lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220213204631.354247-4-linux@dominikbrodowski.net> Date: Sun, 13 Feb 2022 21:46:30 +0100 From: Dominik Brodowski <linux@...inikbrodowski.net> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org, "Jason A . Donenfeld" <Jason@...c4.com> Subject: [PATCH 3/4] hw_random: use per-rng quality value instead of global setting The current_quality variable exposed as a module parameter is fundamentally broken: If it is set at boot time, it is overwritten once the first hw rng device is loaded; if it is set at runtime, it is without effect if the hw rng device had its quality value set to 0 (and no default_quality was set); and if a new rng is selected, it gets overwritten. Therefore, mark it as obsolete, and replace it by the per-rng quality setting. Cc: Herbert Xu <herbert@...dor.apana.org.au> Cc: Jason A. Donenfeld <Jason@...c4.com> Signed-off-by: Dominik Brodowski <linux@...inikbrodowski.net> --- drivers/char/hw_random/core.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 29febf55b0d4..8df102b39b35 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -44,14 +44,14 @@ static unsigned short default_quality; /* = 0; default to "off" */ module_param(current_quality, ushort, 0644); MODULE_PARM_DESC(current_quality, - "current hwrng entropy estimation per 1024 bits of input"); + "current hwrng entropy estimation per 1024 bits of input -- obsolete"); module_param(default_quality, ushort, 0644); MODULE_PARM_DESC(default_quality, "default entropy content of hwrng per 1024 bits of input"); static void drop_current_rng(void); static int hwrng_init(struct hwrng *rng); -static void hwrng_manage_rngd(void); +static void hwrng_manage_rngd(struct hwrng *rng); static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size, int wait); @@ -160,11 +160,13 @@ static int hwrng_init(struct hwrng *rng) reinit_completion(&rng->cleanup_done); skip_init: - current_quality = rng->quality ? : default_quality; - if (current_quality > 1024) - current_quality = 1024; + if (!rng->quality) + rng->quality = default_quality; + if (rng->quality > 1024) + rng->quality = 1024; + current_quality = rng->quality; /* obsolete */ - hwrng_manage_rngd(); + hwrng_manage_rngd(rng); return 0; } @@ -429,19 +431,24 @@ static int hwrng_fillfn(void *unused) long rc; while (!kthread_should_stop()) { + unsigned short quality; struct hwrng *rng; - if (!current_quality) - break; - rng = get_current_rng(); if (IS_ERR(rng) || !rng) break; mutex_lock(&reading_mutex); rc = rng_get_data(rng, rng_fillbuf, rng_buffer_size(), 1); + if (current_quality != rng->quality) + rng->quality = current_quality; /* obsolete */ + quality = rng->quality; mutex_unlock(&reading_mutex); put_rng(rng); + + if (!quality) + break; + if (rc <= 0) { pr_warn("hwrng: no data available\n"); msleep_interruptible(10000); @@ -451,7 +458,7 @@ static int hwrng_fillfn(void *unused) /* If we cannot credit at least one bit of entropy, * keep track of the remainder for the next iteration */ - entropy = rc * current_quality * 8 + entropy_credit; + entropy = rc * quality * 8 + entropy_credit; if ((entropy >> 10) == 0) entropy_credit = entropy; @@ -463,14 +470,14 @@ static int hwrng_fillfn(void *unused) return 0; } -static void hwrng_manage_rngd(void) +static void hwrng_manage_rngd(struct hwrng *rng) { if (WARN_ON(!mutex_is_locked(&rng_mutex))) return; - if (current_quality == 0 && hwrng_fill) + if (rng->quality == 0 && hwrng_fill) kthread_stop(hwrng_fill); - if (current_quality > 0 && !hwrng_fill) { + if (rng->quality > 0 && !hwrng_fill) { hwrng_fill = kthread_run(hwrng_fillfn, NULL, "hwrng"); if (IS_ERR(hwrng_fill)) { pr_err("hwrng_fill thread creation failed\n"); -- 2.35.1
Powered by blists - more mailing lists