[PATCH 04/14] random: accept small seeds early on

[Greg Price <price@MIT.EDU>]

Early in boot, we want to get /dev/urandom (and the kernel's
internal randomness source) adequately seeded ASAP.  If we're
desperately short of entropy and are asked to produce output,
we're better off getting, say, 16 bits now and 32 bits next time
rather than holding out for a whole 64-bit reseed while producing
output from virtually no entropy.

At present most input goes directly to the nonblocking pool early on
anyway, but this helps put us in a position to change that.

Signed-off-by: Greg Price <price@mit.edu>
---
 drivers/char/random.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index bf7fedadd..9f24f6468 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -925,12 +925,21 @@ static void _xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
 	__u32 tmp[OUTPUT_POOL_WORDS];
 	int bytes, min_bytes, reserved_bytes;
 
-	/* pull at least as much as a wakeup */
-	min_bytes = random_read_wakeup_bits / 8;
-	/* but never more than the buffer size */
+	/* Try to pull a full wakeup's worth if we might have just woken up
+	 * for it, and a full reseed's worth (which is controlled by the same
+	 * parameter) for the nonblocking pool... */
+	if (r == &blocking_pool || r->initialized) {
+		min_bytes = random_read_wakeup_bits / 8;
+	} else {
+		/* ... except if we're hardly seeded at all, we'll settle for
+		 * enough to double what we have ... */
+		min_bytes = min(random_read_wakeup_bits / 8,
+				(r->entropy_total+7) / 8);
+	}
+	/* ... and in any event no more than our (giant) buffer holds. */
 	bytes = min(sizeof(tmp), max_t(size_t, min_bytes, nbytes));
 
-	/* reserve some for /dev/random's pool, unless we really need it */
+	/* Reserve some for /dev/random's pool, unless we really need it. */
 	reserved_bytes = 0;
 	if (!r->limit && r->initialized)
 		reserved_bytes = 2 * (random_read_wakeup_bits / 8);
-- 
1.8.3.2