lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Dec 2013 21:01:03 -0500 From: Greg Price <price@....EDU> To: "Theodore Ts'o" <tytso@....edu> Cc: linux-kernel@...r.kernel.org Subject: [PATCH 03/14] random: reserve for /dev/random only once /dev/urandom seeded Early in boot, we really want to make sure the nonblocking pool (for /dev/urandom and the kernel's own use) gets an adequate amount of entropy ASAP. Anyone reading /dev/random is prepared to wait potentially a long time anyway, so delaying them a little bit more at boot until /dev/urandom is seeded is no big deal. This logic still ensures that /dev/random readers won't starve indefinitely. At present most input goes directly to the nonblocking pool early on anyway, but this helps put us in a position to change that. Signed-off-by: Greg Price <price@....edu> --- drivers/char/random.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 92d9f6862..bf7fedadd 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -923,19 +923,21 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes) static void _xfer_secondary_pool(struct entropy_store *r, size_t nbytes) { __u32 tmp[OUTPUT_POOL_WORDS]; - int bytes, min_bytes; - - /* For /dev/random's pool, always leave two wakeups' worth */ - int rsvd_bytes = r->limit ? 0 : random_read_wakeup_bits / 4; + int bytes, min_bytes, reserved_bytes; /* pull at least as much as a wakeup */ min_bytes = random_read_wakeup_bits / 8; /* but never more than the buffer size */ bytes = min(sizeof(tmp), max_t(size_t, min_bytes, nbytes)); + /* reserve some for /dev/random's pool, unless we really need it */ + reserved_bytes = 0; + if (!r->limit && r->initialized) + reserved_bytes = 2 * (random_read_wakeup_bits / 8); + trace_xfer_secondary_pool(r->name, bytes * 8, nbytes * 8, ENTROPY_BITS(r), ENTROPY_BITS(r->pull)); - bytes = extract_entropy(r->pull, tmp, bytes, min_bytes, rsvd_bytes); + bytes = extract_entropy(r->pull, tmp, bytes, min_bytes, reserved_bytes); mix_pool_bytes(r, tmp, bytes, NULL); credit_entropy_bits(r, bytes*8); } -- 1.8.3.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists