[PATCH] random: credit architectural init the exact amount

[PATCH] random: credit architectural init the exact amount

[Jason A. Donenfeld]

RDRAND and RDSEED can fail sometimes, which is fine. We currently
initialize the RNG with 512 bits of RDRAND/RDSEED. We only need 256 bits
of those to succeed in order to initialize the RNG. Instead of the
current "all or nothing" approach, actually credit these contributions
the amount that is actually contributed.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 drivers/char/random.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index bd80d74a7f8c..9ffa41c5e092 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -934,9 +934,8 @@ static struct notifier_block pm_notifier = { .notifier_call = random_pm_notifica
  */
 int __init random_init(const char *command_line)
 {
-	size_t i;
 	ktime_t now = ktime_get_real();
-	bool arch_init = true;
+	unsigned int i, arch_init;
 	unsigned long rv;
 
 #if defined(LATENT_ENTROPY_PLUGIN)
@@ -944,11 +943,12 @@ int __init random_init(const char *command_line)
 	_mix_pool_bytes(compiletime_seed, sizeof(compiletime_seed));
 #endif
 
-	for (i = 0; i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) {
+	for (i = 0, arch_init = BLAKE2S_BLOCK_SIZE;
+	     i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) {
 		if (!arch_get_random_seed_long_early(&rv) &&
 		    !arch_get_random_long_early(&rv)) {
 			rv = random_get_entropy();
-			arch_init = false;
+			arch_init -= sizeof(rv);
 		}
 		_mix_pool_bytes(&rv, sizeof(rv));
 	}
@@ -968,8 +968,8 @@ int __init random_init(const char *command_line)
 
 		/* Immediately use the above architectural contributions. */
 		crng_reseed();
-	} else if (arch_init && trust_cpu)
-		credit_init_bits(BLAKE2S_BLOCK_SIZE * 8);
+	} else if (trust_cpu)
+		credit_init_bits(arch_init * 8);
 
 	WARN_ON(register_pm_notifier(&pm_notifier));
 
-- 
2.35.1

Re: [PATCH] random: credit architectural init the exact amount

[Dominik Brodowski]

Am Thu, May 12, 2022 at 03:38:35PM +0200 schrieb Jason A. Donenfeld:
> RDRAND and RDSEED can fail sometimes, which is fine. We currently
> initialize the RNG with 512 bits of RDRAND/RDSEED. We only need 256 bits
> of those to succeed in order to initialize the RNG. Instead of the
> current "all or nothing" approach, actually credit these contributions
> the amount that is actually contributed.
> 
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
>  drivers/char/random.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index bd80d74a7f8c..9ffa41c5e092 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -934,9 +934,8 @@ static struct notifier_block pm_notifier = { .notifier_call = random_pm_notifica
>   */
>  int __init random_init(const char *command_line)
>  {
> -	size_t i;
>  	ktime_t now = ktime_get_real();
> -	bool arch_init = true;
> +	unsigned int i, arch_init;

Maybe s/arch_init/arch_init_cnt/g to clarify that this is now used as a
counter?

Otherwise, looks good:

	Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>

Thanks,
	Dominik

Re: [PATCH] random: credit architectural init the exact amount

[Jason A. Donenfeld]

Hi Dominik,

On Fri, May 13, 2022 at 08:18:30AM +0200, Dominik Brodowski wrote:
> > -	bool arch_init = true;
> > +	unsigned int i, arch_init;
> 
> Maybe s/arch_init/arch_init_cnt/g to clarify that this is now used as a
> counter?

Good idea. I'll call it arch_bytes, which will make the `* 8` lower down
more obviously doing bytes->bits.

Jason