From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org,
Dominik Brodowski <linux@dominikbrodowski.net>,
"Theodore Ts'o" <tytso@mit.edu>,
Hsin-Yi Wang <hsinyi@chromium.org>,
"Ivan T. Ivanov" <iivanov@suse.de>,
Ard Biesheuvel <ardb@kernel.org>,
linux-efi@vger.kernel.org
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH v7 3/4] random: do not throw away excess input to crng_fast_load
Date: Tue, 28 Dec 2021 16:38:25 +0100 [thread overview]
Message-ID: <20211228153826.448805-3-Jason@zx2c4.com> (raw)
In-Reply-To: <20211228153826.448805-1-Jason@zx2c4.com>
When crng_fast_load() is called by add_hwgenerator_randomness(), we
currently will advance to crng_init==1 if we've acquired 64 bytes, and
then throw away the rest of the buffer. This is a problem if irq
randomness creates one call to crng_fast_load(), and then
add_hwgenerator_randomness() gets called via EFI with 64 bytes. In that
case, we'll advance to crng_init==1, but won't continue onward feeding
in bytes to progress to crng_init==2. This commit fixes the issue by
feeding leftover bytes into the next phase in
add_hwgenerator_randomness().
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/char/random.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 95aac486177e..020443e34603 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -919,12 +919,14 @@ static struct crng_state *select_crng(void)
/*
* crng_fast_load() can be called by code in the interrupt service
- * path. So we can't afford to dilly-dally.
+ * path. So we can't afford to dilly-dally. Returns the number of
+ * bytes processed from cp.
*/
-static int crng_fast_load(const char *cp, size_t len)
+static size_t crng_fast_load(const char *cp, size_t len)
{
unsigned long flags;
char *p;
+ size_t ret = 0;
if (!spin_trylock_irqsave(&primary_crng.lock, flags))
return 0;
@@ -935,7 +937,7 @@ static int crng_fast_load(const char *cp, size_t len)
p = (unsigned char *) &primary_crng.state[4];
while (len > 0 && crng_init_cnt < CRNG_INIT_CNT_THRESH) {
p[crng_init_cnt % CHACHA_KEY_SIZE] ^= *cp;
- cp++; crng_init_cnt++; len--;
+ cp++; crng_init_cnt++; len--; ret++;
}
spin_unlock_irqrestore(&primary_crng.lock, flags);
if (crng_init_cnt >= CRNG_INIT_CNT_THRESH) {
@@ -943,7 +945,7 @@ static int crng_fast_load(const char *cp, size_t len)
crng_init = 1;
pr_notice("fast init done\n");
}
- return 1;
+ return ret;
}
/*
@@ -1294,7 +1296,7 @@ void add_interrupt_randomness(int irq)
if (unlikely(crng_init == 0)) {
if ((fast_pool->count >= 64) &&
crng_fast_load((char *) fast_pool->pool,
- sizeof(fast_pool->pool))) {
+ sizeof(fast_pool->pool)) > 0) {
fast_pool->count = 0;
fast_pool->last = now;
}
@@ -2295,8 +2297,11 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
struct entropy_store *poolp = &input_pool;
if (unlikely(crng_init == 0)) {
- crng_fast_load(buffer, count);
- return;
+ size_t ret = crng_fast_load(buffer, count);
+ count -= ret;
+ buffer += ret;
+ if (!count || crng_init == 0)
+ return;
}
/* Suspend writing if we're above the trickle threshold.
--
2.34.1
next prev parent reply other threads:[~2021-12-28 15:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-23 19:04 [PATCH v6] random: fix crash on multiple early calls to add_bootloader_randomness() Dominik Brodowski
2021-12-28 14:06 ` Jason A. Donenfeld
2021-12-28 15:38 ` [PATCH v7 1/4] " Jason A. Donenfeld
2021-12-28 15:38 ` [PATCH v7 2/4] random: do not re-init if crng_reseed completes before primary init Jason A. Donenfeld
2021-12-28 15:38 ` Jason A. Donenfeld [this message]
2021-12-28 15:38 ` [PATCH v7 4/4] random: mix bootloader randomness into pool Jason A. Donenfeld
2021-12-29 21:10 ` [PATCH v8 1/7] random: fix crash on multiple early calls to add_bootloader_randomness() Dominik Brodowski
2021-12-29 21:10 ` [PATCH v8 2/7] random: do not re-init if crng_reseed completes before primary init Dominik Brodowski
2021-12-30 14:31 ` Jason A. Donenfeld
2021-12-29 21:10 ` [PATCH v8 3/7] random: do not throw away excess input to crng_fast_load Dominik Brodowski
2021-12-30 14:32 ` Jason A. Donenfeld
2021-12-29 21:10 ` [PATCH v8 4/7] random: mix bootloader randomness into pool Dominik Brodowski
2021-12-30 14:33 ` Jason A. Donenfeld
2021-12-29 21:10 ` [PATCH v8 5/7] random: harmonize "crng init done" messages Dominik Brodowski
2021-12-30 14:34 ` Jason A. Donenfeld
2021-12-29 21:10 ` [PATCH v8 6/7] random: early initialization of ChaCha constants Dominik Brodowski
2021-12-30 14:40 ` Jason A. Donenfeld
2021-12-29 21:10 ` [PATCH v8 7/7] random: move crng_initialize_secondary to CONFIG_NUMA section Dominik Brodowski
2021-12-30 8:59 ` [PATCH v8.1 7/7] random: move NUMA-related code " Dominik Brodowski
2021-12-30 15:12 ` Jason A. Donenfeld
2021-12-30 14:31 ` [PATCH v8 1/7] random: fix crash on multiple early calls to add_bootloader_randomness() Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211228153826.448805-3-Jason@zx2c4.com \
--to=jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=hsinyi@chromium.org \
--cc=iivanov@suse.de \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox