From patchwork Mon Feb 21 14:58:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 544489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3FACC433F5 for ; Mon, 21 Feb 2022 14:58:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378597AbiBUO6u (ORCPT ); Mon, 21 Feb 2022 09:58:50 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:55654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378607AbiBUO6s (ORCPT ); Mon, 21 Feb 2022 09:58:48 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7F612650; Mon, 21 Feb 2022 06:58:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 544D46111D; Mon, 21 Feb 2022 14:58:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2AC1DC340E9; Mon, 21 Feb 2022 14:58:22 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="Oq+efNoh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1645455500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m30Y6pCz0nayXwh5tE0f209A8zx+eNSfcHhDVp8qt7w=; b=Oq+efNoha28DJjkRc/kqRh7JXZ/w0Ct3DB2k1k6MRofxNhegPBuClp8Y7vKDLSrVd652eW ibOtRdQ2/+TPSVjHi0/l/JadigKYXuLfd0whVxF5gLlkaYperg9mgXni3+Dm9s4eNhH5Ec MaYAGfMjr0BN7M5aO7fI9btOGx7+TDs= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 14bbcbbb (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Mon, 21 Feb 2022 14:58:20 +0000 (UTC) From: "Jason A. Donenfeld" To: ebiggers@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" , Theodore Ts'o , Dominik Brodowski , Eric Biggers Subject: [PATCH v4] random: absorb fast pool into input pool after fast load Date: Mon, 21 Feb 2022 15:58:16 +0100 Message-Id: <20220221145816.2278732-1-Jason@zx2c4.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org During crng_init == 0, we never credit entropy in add_interrupt_ randomness(), but instead dump it directly into the primary_crng. That's fine, except for the fact that we then wind up throwing away that entropy later when we switch to extracting from the input pool and xoring into (and later in this series overwriting) the primary_crng key. The two other early init sites -- add_hwgenerator_randomness()'s use crng_fast_load() and add_device_ randomness()'s use of crng_slow_load() -- always additionally give their inputs to the input pool. But not add_interrupt_randomness(). This commit fixes that shortcoming by calling mix_pool_bytes() after crng_fast_load() in add_interrupt_randomness(). That's partially verboten on PREEMPT_RT, where it implies taking spinlock_t from an IRQ handler. But this also only happens during early boot and then never again after that. Plus it's a trylock so it has the same considerations as calling crng_fast_load(), which we're already using. Cc: Theodore Ts'o Reviewed-by: Dominik Brodowski Suggested-by: Eric Biggers Signed-off-by: Jason A. Donenfeld --- v4 has no changes except for a commit message nit, per Eric's request. drivers/char/random.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index d31b0b3afe2e..f3179c67010b 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -850,6 +850,10 @@ void add_interrupt_randomness(int irq) crng_fast_load((u8 *)fast_pool->pool, sizeof(fast_pool->pool)) > 0) { fast_pool->count = 0; fast_pool->last = now; + if (spin_trylock(&input_pool.lock)) { + _mix_pool_bytes(&fast_pool->pool, sizeof(fast_pool->pool)); + spin_unlock(&input_pool.lock); + } } return; }