgryyXYBw0gewk10EHw/tR70NPXK8h7JaFo+Q2mlLgBrl ARgqZW3RDmWP3EUssAV3nVinxWP2FJ+n72FcDlJNQtV6ycX2aaJNj3dNQA+6R1PGe+T/ z5GKTNFmL//98wreQtwu6B6c3e03otGD2Uj+COLwVyVDaR7oNUgVSluyLaSx2e5QA3M1 3VuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=BZT9DnRUWtGLEBkiJf6gftnEXnQJ5ecsow4odIHCyU4=; b=LcWLqyLg0SwSOLIJ+iCam6D4FMGTMRQkI5rxPjeE904+jGh4YenXwIPfpBEC0V6mhE EuufCmBx2cwW7xcXxXMwr5PmrAddV618AAJB8f3yNoq5JPRYoFmzedkLCwwE7kyFKh+q I2UczXYIXs5xZtzWyjj0KXlQzxmau8u0TuW7Je2EqusDELUidpv2hNDEGG2Qo+WUQs5a n4n9Z+1P6FYTpHxDQVWRByi58flv8ydwu2mK8f5qgVkE79WOAd/lIpq85mZrlnMVgMMl rLcXGGPrtBMaot+VgD+Wbt6xEQIs9QJ+CO+fykuYholfFlkUuPyY5esCVUTgeCi5g1Nd xBvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ijFR+uTP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ss2-20020a170907c00200b0070d8de4e431si19419814ejc.206.2022.06.23.11.56.36; Thu, 23 Jun 2022 11:57:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ijFR+uTP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235580AbiFWR4Z (ORCPT + 99 others); Thu, 23 Jun 2022 13:56:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41218 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235731AbiFWRxH (ORCPT ); Thu, 23 Jun 2022 13:53:07 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2340BAA31B; Thu, 23 Jun 2022 10:13:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 39B35B82498; Thu, 23 Jun 2022 17:13:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9EEAFC3411B; Thu, 23 Jun 2022 17:13:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1656004433; bh=I3fRTK4IrA92sUF+5xso5yMLYOqG0OEkZG3fUPLvWaU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ijFR+uTP4yX8zZSM61U/6/hyJpiS5GvcQmQct23Zbx+shX9JTmthkYPsA1XvHaTLw PZnpylflQlvVag/x8tRvT8XOUmXLPnzP+Bg7UcMm5gyzGpsTDNV1GsIV9wvNoLF70y dOEeoQxbMHY5EkhJ9vh/aWKrmfISCKZfQa3diqRk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Theodore Tso , "Jason A. Donenfeld" Subject: [PATCH 4.19 005/234] random: only read from /dev/random after its pool has received 128 bits Date: Thu, 23 Jun 2022 18:41:12 +0200 Message-Id: <20220623164343.204213336@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220623164343.042598055@linuxfoundation.org> References: <20220623164343.042598055@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Theodore Ts'o commit eb9d1bf079bb438d1a066d72337092935fc770f6 upstream. Immediately after boot, we allow reads from /dev/random before its entropy pool has been fully initialized. Fix this so that we don't allow this until the blocking pool has received 128 bits. We do this by repurposing the initialized flag in the entropy pool struct, and use the initialized flag in the blocking pool to indicate whether it is safe to pull from the blocking pool. To do this, we needed to rework when we decide to push entropy from the input pool to the blocking pool, since the initialized flag for the input pool was used for this purpose. To simplify things, we no longer use the initialized flag for that purpose, nor do we use the entropy_total field any more. Signed-off-by: Theodore Ts'o Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 44 +++++++++++++++++++++--------------------- include/trace/events/random.h | 13 ++++-------- 2 files changed, 27 insertions(+), 30 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -471,7 +471,6 @@ struct entropy_store { unsigned short add_ptr; unsigned short input_rotate; int entropy_count; - int entropy_total; unsigned int initialized:1; unsigned int last_data_init:1; __u8 last_data[EXTRACT_SIZE]; @@ -644,7 +643,7 @@ static void process_random_ready_list(vo */ static void credit_entropy_bits(struct entropy_store *r, int nbits) { - int entropy_count, orig; + int entropy_count, orig, has_initialized = 0; const int pool_size = r->poolinfo->poolfracbits; int nfrac = nbits << ENTROPY_SHIFT; @@ -699,23 +698,25 @@ retry: entropy_count = 0; } else if (entropy_count > pool_size) entropy_count = pool_size; + if ((r == &blocking_pool) && !r->initialized && + (entropy_count >> ENTROPY_SHIFT) > 128) + has_initialized = 1; if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) goto retry; - r->entropy_total += nbits; - if (!r->initialized && r->entropy_total > 128) { + if (has_initialized) r->initialized = 1; - r->entropy_total = 0; - } trace_credit_entropy_bits(r->name, nbits, - entropy_count >> ENTROPY_SHIFT, - r->entropy_total, _RET_IP_); + entropy_count >> ENTROPY_SHIFT, _RET_IP_); if (r == &input_pool) { int entropy_bits = entropy_count >> ENTROPY_SHIFT; + struct entropy_store *other = &blocking_pool; - if (crng_init < 2 && entropy_bits >= 128) { + if (crng_init < 2) { + if (entropy_bits < 128) + return; crng_reseed(&primary_crng, r); entropy_bits = r->entropy_count >> ENTROPY_SHIFT; } @@ -726,20 +727,14 @@ retry: wake_up_interruptible(&random_read_wait); kill_fasync(&fasync, SIGIO, POLL_IN); } - /* If the input pool is getting full, send some - * entropy to the blocking pool until it is 75% full. + /* If the input pool is getting full, and the blocking + * pool has room, send some entropy to the blocking + * pool. */ - if (entropy_bits > random_write_wakeup_bits && - r->initialized && - r->entropy_total >= 2*random_read_wakeup_bits) { - struct entropy_store *other = &blocking_pool; - - if (other->entropy_count <= - 3 * other->poolinfo->poolfracbits / 4) { - schedule_work(&other->push_work); - r->entropy_total = 0; - } - } + if (!work_pending(&other->push_work) && + (ENTROPY_BITS(r) > 6 * r->poolinfo->poolbytes) && + (ENTROPY_BITS(other) <= 6 * other->poolinfo->poolbytes)) + schedule_work(&other->push_work); } } @@ -1562,6 +1557,11 @@ static ssize_t extract_entropy_user(stru int large_request = (nbytes > 256); trace_extract_entropy_user(r->name, nbytes, ENTROPY_BITS(r), _RET_IP_); + if (!r->initialized && r->pull) { + xfer_secondary_pool(r, ENTROPY_BITS(r->pull)/8); + if (!r->initialized) + return 0; + } xfer_secondary_pool(r, nbytes); nbytes = account(r, nbytes, 0, 0); --- a/include/trace/events/random.h +++ b/include/trace/events/random.h @@ -62,15 +62,14 @@ DEFINE_EVENT(random__mix_pool_bytes, mix TRACE_EVENT(credit_entropy_bits, TP_PROTO(const char *pool_name, int bits, int entropy_count, - int entropy_total, unsigned long IP), + unsigned long IP), - TP_ARGS(pool_name, bits, entropy_count, entropy_total, IP), + TP_ARGS(pool_name, bits, entropy_count, IP), TP_STRUCT__entry( __field( const char *, pool_name ) __field( int, bits ) __field( int, entropy_count ) - __field( int, entropy_total ) __field(unsigned long, IP ) ), @@ -78,14 +77,12 @@ TRACE_EVENT(credit_entropy_bits, __entry->pool_name = pool_name; __entry->bits = bits; __entry->entropy_count = entropy_count; - __entry->entropy_total = entropy_total; __entry->IP = IP; ), - TP_printk("%s pool: bits %d entropy_count %d entropy_total %d " - "caller %pS", __entry->pool_name, __entry->bits, - __entry->entropy_count, __entry->entropy_total, - (void *)__entry->IP) + TP_printk("%s pool: bits %d entropy_count %d caller %pS", + __entry->pool_name, __entry->bits, + __entry->entropy_count, (void *)__entry->IP) ); TRACE_EVENT(push_to_pool,