Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp6142899iog; Thu, 23 Jun 2022 12:14:08 -0700 (PDT) X-Google-Smtp-Source: AGRyM1umW01Xzhy4wT5jxIu06hvSpdYNAITUwUXoeNPIpzta6xDhAJaZoQqwZdfr2QA0jotfoa6q X-Received: by 2002:a05:6a00:1a8b:b0:525:4148:f8c7 with SMTP id e11-20020a056a001a8b00b005254148f8c7mr12352814pfv.50.1656011647745; Thu, 23 Jun 2022 12:14:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656011647; cv=none; d=google.com; s=arc-20160816; b=hUmFK7JDp+pOTQWJZe7Z7N3lSKLhTIcO4iP4ZS1QyupMcrUucE3iUM7cdF/vxbX6M5 9lX/QNvfHi2PhW9R39TesF/5CbTVtkzHS2GDamo13eqDGhK0aHfE20eL9Uw++lFIu7x9 YfmfitkJGTi7gq0IuABhi24cjWrArCgYz16NJLwY+ynCSFCgmzRWe/G9YG/24fqePuyA k+KusY2Ztcow0A9KNaXVMfDtx78+7K7HLjWya1UzuLr4W7MLVRF3qEX7Rcm+27QgPlCB 17RHV/T8UMB7vetBSperkwyN6XB3UJ1JXen1WVJ8G0UtGdSYSmzA9zRWw3PN67vgdfIo Tb/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=YB1tcw83OyBV07EtdzFT7SEa701DPLV17i25MjKd2O4=; b=E8fVpyrn911A0B2zvIvnYKJcdaiWvyXdI2WYnyBVsGfcUnx016LUno5cY9lQVTz++c pTSSR6Uzwa6GpXRvJJgc85wPAAYQYsnAmpUuALSd4V8bsbjCVDqk+LEdWBL/W3YenDq9 kJQrjdSmHwr7KNTWJJsEPEjO9Y9TbtjhsBPaD2imtP75BN2yncD4MUVIaXAAmZJ6C6cw H+lpNb4nGVFHZocSaeJYa8douXjEnxdWSfVqI4mkeQVMeLCtb+8VrgNEvFBErmA1/Mci zniFjguYpB8K1bqByyTvtXFqAahmcv7L2gaCCNIvEPFPaDmlLj8k7YNA3+d4QuO3Shul fvSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KNn8ic4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pi4-20020a17090b1e4400b001ec8c9341basi4314947pjb.134.2022.06.23.12.13.56; Thu, 23 Jun 2022 12:14:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KNn8ic4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230111AbiFWRDq (ORCPT + 99 others); Thu, 23 Jun 2022 13:03:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232971AbiFWRAh (ORCPT ); Thu, 23 Jun 2022 13:00:37 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E70FF4F1C3; Thu, 23 Jun 2022 09:54:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D4CE361F8D; Thu, 23 Jun 2022 16:54:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD217C341CC; Thu, 23 Jun 2022 16:54:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1656003248; bh=zKzsyeV+YUgO1OfzDfPItn2viW+5rIZVKooAhYmAh70=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KNn8ic4rR/0EC0IrRAUx1DKDsToLJnIVcVJqhfclvnmpg8TmjXij3h0b3AlBE3P4R Q8tfpUNtijbCJWrVlcVcbFQxRGKpS3XqGz6D7ckh1Kj013jxzYzSuUQlsCYHyECxHI KSM68q9wMI+ADxkHFk93aRFGt6ZQA6QBKalnCLPU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jan Varho , "Jason A. Donenfeld" Subject: [PATCH 4.9 170/264] random: do not split fast init input in add_hwgenerator_randomness() Date: Thu, 23 Jun 2022 18:42:43 +0200 Message-Id: <20220623164348.874095017@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220623164344.053938039@linuxfoundation.org> References: <20220623164344.053938039@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jan Varho commit 527a9867af29ff89f278d037db704e0ed50fb666 upstream. add_hwgenerator_randomness() tries to only use the required amount of input for fast init, but credits all the entropy, rather than a fraction of it. Since it's hard to determine how much entropy is left over out of a non-unformly random sample, either give it all to fast init or credit it, but don't attempt to do both. In the process, we can clean up the injection code to no longer need to return a value. Signed-off-by: Jan Varho [Jason: expanded commit message] Fixes: 73c7733f122e ("random: do not throw away excess input to crng_fast_load") Cc: stable@vger.kernel.org # 5.17+, requires af704c856e88 Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -438,11 +438,8 @@ static void crng_make_state(u32 chacha_s * This shouldn't be set by functions like add_device_randomness(), * where we can't trust the buffer passed to it is guaranteed to be * unpredictable (so it might not have any entropy at all). - * - * Returns the number of bytes processed from input, which is bounded - * by CRNG_INIT_CNT_THRESH if account is true. */ -static size_t crng_pre_init_inject(const void *input, size_t len, bool account) +static void crng_pre_init_inject(const void *input, size_t len, bool account) { static int crng_init_cnt = 0; struct blake2s_state hash; @@ -453,18 +450,15 @@ static size_t crng_pre_init_inject(const spin_lock_irqsave(&base_crng.lock, flags); if (crng_init != 0) { spin_unlock_irqrestore(&base_crng.lock, flags); - return 0; + return; } - if (account) - len = min_t(size_t, len, CRNG_INIT_CNT_THRESH - crng_init_cnt); - blake2s_update(&hash, base_crng.key, sizeof(base_crng.key)); blake2s_update(&hash, input, len); blake2s_final(&hash, base_crng.key); if (account) { - crng_init_cnt += len; + crng_init_cnt += min_t(size_t, len, CRNG_INIT_CNT_THRESH - crng_init_cnt); if (crng_init_cnt >= CRNG_INIT_CNT_THRESH) { ++base_crng.generation; crng_init = 1; @@ -475,8 +469,6 @@ static size_t crng_pre_init_inject(const if (crng_init == 1) pr_notice("fast init done\n"); - - return len; } static void _get_random_bytes(void *buf, size_t nbytes) @@ -1134,12 +1126,9 @@ void add_hwgenerator_randomness(const vo size_t entropy) { if (unlikely(crng_init == 0 && entropy < POOL_MIN_BITS)) { - size_t ret = crng_pre_init_inject(buffer, count, true); - mix_pool_bytes(buffer, ret); - count -= ret; - buffer += ret; - if (!count || crng_init == 0) - return; + crng_pre_init_inject(buffer, count, true); + mix_pool_bytes(buffer, count); + return; } /*