diff options
Diffstat (limited to 'drivers/char/random.c')
-rw-r--r-- | drivers/char/random.c | 88 |
1 files changed, 57 insertions, 31 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index a8fb0020ba5c..bf5f99fc36f1 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -402,7 +402,8 @@ static struct poolinfo { /* * Static global variables */ -static DECLARE_WAIT_QUEUE_HEAD(random_wait); +static DECLARE_WAIT_QUEUE_HEAD(random_read_wait); +static DECLARE_WAIT_QUEUE_HEAD(random_write_wait); static struct fasync_struct *fasync; static DEFINE_SPINLOCK(random_ready_list_lock); @@ -721,8 +722,8 @@ retry: /* should we wake readers? */ if (entropy_bits >= random_read_wakeup_bits && - wq_has_sleeper(&random_wait)) { - wake_up_interruptible_poll(&random_wait, POLLIN); + wq_has_sleeper(&random_read_wait)) { + wake_up_interruptible(&random_read_wait); kill_fasync(&fasync, SIGIO, POLL_IN); } /* If the input pool is getting full, send some @@ -781,6 +782,7 @@ static void invalidate_batched_entropy(void); static void crng_initialize(struct crng_state *crng) { int i; + int arch_init = 1; unsigned long rv; memcpy(&crng->state[0], "expand 32-byte k", 16); @@ -791,10 +793,18 @@ static void crng_initialize(struct crng_state *crng) _get_random_bytes(&crng->state[4], sizeof(__u32) * 12); for (i = 4; i < 16; i++) { if (!arch_get_random_seed_long(&rv) && - !arch_get_random_long(&rv)) + !arch_get_random_long(&rv)) { rv = random_get_entropy(); + arch_init = 0; + } crng->state[i] ^= rv; } +#ifdef CONFIG_RANDOM_TRUST_CPU + if (arch_init) { + crng_init = 2; + pr_notice("random: crng done (trusting CPU's manufacturer)\n"); + } +#endif crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; } @@ -1121,8 +1131,6 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) } sample; long delta, delta2, delta3; - preempt_disable(); - sample.jiffies = jiffies; sample.cycles = random_get_entropy(); sample.num = num; @@ -1160,8 +1168,6 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) * and limit entropy entimate to 12 bits. */ credit_entropy_bits(r, min_t(int, fls(delta>>1), 11)); - - preempt_enable(); } void add_input_randomness(unsigned int type, unsigned int code, @@ -1396,7 +1402,7 @@ retry: trace_debit_entropy(r->name, 8 * ibytes); if (ibytes && (r->entropy_count >> ENTROPY_SHIFT) < random_write_wakeup_bits) { - wake_up_interruptible_poll(&random_wait, POLLOUT); + wake_up_interruptible(&random_write_wait); kill_fasync(&fasync, SIGIO, POLL_OUT); } @@ -1658,6 +1664,21 @@ int wait_for_random_bytes(void) EXPORT_SYMBOL(wait_for_random_bytes); /* + * Returns whether or not the urandom pool has been seeded and thus guaranteed + * to supply cryptographically secure random numbers. This applies to: the + * /dev/urandom device, the get_random_bytes function, and the get_random_{u32, + * ,u64,int,long} family of functions. + * + * Returns: true if the urandom pool has been seeded. + * false if the urandom pool has not been seeded. + */ +bool rng_is_initialized(void) +{ + return crng_ready(); +} +EXPORT_SYMBOL(rng_is_initialized); + +/* * Add a callback function that will be invoked when the nonblocking * pool is initialised. * @@ -1724,30 +1745,31 @@ EXPORT_SYMBOL(del_random_ready_callback); * key known by the NSA). So it's useful if we need the speed, but * only if we're willing to trust the hardware manufacturer not to * have put in a back door. + * + * Return number of bytes filled in. */ -void get_random_bytes_arch(void *buf, int nbytes) +int __must_check get_random_bytes_arch(void *buf, int nbytes) { + int left = nbytes; char *p = buf; - trace_get_random_bytes_arch(nbytes, _RET_IP_); - while (nbytes) { + trace_get_random_bytes_arch(left, _RET_IP_); + while (left) { unsigned long v; - int chunk = min(nbytes, (int)sizeof(unsigned long)); + int chunk = min_t(int, left, sizeof(unsigned long)); if (!arch_get_random_long(&v)) break; - + memcpy(p, &v, chunk); p += chunk; - nbytes -= chunk; + left -= chunk; } - if (nbytes) - get_random_bytes(p, nbytes); + return nbytes - left; } EXPORT_SYMBOL(get_random_bytes_arch); - /* * init_std_data - initialize pool with system data * @@ -1838,7 +1860,7 @@ _random_read(int nonblock, char __user *buf, size_t nbytes) if (nonblock) return -EAGAIN; - wait_event_interruptible(random_wait, + wait_event_interruptible(random_read_wait, ENTROPY_BITS(&input_pool) >= random_read_wakeup_bits); if (signal_pending(current)) @@ -1875,17 +1897,14 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) return ret; } -static struct wait_queue_head * -random_get_poll_head(struct file *file, __poll_t events) -{ - return &random_wait; -} - static __poll_t -random_poll_mask(struct file *file, __poll_t events) +random_poll(struct file *file, poll_table * wait) { - __poll_t mask = 0; + __poll_t mask; + poll_wait(file, &random_read_wait, wait); + poll_wait(file, &random_write_wait, wait); + mask = 0; if (ENTROPY_BITS(&input_pool) >= random_read_wakeup_bits) mask |= EPOLLIN | EPOLLRDNORM; if (ENTROPY_BITS(&input_pool) < random_write_wakeup_bits) @@ -1897,14 +1916,22 @@ static int write_pool(struct entropy_store *r, const char __user *buffer, size_t count) { size_t bytes; - __u32 buf[16]; + __u32 t, buf[16]; const char __user *p = buffer; while (count > 0) { + int b, i = 0; + bytes = min(count, sizeof(buf)); if (copy_from_user(&buf, p, bytes)) return -EFAULT; + for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) { + if (!arch_get_random_int(&t)) + break; + buf[i] ^= t; + } + count -= bytes; p += bytes; @@ -1992,8 +2019,7 @@ static int random_fasync(int fd, struct file *filp, int on) const struct file_operations random_fops = { .read = random_read, .write = random_write, - .get_poll_head = random_get_poll_head, - .poll_mask = random_poll_mask, + .poll = random_poll, .unlocked_ioctl = random_ioctl, .fasync = random_fasync, .llseek = noop_llseek, @@ -2326,7 +2352,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count, * We'll be woken up again once below random_write_wakeup_thresh, * or when the calling thread is about to terminate. */ - wait_event_interruptible(random_wait, kthread_should_stop() || + wait_event_interruptible(random_write_wait, kthread_should_stop() || ENTROPY_BITS(&input_pool) <= random_write_wakeup_bits); mix_pool_bytes(poolp, buffer, count); credit_entropy_bits(poolp, entropy); |