The LRNG sysctl interface provides the same controls as the existing
/dev/random implementation. These sysctls behave identically and are
implemented identically. The goal is to allow a possible merge of the
existing /dev/random implementation with this implementation which
implies that this patch tries have a very close similarity. Yet, all
sysctls are documented at [1].
In addition, it provides the file lrng_type which provides details about
the LRNG:
- the name of the DRNG that produces the random numbers for /dev/random,
/dev/urandom, getrandom(2)
- the hash used to produce random numbers from the entropy pool
- the number of secondary DRNG instances
- indicator whether the LRNG operates SP800-90B compliant
- indicator whether a high-resolution timer is identified - only with a
high-resolution timer the interrupt noise source will deliver sufficient
entropy
- indicator whether the LRNG has been minimally seeded (i.e. is the
secondary DRNG seeded with at least 128 bits of of entropy)
- indicator whether the LRNG has been fully seeded (i.e. is the
secondary DRNG seeded with at least 256 bits of entropy)
[1] https://www.chronox.de/lrng.html
CC: "Eric W. Biederman" <[email protected]>
CC: "Alexander E. Patrakov" <[email protected]>
CC: "Ahmed S. Darwish" <[email protected]>
CC: "Theodore Y. Ts'o" <[email protected]>
CC: Willy Tarreau <[email protected]>
CC: Matthew Garrett <[email protected]>
CC: Vito Caputo <[email protected]>
CC: Andreas Dilger <[email protected]>
CC: Jan Kara <[email protected]>
CC: Ray Strode <[email protected]>
CC: William Jon McCann <[email protected]>
CC: zhangjs <[email protected]>
CC: Andy Lutomirski <[email protected]>
CC: Florian Weimer <[email protected]>
CC: Lennart Poettering <[email protected]>
CC: Nicolai Stange <[email protected]>
Reviewed-by: Marcelo Henrique Cerri <[email protected]>
Reviewed-by: Roman Drahtmueller <[email protected]>
Tested-by: Roman Drahtm?ller <[email protected]>
Tested-by: Marcelo Henrique Cerri <[email protected]>
Tested-by: Neil Horman <[email protected]>
Signed-off-by: Stephan Mueller <[email protected]>
---
drivers/char/lrng/Makefile | 1 +
drivers/char/lrng/lrng_interfaces.c | 1 -
drivers/char/lrng/lrng_internal.h | 4 +
drivers/char/lrng/lrng_proc.c | 163 ++++++++++++++++++++++++++++
4 files changed, 168 insertions(+), 1 deletion(-)
create mode 100644 drivers/char/lrng/lrng_proc.c
diff --git a/drivers/char/lrng/Makefile b/drivers/char/lrng/Makefile
index 0a32f22c2c1a..e69c176f0161 100644
--- a/drivers/char/lrng/Makefile
+++ b/drivers/char/lrng/Makefile
@@ -9,3 +9,4 @@ obj-y += lrng_pool.o lrng_aux.o \
lrng_interfaces.o \
obj-$(CONFIG_NUMA) += lrng_numa.o
+obj-$(CONFIG_SYSCTL) += lrng_proc.o
diff --git a/drivers/char/lrng/lrng_interfaces.c b/drivers/char/lrng/lrng_interfaces.c
index d9c68679136d..95ee99c82592 100644
--- a/drivers/char/lrng/lrng_interfaces.c
+++ b/drivers/char/lrng/lrng_interfaces.c
@@ -35,7 +35,6 @@ static DECLARE_WAIT_QUEUE_HEAD(lrng_write_wait);
static DECLARE_WAIT_QUEUE_HEAD(lrng_init_wait);
static struct fasync_struct *fasync;
-struct ctl_table random_table[];
/********************************** Helper ***********************************/
/* Is the DRNG seed level too low? */
diff --git a/drivers/char/lrng/lrng_internal.h b/drivers/char/lrng/lrng_internal.h
index 5587be09f495..8aea41a2f43f 100644
--- a/drivers/char/lrng/lrng_internal.h
+++ b/drivers/char/lrng/lrng_internal.h
@@ -117,7 +117,11 @@ void lrng_cc20_init_state_boot(struct chacha20_state *state);
/********************************** /proc *************************************/
+#ifdef CONFIG_SYSCTL
+void lrng_pool_inc_numa_node(void);
+#else
static inline void lrng_pool_inc_numa_node(void) { }
+#endif
/****************************** LRNG interfaces *******************************/
diff --git a/drivers/char/lrng/lrng_proc.c b/drivers/char/lrng/lrng_proc.c
new file mode 100644
index 000000000000..c569a269b07a
--- /dev/null
+++ b/drivers/char/lrng/lrng_proc.c
@@ -0,0 +1,163 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
+/*
+ * LRNG proc and sysctl interfaces
+ *
+ * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]>
+ */
+
+#include <linux/lrng.h>
+#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
+#include <linux/sysctl.h>
+#include <linux/uuid.h>
+
+#include "lrng_internal.h"
+
+/*
+ * This function is used to return both the bootid UUID, and random
+ * UUID. The difference is in whether table->data is NULL; if it is,
+ * then a new UUID is generated and returned to the user.
+ *
+ * If the user accesses this via the proc interface, the UUID will be
+ * returned as an ASCII string in the standard UUID format; if via the
+ * sysctl system call, as 16 bytes of binary data.
+ */
+static int lrng_proc_do_uuid(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+ struct ctl_table fake_table;
+ unsigned char buf[64], tmp_uuid[16], *uuid;
+
+ uuid = table->data;
+ if (!uuid) {
+ uuid = tmp_uuid;
+ generate_random_uuid(uuid);
+ } else {
+ static DEFINE_SPINLOCK(bootid_spinlock);
+
+ spin_lock(&bootid_spinlock);
+ if (!uuid[8])
+ generate_random_uuid(uuid);
+ spin_unlock(&bootid_spinlock);
+ }
+
+ sprintf(buf, "%pU", uuid);
+
+ fake_table.data = buf;
+ fake_table.maxlen = sizeof(buf);
+
+ return proc_dostring(&fake_table, write, buffer, lenp, ppos);
+}
+
+static int lrng_proc_do_entropy(struct ctl_table *table, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+{
+ struct ctl_table fake_table;
+ int entropy_count;
+
+ entropy_count = lrng_avail_entropy();
+
+ fake_table.data = &entropy_count;
+ fake_table.maxlen = sizeof(entropy_count);
+
+ return proc_dointvec(&fake_table, write, buffer, lenp, ppos);
+}
+
+static int lrng_sysctl_poolsize = LRNG_POOL_SIZE_BITS;
+static int lrng_min_write_thresh;
+static int lrng_max_write_thresh = LRNG_POOL_SIZE_BITS;
+static char lrng_sysctl_bootid[16];
+static int lrng_drng_reseed_max_min;
+
+struct ctl_table random_table[] = {
+ {
+ .procname = "poolsize",
+ .data = &lrng_sysctl_poolsize,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "entropy_avail",
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = lrng_proc_do_entropy,
+ },
+ {
+ .procname = "write_wakeup_threshold",
+ .data = &lrng_write_wakeup_bits,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = &lrng_min_write_thresh,
+ .extra2 = &lrng_max_write_thresh,
+ },
+ {
+ .procname = "boot_id",
+ .data = &lrng_sysctl_bootid,
+ .maxlen = 16,
+ .mode = 0444,
+ .proc_handler = lrng_proc_do_uuid,
+ },
+ {
+ .procname = "uuid",
+ .maxlen = 16,
+ .mode = 0444,
+ .proc_handler = lrng_proc_do_uuid,
+ },
+ {
+ .procname = "urandom_min_reseed_secs",
+ .data = &lrng_drng_reseed_max_time,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ .extra1 = &lrng_drng_reseed_max_min,
+ },
+ { }
+};
+
+/* Number of online DRNGs */
+static u32 numa_drngs = 1;
+
+void lrng_pool_inc_numa_node(void)
+{
+ numa_drngs++;
+}
+
+static int lrng_proc_type_show(struct seq_file *m, void *v)
+{
+ struct lrng_drng *lrng_drng_init = lrng_drng_init_instance();
+ unsigned long flags = 0;
+ unsigned char buf[300];
+
+ lrng_drng_lock(lrng_drng_init, &flags);
+ snprintf(buf, sizeof(buf),
+ "DRNG name: %s\n"
+ "Hash for reading entropy pool: %s\n"
+ "DRNG security strength: %d bits\n"
+ "number of DRNG instances: %u\n"
+ "SP800-90B compliance: %s\n"
+ "High-resolution timer: %s\n"
+ "LRNG minimally seeded: %s\n"
+ "LRNG fully seeded: %s\n",
+ lrng_drng_init->crypto_cb->lrng_drng_name(),
+ lrng_drng_init->crypto_cb->lrng_hash_name(),
+ LRNG_DRNG_SECURITY_STRENGTH_BITS, numa_drngs,
+ lrng_sp80090b_compliant() ? "true" : "false",
+ lrng_pool_highres_timer() ? "true" : "false",
+ lrng_state_min_seeded() ? "true" : "false",
+ lrng_state_fully_seeded() ? "true" : "false");
+ lrng_drng_unlock(lrng_drng_init, &flags);
+
+ seq_write(m, buf, strlen(buf));
+
+ return 0;
+}
+
+static int __init lrng_proc_type_init(void)
+{
+ proc_create_single("lrng_type", 0444, NULL, &lrng_proc_type_show);
+ return 0;
+}
+
+module_init(lrng_proc_type_init);
--
2.26.2
Hi "Stephan,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on cryptodev/master crypto/master v5.9-rc1 next-20200821]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Stephan-M-ller/dev-random-a-new-approach-with-full-SP800-90B-compliance/20200821-140523
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git d162219c655c8cf8003128a13840d6c1e183fb80
config: arm64-randconfig-s031-20200821 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.2-191-g10164920-dirty
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
sparse warnings: (new ones prefixed by >>)
>> drivers/char/lrng/lrng_proc.c:49:50: sparse: sparse: incorrect type in argument 3 (different address spaces) @@ expected void * @@ got void [noderef] __user *buffer @@
>> drivers/char/lrng/lrng_proc.c:49:50: sparse: expected void *
>> drivers/char/lrng/lrng_proc.c:49:50: sparse: got void [noderef] __user *buffer
>> drivers/char/lrng/lrng_proc.c:100:35: sparse: sparse: incorrect type in initializer (incompatible argument 3 (different address spaces)) @@ expected int ( [usertype] *proc_handler )( ... ) @@ got int ( * )( ... ) @@
>> drivers/char/lrng/lrng_proc.c:100:35: sparse: expected int ( [usertype] *proc_handler )( ... )
>> drivers/char/lrng/lrng_proc.c:100:35: sparse: got int ( * )( ... )
drivers/char/lrng/lrng_proc.c:106:35: sparse: sparse: incorrect type in initializer (incompatible argument 3 (different address spaces)) @@ expected int ( [usertype] *proc_handler )( ... ) @@ got int ( * )( ... ) @@
drivers/char/lrng/lrng_proc.c:106:35: sparse: expected int ( [usertype] *proc_handler )( ... )
drivers/char/lrng/lrng_proc.c:106:35: sparse: got int ( * )( ... )
>> drivers/char/lrng/lrng_proc.c:150:25: sparse: sparse: context imbalance in 'lrng_proc_type_show' - different lock contexts for basic block
# https://github.com/0day-ci/linux/commit/902758205b535f162d904f8209936aed9d6ae6d3
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Stephan-M-ller/dev-random-a-new-approach-with-full-SP800-90B-compliance/20200821-140523
git checkout 902758205b535f162d904f8209936aed9d6ae6d3
vim +49 drivers/char/lrng/lrng_proc.c
15
16 /*
17 * This function is used to return both the bootid UUID, and random
18 * UUID. The difference is in whether table->data is NULL; if it is,
19 * then a new UUID is generated and returned to the user.
20 *
21 * If the user accesses this via the proc interface, the UUID will be
22 * returned as an ASCII string in the standard UUID format; if via the
23 * sysctl system call, as 16 bytes of binary data.
24 */
25 static int lrng_proc_do_uuid(struct ctl_table *table, int write,
26 void __user *buffer, size_t *lenp, loff_t *ppos)
27 {
28 struct ctl_table fake_table;
29 unsigned char buf[64], tmp_uuid[16], *uuid;
30
31 uuid = table->data;
32 if (!uuid) {
33 uuid = tmp_uuid;
34 generate_random_uuid(uuid);
35 } else {
36 static DEFINE_SPINLOCK(bootid_spinlock);
37
38 spin_lock(&bootid_spinlock);
39 if (!uuid[8])
40 generate_random_uuid(uuid);
41 spin_unlock(&bootid_spinlock);
42 }
43
44 sprintf(buf, "%pU", uuid);
45
46 fake_table.data = buf;
47 fake_table.maxlen = sizeof(buf);
48
> 49 return proc_dostring(&fake_table, write, buffer, lenp, ppos);
50 }
51
52 static int lrng_proc_do_entropy(struct ctl_table *table, int write,
53 void *buffer, size_t *lenp, loff_t *ppos)
54 {
55 struct ctl_table fake_table;
56 int entropy_count;
57
58 entropy_count = lrng_avail_entropy();
59
60 fake_table.data = &entropy_count;
61 fake_table.maxlen = sizeof(entropy_count);
62
63 return proc_dointvec(&fake_table, write, buffer, lenp, ppos);
64 }
65
66 static int lrng_sysctl_poolsize = LRNG_POOL_SIZE_BITS;
67 static int lrng_min_write_thresh;
68 static int lrng_max_write_thresh = LRNG_POOL_SIZE_BITS;
69 static char lrng_sysctl_bootid[16];
70 static int lrng_drng_reseed_max_min;
71
72 struct ctl_table random_table[] = {
73 {
74 .procname = "poolsize",
75 .data = &lrng_sysctl_poolsize,
76 .maxlen = sizeof(int),
77 .mode = 0444,
78 .proc_handler = proc_dointvec,
79 },
80 {
81 .procname = "entropy_avail",
82 .maxlen = sizeof(int),
83 .mode = 0444,
84 .proc_handler = lrng_proc_do_entropy,
85 },
86 {
87 .procname = "write_wakeup_threshold",
88 .data = &lrng_write_wakeup_bits,
89 .maxlen = sizeof(int),
90 .mode = 0644,
91 .proc_handler = proc_dointvec_minmax,
92 .extra1 = &lrng_min_write_thresh,
93 .extra2 = &lrng_max_write_thresh,
94 },
95 {
96 .procname = "boot_id",
97 .data = &lrng_sysctl_bootid,
98 .maxlen = 16,
99 .mode = 0444,
> 100 .proc_handler = lrng_proc_do_uuid,
101 },
102 {
103 .procname = "uuid",
104 .maxlen = 16,
105 .mode = 0444,
106 .proc_handler = lrng_proc_do_uuid,
107 },
108 {
109 .procname = "urandom_min_reseed_secs",
110 .data = &lrng_drng_reseed_max_time,
111 .maxlen = sizeof(int),
112 .mode = 0644,
113 .proc_handler = proc_dointvec,
114 .extra1 = &lrng_drng_reseed_max_min,
115 },
116 { }
117 };
118
119 /* Number of online DRNGs */
120 static u32 numa_drngs = 1;
121
122 void lrng_pool_inc_numa_node(void)
123 {
124 numa_drngs++;
125 }
126
127 static int lrng_proc_type_show(struct seq_file *m, void *v)
128 {
129 struct lrng_drng *lrng_drng_init = lrng_drng_init_instance();
130 unsigned long flags = 0;
131 unsigned char buf[300];
132
133 lrng_drng_lock(lrng_drng_init, &flags);
134 snprintf(buf, sizeof(buf),
135 "DRNG name: %s\n"
136 "Hash for reading entropy pool: %s\n"
137 "DRNG security strength: %d bits\n"
138 "number of DRNG instances: %u\n"
139 "SP800-90B compliance: %s\n"
140 "High-resolution timer: %s\n"
141 "LRNG minimally seeded: %s\n"
142 "LRNG fully seeded: %s\n",
143 lrng_drng_init->crypto_cb->lrng_drng_name(),
144 lrng_drng_init->crypto_cb->lrng_hash_name(),
145 LRNG_DRNG_SECURITY_STRENGTH_BITS, numa_drngs,
146 lrng_sp80090b_compliant() ? "true" : "false",
147 lrng_pool_highres_timer() ? "true" : "false",
148 lrng_state_min_seeded() ? "true" : "false",
149 lrng_state_fully_seeded() ? "true" : "false");
> 150 lrng_drng_unlock(lrng_drng_init, &flags);
151
152 seq_write(m, buf, strlen(buf));
153
154 return 0;
155 }
156
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]