From nobody Fri Jun 19 11:02:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD134C48BCD for ; Mon, 4 Apr 2022 21:23:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381859AbiDDVYN (ORCPT ); Mon, 4 Apr 2022 17:24:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379041AbiDDQXj (ORCPT ); Mon, 4 Apr 2022 12:23:39 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88DA5BC0B for ; Mon, 4 Apr 2022 09:21:43 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id c15so13579610ljr.9 for ; Mon, 04 Apr 2022 09:21:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=sSjPy3nGUVZuHRzOUz/UszBOtl2V7S/yzI9P7KRgl08=; b=HT3V6nbpnDpfDTKzKnyd3jCoZaWwLF+bSGbOHokpeV/VvSEORsMHvGZW/9HQi0/7Ox LqVOzNucmEEn3FWgzl4veF9IGo13mhSYpKxHnakDzMIuUAmctXkMYt3FnGVq+e5Qf77+ EDk3VKZQZKZk3Xznf/HZXc+7I5eqagDWebo+q9RWadNJSpe8YaDZvP02A5OUwKwRrldI uAZc0JQU8T70xON49+6b5rF4vx4OKY2Wrto17BRYlh8C8c0xtyrLQ9jP5Otaiv0Q6WIY Xgo/HgpqoSe+dXth94omVmmfFQ0yjfbe0cKVZFmeccyTXHJECOE8/fl+pRTqhS0w7r94 LH4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sSjPy3nGUVZuHRzOUz/UszBOtl2V7S/yzI9P7KRgl08=; b=ICwsq/wONwKfu9zkvEajIgGL3e/Eae07JqXN5qlBOlTHjSU+CZD1PgoWa76Pw8p+Oz xnm/kB4Lox6//pCkaPO9j/1G+Y3JzL3xZxAGUAgu7XDSUPvKx9Iqmf6r7N+mYSMx8jOI +3K8eX/4B+DB/GJuegwNgMuK8XhA2MEOQrXjAHF0tZVHjDCunclvG1mbdXOwO1OuQEdb rKSDrVpZywCtRovD+/P/XAwyOwNFtyn0RAh2s2nRehAQT9rUjeiXl4fsNCjFrRqkzTRz +aDgH7gOmCfoGbQzNLx/pn9ftBGy2803bNNYrZqjWqAqnjq5oplZcTL6m0Oi5uReYIe/ a29w== X-Gm-Message-State: AOAM5305r4tMqjqZzdGBV63LPVUeNSAspEyekiQewiVEnKp931wxj50b IuugWDS+QrTWEWlbEuYSdhM= X-Google-Smtp-Source: ABdhPJyyjkuETwqhDr1WVuvE7FvEc0DZAx9rddAx8mSnRsJnPnd1aCoRVc11fSMUqzv02rxS6jXnDA== X-Received: by 2002:a05:651c:a0d:b0:24b:12da:335a with SMTP id k13-20020a05651c0a0d00b0024b12da335amr206367ljq.397.1649089300445; Mon, 04 Apr 2022 09:21:40 -0700 (PDT) Received: from localhost.localdomain (dzx1kfyjwg96s--vr8cxy-3.rev.dnainternet.fi. [2001:14ba:a4ea:8200:f22f:74ff:fe2e:e0a6]) by smtp.gmail.com with ESMTPSA id z23-20020a2e8857000000b00249a15d93b8sm1090291ljj.125.2022.04.04.09.21.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 09:21:39 -0700 (PDT) From: Jan Varho To: "Jason A. Donenfeld" Cc: "Theodore Ts'o" , linux-kernel@vger.kernel.org, Jan Varho Subject: [PATCH v2] random: fix add_hwgenerator_randomness entropy accounting Date: Mon, 4 Apr 2022 19:20:40 +0300 Message-Id: <20220404162039.961926-1-jan.varho@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" add_hwgenerator_randomness tries to only use the required amound of input for fast init, but credits all the entropy if even a byte was left over. Fix by not crediting entropy when using the input for fast init. Signed-off-by: Jan Varho --- drivers/char/random.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 1d8242969751..4d77de688016 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -437,11 +437,8 @@ static void crng_make_state(u32 chacha_state[CHACHA_ST= ATE_WORDS], * This shouldn't be set by functions like add_device_randomness(), * where we can't trust the buffer passed to it is guaranteed to be * unpredictable (so it might not have any entropy at all). - * - * Returns the number of bytes processed from input, which is bounded - * by CRNG_INIT_CNT_THRESH if account is true. */ -static size_t crng_pre_init_inject(const void *input, size_t len, bool acc= ount) +static void crng_pre_init_inject(const void *input, size_t len, bool accou= nt) { static int crng_init_cnt =3D 0; struct blake2s_state hash; @@ -452,18 +449,15 @@ static size_t crng_pre_init_inject(const void *input,= size_t len, bool account) spin_lock_irqsave(&base_crng.lock, flags); if (crng_init !=3D 0) { spin_unlock_irqrestore(&base_crng.lock, flags); - return 0; + return; } =20 - if (account) - len =3D min_t(size_t, len, CRNG_INIT_CNT_THRESH - crng_init_cnt); - blake2s_update(&hash, base_crng.key, sizeof(base_crng.key)); blake2s_update(&hash, input, len); blake2s_final(&hash, base_crng.key); =20 if (account) { - crng_init_cnt +=3D len; + crng_init_cnt =3D min_t(size_t, len, CRNG_INIT_CNT_THRESH - crng_init_cn= t); if (crng_init_cnt >=3D CRNG_INIT_CNT_THRESH) { ++base_crng.generation; crng_init =3D 1; @@ -474,8 +468,6 @@ static size_t crng_pre_init_inject(const void *input, s= ize_t len, bool account) =20 if (crng_init =3D=3D 1) pr_notice("fast init done\n"); - - return len; } =20 static void _get_random_bytes(void *buf, size_t nbytes) @@ -1141,12 +1133,9 @@ void add_hwgenerator_randomness(const void *buffer, = size_t count, size_t entropy) { if (unlikely(crng_init =3D=3D 0 && entropy < POOL_MIN_BITS)) { - size_t ret =3D crng_pre_init_inject(buffer, count, true); - mix_pool_bytes(buffer, ret); - count -=3D ret; - buffer +=3D ret; - if (!count || crng_init =3D=3D 0) - return; + crng_pre_init_inject(buffer, count, true); + mix_pool_bytes(buffer, count); + return; } =20 /* --=20 2.25.1