From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: linux-input@vger.kernel.org, Tim Schumacher <timschumi@gmx.de>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH 17/20] Input: only credit entropy when events are generated by a device
Date: Mon, 17 Sep 2018 17:47:29 -0700 [thread overview]
Message-ID: <20180918004732.9875-17-dmitry.torokhov@gmail.com> (raw)
In-Reply-To: <20180918004732.9875-1-dmitry.torokhov@gmail.com>
Currently we credit entropy (via add_input_randomness()) regardless of
where an event comes form, a device itself, or an input handler, such as
evdev (and thus from userspace). While access to event devices is supposed
to be tightly controlled (one does not want random processes to be able to
observe or inject keystrokes), developers may use evdev to inject events
for testing purposes. Let's make sure that such events to not contribute
to the entropy to keep the pool 'pure' and do not expose developer's
boxes to not so random data.
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
drivers/input/input.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/input/input.c b/drivers/input/input.c
index 260f00ebe34d..0126b8bb6afa 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -368,12 +368,15 @@ static int input_get_disposition(struct input_dev *dev,
}
static void input_handle_event(struct input_dev *dev,
- unsigned int type, unsigned int code, int value)
+ unsigned int type, unsigned int code, int value,
+ bool can_credit_entropy)
{
int disposition = input_get_disposition(dev, type, code, &value);
- if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN)
+ if (can_credit_entropy &&
+ disposition != INPUT_IGNORE_EVENT && type != EV_SYN) {
add_input_randomness(type, code, value);
+ }
if ((disposition & INPUT_PASS_TO_DEVICE) && dev->event)
dev->event(dev, type, code, value);
@@ -434,7 +437,7 @@ void input_event(struct input_dev *dev,
if (is_event_supported(type, dev->evbit, EV_MAX)) {
spin_lock_irqsave(&dev->event_lock, flags);
- input_handle_event(dev, type, code, value);
+ input_handle_event(dev, type, code, value, true);
spin_unlock_irqrestore(&dev->event_lock, flags);
}
}
@@ -464,7 +467,7 @@ void input_inject_event(struct input_handle *handle,
rcu_read_lock();
grab = rcu_dereference(dev->grab);
if (!grab || grab == handle)
- input_handle_event(dev, type, code, value);
+ input_handle_event(dev, type, code, value, false);
rcu_read_unlock();
spin_unlock_irqrestore(&dev->event_lock, flags);
--
2.19.0.397.gdd90340f6a-goog
next prev parent reply other threads:[~2018-09-18 0:47 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-18 0:47 [PATCH 01/20] Input: iforce - remove "being used" silliness Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 02/20] Input: iforce - introduce transport ops Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 03/20] Input: iforce - move get_id to the transport operations Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 04/20] Input: iforce - move command completion handling to serio code Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 05/20] Input: iforce - introduce start and stop io transport ops Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 06/20] Input: iforce - add bus type and parent arguments to iforce_init_device() Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 07/20] Input: iforce - move transport data into transport modules Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 08/20] Input: iforce - split into core and " Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 09/20] Input: iforce - use DMA-safe buffer when getting IDs from USB Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 10/20] Input: iforce - update formatting of switch statements Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 11/20] Input: iforce - factor out hat handling when parsing packets Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 12/20] Input: iforce - do not combine arguments for iforce_process_packet() Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 13/20] Input: iforce - signal command completion from transport code Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 14/20] Input: iforce - only call iforce_process_packet() if initialized Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 15/20] Input: iforce - allow callers supply data buffer when fetching device IDs Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 16/20] Input: iforce - use DMA-safe buffores for USB transfers Dmitry Torokhov
2018-09-18 0:47 ` Dmitry Torokhov [this message]
2018-09-18 0:47 ` [PATCH 18/20] Input: iforce - drop bus type from iforce structure Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 19/20] Input: iforce - drop couple of temps from transport code Dmitry Torokhov
2018-09-18 0:47 ` [PATCH 20/20] Input: iforce - use unaligned accessors, where appropriate Dmitry Torokhov
2018-09-19 14:51 ` [PATCH 01/20] Input: iforce - remove "being used" silliness Tim Schumacher
2018-09-19 17:10 ` Dmitry Torokhov
2019-06-12 14:44 ` Tim Schumacher
2019-06-19 0:24 ` Dmitry Torokhov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180918004732.9875-17-dmitry.torokhov@gmail.com \
--to=dmitry.torokhov@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=timschumi@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).