Re: [PATCH] random: handle latent entropy and command line from random_init()
From: Dominik Brodowski
Date: Fri May 13 2022 - 02:26:29 EST
Am Thu, May 12, 2022 at 02:48:39PM +0200 schrieb Jason A. Donenfeld:
> Currently, start_kernel() adds latent entropy and the command line to
> the entropy bool *after* the RNG has been initialized, deferring when
> it's actually used by things like stack canaries until the next time
> the pool is seeded. This surely is not intended.
>
> Rather than splitting up which entropy gets added where and when between
> start_kernel() and random_init(), just do everything in random_init(),
> which should eliminate these kinds of bugs in the future.
>
> While we're at it, rename the awkwardly titled "rand_initialize()" to
> the more standard "random_init()" nomenclature.
>
> Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> ---
> drivers/char/random.c | 17 ++++++++++-------
> include/linux/random.h | 17 ++++++++---------
> init/main.c | 8 ++------
> 3 files changed, 20 insertions(+), 22 deletions(-)
>
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index d4bc9beaed2c..bd80d74a7f8c 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -926,12 +926,13 @@ static struct notifier_block pm_notifier = { .notifier_call = random_pm_notifica
>
> /*
> * The first collection of entropy occurs at system boot while interrupts
> - * are still turned off. Here we push in RDSEED, a timestamp, and utsname().
> - * Depending on the above configuration knob, RDSEED may be considered
> - * sufficient for initialization. Note that much earlier setup may already
> - * have pushed entropy into the input pool by the time we get here.
> + * are still turned off. Here we push in latent entropy, RDSEED, a timestamp,
> + * utsname(), and the command line. Depending on the above configuration knob,
> + * RDSEED may be considered sufficient for initialization. Note that much
> + * earlier setup may already have pushed entropy into the input pool by the
> + * time we get here.
> */
> -int __init rand_initialize(void)
> +int __init random_init(const char *command_line)
> {
> size_t i;
> ktime_t now = ktime_get_real();
> @@ -953,6 +954,8 @@ int __init rand_initialize(void)
> }
> _mix_pool_bytes(&now, sizeof(now));
> _mix_pool_bytes(utsname(), sizeof(*(utsname())));
> + _mix_pool_bytes(command_line, strlen(command_line));
> + add_latent_entropy();
>
> if (crng_ready()) {
> /*
> @@ -1703,8 +1706,8 @@ static struct ctl_table random_table[] = {
> };
>
> /*
> - * rand_initialize() is called before sysctl_init(),
> - * so we cannot call register_sysctl_init() in rand_initialize()
> + * random_init() is called before sysctl_init(),
> + * so we cannot call register_sysctl_init() in random_init()
> */
> static int __init random_sysctls_init(void)
> {
> diff --git a/include/linux/random.h b/include/linux/random.h
> index f673fbb838b3..6eabea6697d0 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -14,22 +14,21 @@ struct notifier_block;
>
> extern void add_device_randomness(const void *, size_t);
> extern void add_bootloader_randomness(const void *, size_t);
> +extern void add_input_randomness(unsigned int type, unsigned int code,
> + unsigned int value) __latent_entropy;
> +extern void add_interrupt_randomness(int irq) __latent_entropy;
> +extern void add_hwgenerator_randomness(const void *buffer, size_t count,
> + size_t entropy);
>
> #if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
> static inline void add_latent_entropy(void)
> {
> - add_device_randomness((const void *)&latent_entropy,
> - sizeof(latent_entropy));
> + add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
> }
> #else
> -static inline void add_latent_entropy(void) {}
> +static inline void add_latent_entropy(void) { }
Stray change here, which doesn't seem necessary...
Otherwise:
Reviewed-by: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
Thanks,
Dominik