The bulk of the motivation for this and description of crypto
vulnerabilities is in the first patch of this series. The following
three patches then fix up entropy accounting for the new model. The last
patch fixes a minor code safety issue.

This v3 fixes comments and commit message wording, simplifies a bit of
code in a cmpxchg loop, and adjusts semantics around the poll write
wakeup threshold.

Jason A. Donenfeld (5):
  random: use computational hash for entropy extraction
  random: simplify entropy debiting
  random: use linear min-entropy accumulation crediting
  random: always wake up entropy writers after extraction
  random: make credit_entropy_bits() always safe

 drivers/char/random.c         | 501 ++++++----------------------------
 include/trace/events/random.h |  30 +-
 2 files changed, 87 insertions(+), 444 deletions(-)

-- 
2.35.0

On Sat, Feb 05, 2022 at 05:01:13PM +0100, Jason A. Donenfeld wrote:
> The bulk of the motivation for this and description of crypto
> vulnerabilities is in the first patch of this series. The following
> three patches then fix up entropy accounting for the new model. The last
> patch fixes a minor code safety issue.
> 
> This v3 fixes comments and commit message wording, simplifies a bit of
> code in a cmpxchg loop, and adjusts semantics around the poll write
> wakeup threshold.
> 
> Jason A. Donenfeld (5):
>   random: use computational hash for entropy extraction
>   random: simplify entropy debiting
>   random: use linear min-entropy accumulation crediting
>   random: always wake up entropy writers after extraction
>   random: make credit_entropy_bits() always safe
> 
>  drivers/char/random.c         | 501 ++++++----------------------------
>  include/trace/events/random.h |  30 +-
>  2 files changed, 87 insertions(+), 444 deletions(-)

Looks good, thanks!  You can add for the series:

Reviewed-by: Eric Biggers <ebiggers@google.com>

- Eric