@@ -433,12 +433,9 @@ static void _get_random_bytes(void *buf, size_t len)
/*
* This function is the exported kernel interface. It returns some
* number of good random numbers, suitable for key generation, seeding
- * TCP sequence numbers, etc. It does not rely on the hardware random
- * number generator. For random bytes direct from the hardware RNG
- * (when available), use get_random_bytes_arch(). In order to ensure
- * that the randomness provided by this function is okay, the function
- * wait_for_random_bytes() should be called and return 0 at least once
- * at any point prior.
+ * TCP sequence numbers, etc. In order to ensure that the randomness
+ * by this function is okay, the function wait_for_random_bytes()
+ * should be called and return 0 at least once at any point prior.
*/
void get_random_bytes(void *buf, size_t len)
{
@@ -655,33 +652,6 @@ unsigned long randomize_page(unsigned long start, unsigned long range)
return start + (get_random_long() % range << PAGE_SHIFT);
}
-/*
- * This function will use the architecture-specific hardware random
- * number generator if it is available. It is not recommended for
- * use. Use get_random_bytes() instead. It returns the number of
- * bytes filled in.
- */
-size_t __must_check get_random_bytes_arch(void *buf, size_t len)
-{
- size_t left = len;
- u8 *p = buf;
-
- while (left) {
- unsigned long v;
- size_t block_len = min_t(size_t, left, sizeof(unsigned long));
-
- if (!arch_get_random_long(&v))
- break;
-
- memcpy(p, &v, block_len);
- p += block_len;
- left -= block_len;
- }
-
- return len - left;
-}
-EXPORT_SYMBOL(get_random_bytes_arch);
-
/**********************************************************************
*
@@ -919,6 +889,8 @@ static int random_pm_notification(struct notifier_block *nb, unsigned long actio
static struct notifier_block pm_notifier = { .notifier_call = random_pm_notification };
+static bool used_arch_random;
+
/*
* The first collection of entropy occurs at system boot while interrupts
* are still turned off. Here we push in latent entropy, RDSEED, a timestamp,
@@ -956,6 +928,7 @@ int __init random_init(const char *command_line)
crng_reseed();
else if (trust_cpu)
credit_init_bits(arch_bytes * 8);
+ used_arch_random = arch_bytes * 8 >= POOL_READY_BITS;
WARN_ON(register_pm_notifier(&pm_notifier));
@@ -964,6 +937,15 @@ int __init random_init(const char *command_line)
return 0;
}
+/*
+ * Returns whether arch randomness has been mixed into the
+ * initial state of the RNG.
+ */
+bool rng_has_arch_random(void)
+{
+ return used_arch_random;
+}
+
/*
* Add device- or boot-specific data to the input pool to help
* initialize it.
@@ -38,7 +38,6 @@ static inline int unregister_random_vmfork_notifier(struct notifier_block *nb) {
#endif
void get_random_bytes(void *buf, size_t len);
-size_t __must_check get_random_bytes_arch(void *buf, size_t len);
u32 get_random_u32(void);
u64 get_random_u64(void);
static inline unsigned int get_random_int(void)
@@ -77,6 +76,7 @@ unsigned long randomize_page(unsigned long start, unsigned long range);
int __init random_init(const char *command_line);
bool rng_is_initialized(void);
+bool rng_has_arch_random(void);
int wait_for_random_bytes(void);
int register_random_ready_notifier(struct notifier_block *nb);
int unregister_random_ready_notifier(struct notifier_block *nb);
@@ -776,12 +776,11 @@ static struct notifier_block random_ready = {
static int __init initialize_ptr_random(void)
{
- int key_size = sizeof(ptr_key);
int ret;
- /* Use hw RNG if available. */
- if (get_random_bytes_arch(&ptr_key, key_size) == key_size) {
- static_branch_disable(¬_filled_random_ptr_key);
+ /* Don't bother waiting for RNG to be ready if RDRAND is mixed in already. */
+ if (rng_has_arch_random()) {
+ enable_ptr_key_workfn(&enable_ptr_key_work);
return 0;
}
The RNG incorporates RDRAND into its state at boot and every time it reseeds, so there's no reason for callers to use it directly. The hashing that the RNG does on it is preferable to using the bytes raw. The only current use case of it is vsprintf's siphash key for pointer hashing, which uses it to initialize the pointer secret earlier than usual if RDRAND is available. In order to replace this narrow use case, just expose whether RDRAND is available. With that taken care of, there are no users of get_random_bytes_arch() left, so the function can be removed. Later if trust_cpu gets turned on by default (as most distros are doing), this one use of rng_has_arch_random() can probably go away as well. Cc: Petr Mladek <pmladek@suse.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> --- drivers/char/random.c | 48 +++++++++++++----------------------------- include/linux/random.h | 2 +- lib/vsprintf.c | 7 +++--- 3 files changed, 19 insertions(+), 38 deletions(-)