From: Linus Torvalds Date: Sat, 16 Nov 2013 18:19:15 +0000 (-0800) Subject: Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso... X-Git-Tag: v6.6-pxa1908~24326 X-Git-Url: https://git.dujemihanovic.xyz/?a=commitdiff_plain;h=0891ad829d2a0501053703df66029e843e3b8365;p=linux.git Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull /dev/random changes from Ted Ts'o: "The /dev/random changes for 3.13 including a number of improvements in the following areas: performance, avoiding waste of entropy, better tracking of entropy estimates, support for non-x86 platforms that have a register which can't be used for fine-grained timekeeping, but which might be good enough for the random driver. Also add some printk's so that we can see how quickly /dev/urandom can get initialized, and when programs try to use /dev/urandom before it is fully initialized (since this could be a security issue). This shouldn't be an issue on x86 desktop/laptops --- a test on my Lenovo T430s laptop shows that /dev/urandom is getting fully initialized approximately two seconds before the root file system is mounted read/write --- this may be an issue with ARM and MIPS embedded/mobile systems, though. These printk's will be a useful canary before potentially adding a future change to start blocking processes which try to read from /dev/urandom before it is initialized, which is something FreeBSD does already for security reasons, and which security folks have been agitating for Linux to also adopt" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: add debugging code to detect early use of get_random_bytes() random: initialize the last_time field in struct timer_rand_state random: don't zap entropy count in rand_initialize() random: printk notifications for urandom pool initialization random: make add_timer_randomness() fill the nonblocking pool first random: convert DEBUG_ENT to tracepoints random: push extra entropy to the output pools random: drop trickle mode random: adjust the generator polynomials in the mixing function slightly random: speed up the fast_mix function by a factor of four random: cap the rate which the /dev/urandom pool gets reseeded random: optimize the entropy_store structure random: optimize spinlock use in add_device_randomness() random: fix the tracepoint for get_random_bytes(_arch) random: account for entropy loss due to overwrites random: allow fractional bits to be tracked random: statically compute poolbitshift, poolbytes, poolbits random: mix in architectural randomness earlier in extract_buf() --- 0891ad829d2a0501053703df66029e843e3b8365 diff --cc drivers/char/random.c index 4fe5609eeb72,cdf4cfb2da4d..429b75bb60e8 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@@ -255,7 -255,11 +255,8 @@@ #include #include #include + #include - -#ifdef CONFIG_GENERIC_HARDIRQS -# include -#endif +#include #include #include @@@ -601,12 -654,14 +651,13 @@@ retry if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) goto retry; - if (!r->initialized && nbits > 0) { - r->entropy_total += nbits; - if (r->entropy_total > 128) { - r->initialized = 1; - if (r == &nonblocking_pool) - prandom_reseed_late(); + r->entropy_total += nbits; - if (!r->initialized && nbits > 0) { - if (r->entropy_total > 128) { - if (r == &nonblocking_pool) - pr_notice("random: %s pool is initialized\n", - r->name); - r->initialized = 1; - r->entropy_total = 0; ++ if (!r->initialized && r->entropy_total > 128) { ++ r->initialized = 1; ++ r->entropy_total = 0; ++ if (r == &nonblocking_pool) { ++ prandom_reseed_late(); ++ pr_notice("random: %s pool is initialized\n", r->name); } }