From: Matt Mackall <mpm@selenic.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH 9/22] /dev/random: more robust catastrophic reseed logic
Date: Thu, 25 Mar 2004 17:57:43 -0600 [thread overview]
Message-ID: <10.524465763@selenic.com> (raw)
In-Reply-To: <9.524465763@selenic.com>
/dev/random more robust catastrophic reseed logic
When reseeding, we always do a "catastrophic reseed" where we pull
enough new bits to make the new state unguessable from outputs even if we
knew the old state. So we must do the checks against the minimum
reseed amount under the pool lock in extract_entropy.
tiny-mpm/drivers/char/random.c | 38 +++++++++++++++++++++++---------------
1 files changed, 23 insertions(+), 15 deletions(-)
diff -puN drivers/char/random.c~extract-min-max drivers/char/random.c
--- tiny/drivers/char/random.c~extract-min-max 2004-03-20 13:38:25.000000000 -0600
+++ tiny-mpm/drivers/char/random.c 2004-03-20 13:38:25.000000000 -0600
@@ -1264,7 +1264,7 @@ static void MD5Transform(__u32 buf[HASH_
#define SEC_XFER_SIZE (TMP_BUF_SIZE*4)
static ssize_t extract_entropy(struct entropy_store *r, void * buf,
- size_t nbytes, int flags);
+ size_t nbytes, int min, int flags);
/*
* This utility inline function is responsible for transfering entropy
@@ -1276,14 +1276,14 @@ static inline void xfer_secondary_pool(s
{
if (r->entropy_count < nbytes * 8 &&
r->entropy_count < r->poolinfo->POOLBITS) {
- int bytes = max_t(int, random_read_wakeup_thresh / 8,
- min_t(int, nbytes, TMP_BUF_SIZE));
+ int bytes = min_t(int, nbytes, TMP_BUF_SIZE);
DEBUG_ENT("going to reseed %s with %d bits "
"(%d of %d requested)\n", r->name,
bytes * 8, nbytes * 8, r->entropy_count);
bytes=extract_entropy(input_pool, tmp, bytes,
+ random_read_wakeup_thresh / 8,
EXTRACT_ENTROPY_LIMIT);
add_entropy_words(r, tmp, bytes);
credit_entropy_store(r, bytes*8);
@@ -1297,10 +1297,13 @@ static inline void xfer_secondary_pool(s
* number of bytes that are actually obtained. If the EXTRACT_ENTROPY_USER
* flag is given, then the buf pointer is assumed to be in user space.
*
+ * If we have less than min bytes of entropy available, exit without
+ * transferring any. This helps avoid racing when reseeding.
+ *
* Note: extract_entropy() assumes that .poolwords is a multiple of 16 words.
*/
static ssize_t extract_entropy(struct entropy_store *r, void * buf,
- size_t nbytes, int flags)
+ size_t nbytes, int min, int flags)
{
ssize_t ret, i;
__u32 tmp[TMP_BUF_SIZE];
@@ -1320,16 +1323,21 @@ static ssize_t extract_entropy(struct en
DEBUG_ENT("trying to extract %d bits from %s\n", nbytes * 8, r->name);
- if (flags & EXTRACT_ENTROPY_LIMIT && nbytes >= r->entropy_count / 8)
- nbytes = r->entropy_count / 8;
+ if (r->entropy_count / 8 < min) {
+ nbytes = 0;
+ } else {
+ if (flags & EXTRACT_ENTROPY_LIMIT &&
+ nbytes >= r->entropy_count / 8)
+ nbytes = r->entropy_count / 8;
- if (r->entropy_count / 8 >= nbytes)
- r->entropy_count -= nbytes*8;
- else
- r->entropy_count = 0;
+ if (r->entropy_count / 8 >= nbytes)
+ r->entropy_count -= nbytes*8;
+ else
+ r->entropy_count = 0;
- if (r->entropy_count < random_write_wakeup_thresh)
- wake_up_interruptible(&random_write_wait);
+ if (r->entropy_count < random_write_wakeup_thresh)
+ wake_up_interruptible(&random_write_wait);
+ }
DEBUG_ENT("debiting %d bits from %s%s\n", nbytes * 8, r->name,
flags & EXTRACT_ENTROPY_LIMIT ? "" : " (unlimited)");
@@ -1413,7 +1421,7 @@ static ssize_t extract_entropy(struct en
void get_random_bytes(void *buf, int nbytes)
{
BUG_ON(!blocking_pool);
- extract_entropy(blocking_pool, buf, nbytes, 0);
+ extract_entropy(blocking_pool, buf, nbytes, 0, 0);
}
EXPORT_SYMBOL(get_random_bytes);
@@ -1528,7 +1536,7 @@ random_read(struct file * file, char * b
DEBUG_ENT("reading %d bits\n", n*8);
- n = extract_entropy(blocking_pool, buf, n,
+ n = extract_entropy(blocking_pool, buf, n, 0,
EXTRACT_ENTROPY_USER |
EXTRACT_ENTROPY_LIMIT);
@@ -1581,7 +1589,7 @@ static ssize_t
urandom_read(struct file * file, char * buf,
size_t nbytes, loff_t *ppos)
{
- return extract_entropy(blocking_pool, buf, nbytes,
+ return extract_entropy(blocking_pool, buf, nbytes, 0,
EXTRACT_ENTROPY_USER);
}
_
next prev parent reply other threads:[~2004-03-26 0:01 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-25 23:57 [PATCH 0/22] /dev/random: Assorted fixes and cleanups Matt Mackall
2004-03-25 23:57 ` [PATCH 1/22] /dev/random: Simplify entropy debugging Matt Mackall
2004-03-25 23:57 ` [PATCH 2/22] /dev/random: Cleanup sleep logic Matt Mackall
2004-03-25 23:57 ` [PATCH 3/22] /dev/random: remove broken resizing sysctl Matt Mackall
2004-03-25 23:57 ` [PATCH 4/22] /dev/random: remove outdated RNDGETPOOL ioctl Matt Mackall
2004-03-25 23:57 ` [PATCH 5/22] /dev/random: pool struct cleanup and rename Matt Mackall
2004-03-25 23:57 ` [PATCH 6/22] /dev/random: simplify pool initialization Matt Mackall
2004-03-25 23:57 ` [PATCH 7/22] /dev/random: simplify reseed logic Matt Mackall
2004-03-25 23:57 ` [PATCH 8/22] /dev/random: BUG on premature random users Matt Mackall
2004-03-25 23:57 ` Matt Mackall [this message]
2004-03-25 23:57 ` [PATCH 10/22] /dev/random: entropy reserve logic for starvation preve Matt Mackall
2004-03-25 23:57 ` [PATCH 11/22] /dev/random: flag pools that need entropy reserve Matt Mackall
2004-03-25 23:57 ` [PATCH 12/22] /dev/random: add pool for /dev/urandom to prevent starv Matt Mackall
2004-03-25 23:57 ` [PATCH 13/22] /dev/random: kill extract_timer_state Matt Mackall
2004-03-25 23:57 ` [PATCH 14/22] /dev/random: kill unused md5 copy Matt Mackall
2004-03-25 23:57 ` [PATCH 15/22] /dev/random: kill unrolled SHA code Matt Mackall
2004-03-25 23:57 ` [PATCH 16/22] /dev/random: kill 2.2 cruft Matt Mackall
2004-03-25 23:57 ` [PATCH 17/22] /dev/random: minor shrinkage Matt Mackall
2004-03-25 23:57 ` [PATCH 18/22] /dev/random: bitop cleanup Matt Mackall
2004-03-25 23:57 ` [PATCH 19/22] /dev/random: use sched_clock for timing data Matt Mackall
2004-03-25 23:57 ` [PATCH 20/22] /dev/random: cleanup rol bitop Matt Mackall
2004-03-25 23:57 ` [PATCH 21/22] /dev/random: kill batching of entropy mixing Matt Mackall
2004-03-25 23:57 ` [PATCH 22/22] /dev/random: update credits Matt Mackall
2004-03-27 13:52 ` [PATCH 21/22] /dev/random: kill batching of entropy mixing Jamie Lokier
2004-03-27 15:17 ` Matt Mackall
2004-03-26 1:43 ` [PATCH 15/22] /dev/random: kill unrolled SHA code Jeff Garzik
2004-03-26 3:59 ` Matt Mackall
2004-03-27 13:49 ` Jamie Lokier
2004-03-26 0:15 ` [PATCH 4/22] /dev/random: remove outdated RNDGETPOOL ioctl Andrew Morton
2004-03-26 0:15 ` [PATCH 3/22] /dev/random: remove broken resizing sysctl Andrew Morton
2004-03-26 3:53 ` Matt Mackall
2004-03-26 0:14 ` [PATCH 2/22] /dev/random: Cleanup sleep logic Andrew Morton
2004-03-26 3:49 ` Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10.524465763@selenic.com \
--to=mpm@selenic.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox