[PATCH 1/4] random: use device attach events for entropy

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Theodore Ts'o <tytso@mit.edu>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
	stable@vger.kernel.org
Subject: [PATCH 1/4] random: use device attach events for entropy
Date: Sun,  3 Nov 2013 08:33:12 -0500	[thread overview]
Message-ID: <1383485595-2020-2-git-send-email-tytso@mit.edu> (raw)
In-Reply-To: <1383485595-2020-1-git-send-email-tytso@mit.edu>

Some investigation from FreeBSD shows that there is entropy available
from measuring the device attach times:

http://lists.randombit.net/pipermail/cryptography/2013-October/005689.html

This will hopefully help us more quickly initialize the entropy pools
while the system is booting (which is one of the times when we really
badly need more entropy, especially in the case of the first boot
after an consumer electronics device is taken out of the box).

Measurements indicate this makes a huge improvement in the security of
/dev/urandom during the boot sequence, so I'm cc'ing this to the
stable kernel series.  Especially for embedded systems, which use
flash and which don't necessarily have the network enabled when they
first generate ssh or x.509 keys (sigh), this can be a big deal.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
---
 drivers/base/core.c    | 3 +++
 drivers/char/random.c  | 7 +++++++
 include/linux/random.h | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/drivers/base/core.c b/drivers/base/core.c
index 8856d74..5e98fc3 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -26,6 +26,7 @@
 #include <linux/async.h>
 #include <linux/pm_runtime.h>
 #include <linux/netdevice.h>
+#include <linux/random.h>
 
 #include "base.h"
 #include "power/power.h"
@@ -1156,6 +1157,8 @@ int device_add(struct device *dev)
 				class_intf->add_dev(dev, class_intf);
 		mutex_unlock(&dev->class->p->mutex);
 	}
+	add_device_attach_randomness(dev);
+
 done:
 	put_device(dev);
 	return error;
diff --git a/drivers/char/random.c b/drivers/char/random.c
index f126bd2..51153fe 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -829,6 +829,13 @@ void add_input_randomness(unsigned int type, unsigned int code,
 }
 EXPORT_SYMBOL_GPL(add_input_randomness);
 
+void add_device_attach_randomness(struct device *dev)
+{
+	static struct timer_rand_state attach_state = { 0, };
+
+	add_timer_randomness(&attach_state, dev->devt);
+}
+
 static DEFINE_PER_CPU(struct fast_pool, irq_randomness);
 
 void add_interrupt_randomness(int irq, int irq_flags)
diff --git a/include/linux/random.h b/include/linux/random.h
index 6312dd9..5ef9470 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -12,6 +12,8 @@
 extern void add_device_randomness(const void *, unsigned int);
 extern void add_input_randomness(unsigned int type, unsigned int code,
 				 unsigned int value);
+struct device;
+extern void add_device_attach_randomness(struct device *dev);
 extern void add_interrupt_randomness(int irq, int irq_flags);
 
 extern void get_random_bytes(void *buf, int nbytes);
-- 
1.7.12.rc0.22.gcdd159b

next prev parent reply	other threads:[~2013-11-03 13:33 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-03 13:33 [PATCH 0/4] random: improve entropy pool initialization at boot time Theodore Ts'o
2013-11-03 13:33 ` Theodore Ts'o [this message]
2013-11-03 14:51   ` [PATCH 1/4] random: use device attach events for entropy Greg KH
2013-11-03 18:44     ` Theodore Ts'o
2013-11-03 23:10   ` Theodore Ts'o
2013-11-03 13:33 ` [PATCH 2/4] random: make add_timer_randomness() fill the nonblocking pool first Theodore Ts'o
2013-11-03 13:33 ` [PATCH 3/4] random: printk notifications for urandom pool initialization Theodore Ts'o
2013-11-03 13:33 ` [PATCH 4/4] random: don't zap entropy count in rand_initialize() Theodore Ts'o

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8856d74 dfblob:5e98fc3 dfblob:f126bd2 dfblob:51153fe
dfblob:6312dd9 dfblob:5ef9470 )
 OR (
bs:"[PATCH 1/4] random: use device attach events for entropy" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1383485595-2020-2-git-send-email-tytso@mit.edu \
    --to=tytso@mit.edu \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).