From patchwork Mon Jan 24 20:29:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominik Brodowski X-Patchwork-Id: 536525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D515C433F5 for ; Mon, 24 Jan 2022 20:43:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351914AbiAXUnJ (ORCPT ); Mon, 24 Jan 2022 15:43:09 -0500 Received: from isilmar-4.linta.de ([136.243.71.142]:46478 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385536AbiAXUde (ORCPT ); Mon, 24 Jan 2022 15:33:34 -0500 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 35D0920140A; Mon, 24 Jan 2022 20:33:30 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id 3E81B809C2; Mon, 24 Jan 2022 21:30:02 +0100 (CET) From: Dominik Brodowski To: Matt Mackall , Herbert Xu Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH 1/6] hw_random: explicit ordering of initcalls Date: Mon, 24 Jan 2022 21:29:46 +0100 Message-Id: <20220124202951.28579-1-linux@dominikbrodowski.net> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org hw-random device drivers depend on the hw-random core being initialized. Make this ordering explicit, also for the case these drivers are built-in. As the core itself depends on misc_register() which is set up at subsys_initcall time, advance the initialization of the core (only) to the fs_initcall() level. Cc: Matt Mackall Cc: Herbert Xu Cc: Jason A. Donenfeld Signed-off-by: Dominik Brodowski --- drivers/char/hw_random/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index a3db27916256..e860e044b19e 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -638,7 +638,7 @@ static void __exit hwrng_modexit(void) unregister_miscdev(); } -module_init(hwrng_modinit); +fs_initcall(hwrng_modinit); /* depends on misc_register() */ module_exit(hwrng_modexit); MODULE_DESCRIPTION("H/W Random Number Generator (RNG) driver"); From patchwork Mon Jan 24 20:29:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominik Brodowski X-Patchwork-Id: 536526 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A486CC433F5 for ; Mon, 24 Jan 2022 20:43:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352157AbiAXUnF (ORCPT ); Mon, 24 Jan 2022 15:43:05 -0500 Received: from isilmar-4.linta.de ([136.243.71.142]:46512 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385545AbiAXUde (ORCPT ); Mon, 24 Jan 2022 15:33:34 -0500 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 293712010EB; Mon, 24 Jan 2022 20:33:30 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id 2C38980A2B; Mon, 24 Jan 2022 21:30:07 +0100 (CET) From: Dominik Brodowski To: Matt Mackall , Herbert Xu Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH 2/6] hw_random: read() callback must be called for size of 32 or more bytes Date: Mon, 24 Jan 2022 21:29:47 +0100 Message-Id: <20220124202951.28579-2-linux@dominikbrodowski.net> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124202951.28579-1-linux@dominikbrodowski.net> References: <20220124202951.28579-1-linux@dominikbrodowski.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org According to , the @max parameter of the ->read callback "is a multiple of 4 and >= 32 bytes". That promise was not kept by add_early_randomness(), which only asked for 16 bytes. As rng_buffer_size() is at least 32, we can simply ask for 32 bytes. Cc: Matt Mackall Cc: Herbert Xu Cc: Jason A. Donenfeld Signed-off-by: Dominik Brodowski --- drivers/char/hw_random/core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index e860e044b19e..c2d260b5dd92 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -64,10 +64,9 @@ static size_t rng_buffer_size(void) static void add_early_randomness(struct hwrng *rng) { int bytes_read; - size_t size = min_t(size_t, 16, rng_buffer_size()); mutex_lock(&reading_mutex); - bytes_read = rng_get_data(rng, rng_buffer, size, 0); + bytes_read = rng_get_data(rng, rng_buffer, 32, 0); mutex_unlock(&reading_mutex); if (bytes_read > 0) add_device_randomness(rng_buffer, bytes_read); From patchwork Mon Jan 24 20:29:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominik Brodowski X-Patchwork-Id: 534609 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7F25C433FE for ; Mon, 24 Jan 2022 20:43:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358832AbiAXUnG (ORCPT ); Mon, 24 Jan 2022 15:43:06 -0500 Received: from isilmar-4.linta.de ([136.243.71.142]:46480 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385542AbiAXUde (ORCPT ); Mon, 24 Jan 2022 15:33:34 -0500 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 30355201409; Mon, 24 Jan 2022 20:33:30 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id ABE6480A2D; Mon, 24 Jan 2022 21:30:08 +0100 (CET) From: Dominik Brodowski To: Matt Mackall , Herbert Xu Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH 3/6] hw_random: use rng_fillbuf in add_early_randomness() Date: Mon, 24 Jan 2022 21:29:48 +0100 Message-Id: <20220124202951.28579-3-linux@dominikbrodowski.net> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124202951.28579-1-linux@dominikbrodowski.net> References: <20220124202951.28579-1-linux@dominikbrodowski.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Using rng_buffer in add_early_randomness() may race with rng_dev_read(). Use rng_fillbuf instead, as it is otherwise only used within the kernel by hwrng_fillfn() and therefore never exposed to userspace. Cc: Matt Mackall Cc: Herbert Xu Cc: Jason A. Donenfeld Signed-off-by: Dominik Brodowski --- drivers/char/hw_random/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index c2d260b5dd92..89891ac87af0 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -66,10 +66,10 @@ static void add_early_randomness(struct hwrng *rng) int bytes_read; mutex_lock(&reading_mutex); - bytes_read = rng_get_data(rng, rng_buffer, 32, 0); + bytes_read = rng_get_data(rng, rng_fillbuf, 32, 0); mutex_unlock(&reading_mutex); if (bytes_read > 0) - add_device_randomness(rng_buffer, bytes_read); + add_device_randomness(rng_fillbuf, bytes_read); } static inline void cleanup_rng(struct kref *kref) From patchwork Mon Jan 24 20:29:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominik Brodowski X-Patchwork-Id: 536524 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49397C433FE for ; Mon, 24 Jan 2022 20:43:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234765AbiAXUm7 (ORCPT ); Mon, 24 Jan 2022 15:42:59 -0500 Received: from isilmar-4.linta.de ([136.243.71.142]:46488 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385547AbiAXUde (ORCPT ); Mon, 24 Jan 2022 15:33:34 -0500 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 380BF20140B; Mon, 24 Jan 2022 20:33:30 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id 145B680E5B; Mon, 24 Jan 2022 21:30:16 +0100 (CET) From: Dominik Brodowski To: Matt Mackall , Herbert Xu Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH 4/6] hw_random: only set cur_rng_set_by_user if it is working Date: Mon, 24 Jan 2022 21:29:49 +0100 Message-Id: <20220124202951.28579-4-linux@dominikbrodowski.net> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124202951.28579-1-linux@dominikbrodowski.net> References: <20220124202951.28579-1-linux@dominikbrodowski.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In case the user-specified rng device is not working, it is not used; therefore cur_rng_set_by_user must not be set to 1. Cc: Matt Mackall Cc: Herbert Xu Cc: Jason A. Donenfeld Signed-off-by: Dominik Brodowski --- drivers/char/hw_random/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 89891ac87af0..9405fcdace38 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -335,8 +335,9 @@ static ssize_t rng_current_store(struct device *dev, } else { list_for_each_entry(rng, &rng_list, list) { if (sysfs_streq(rng->name, buf)) { - cur_rng_set_by_user = 1; err = set_current_rng(rng); + if (!err) + cur_rng_set_by_user = 1; break; } } From patchwork Mon Jan 24 20:29:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominik Brodowski X-Patchwork-Id: 534608 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC69AC433EF for ; Mon, 24 Jan 2022 20:43:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351933AbiAXUnI (ORCPT ); Mon, 24 Jan 2022 15:43:08 -0500 Received: from isilmar-4.linta.de ([136.243.71.142]:46484 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385544AbiAXUde (ORCPT ); Mon, 24 Jan 2022 15:33:34 -0500 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 3ED3B20140C; Mon, 24 Jan 2022 20:33:30 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id B809480E60; Mon, 24 Jan 2022 21:30:19 +0100 (CET) From: Dominik Brodowski To: Matt Mackall , Herbert Xu Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH 5/6] hw_random: break out of hwrng_fillfn if current rng is not trusted Date: Mon, 24 Jan 2022 21:29:50 +0100 Message-Id: <20220124202951.28579-5-linux@dominikbrodowski.net> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124202951.28579-1-linux@dominikbrodowski.net> References: <20220124202951.28579-1-linux@dominikbrodowski.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org For two reasons, current_quality may become zero within the rngd kernel thread: (1) The user lowers current_quality to 0 by writing to the sysfs module parameter file (note that increasing the quality from zero is without effect at the moment), or (2) there are two or more hwrng devices registered, and those which provide quality>0 are unregistered, but one with quality==0 remains. If current_quality is 0, the randomness is not trusted and cannot help to increase the entropy count. That will lead to continuous calls to the hwrngd thread and continuous stirring of the input pool with untrusted bits. Cc: Matt Mackall Cc: Herbert Xu Cc: Jason A. Donenfeld Signed-off-by: Dominik Brodowski --- drivers/char/hw_random/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 9405fcdace38..bc9f95cbac92 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -429,6 +429,9 @@ static int hwrng_fillfn(void *unused) while (!kthread_should_stop()) { struct hwrng *rng; + if (!current_quality) + break; + rng = get_current_rng(); if (IS_ERR(rng) || !rng) break; From patchwork Mon Jan 24 20:29:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominik Brodowski X-Patchwork-Id: 536523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF2FAC433FE for ; Mon, 24 Jan 2022 21:09:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376737AbiAXVJP (ORCPT ); Mon, 24 Jan 2022 16:09:15 -0500 Received: from isilmar-4.linta.de ([136.243.71.142]:51024 "EHLO isilmar-4.linta.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444056AbiAXU7z (ORCPT ); Mon, 24 Jan 2022 15:59:55 -0500 X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 8EC1220124E; Mon, 24 Jan 2022 20:33:30 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id B3FDE80E73; Mon, 24 Jan 2022 21:30:21 +0100 (CET) From: Dominik Brodowski To: Matt Mackall , Herbert Xu Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH 6/6] hw_random: credit entropy for low quality sources of randomness Date: Mon, 24 Jan 2022 21:29:51 +0100 Message-Id: <20220124202951.28579-6-linux@dominikbrodowski.net> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124202951.28579-1-linux@dominikbrodowski.net> References: <20220124202951.28579-1-linux@dominikbrodowski.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In case the entropy quality is low, there may be less than one bit to credit in the call to add_hwgenerator_randomness(): The number of bytes returned by rng_get_data() multiplied by the current quality (in entropy bits per 1024 bits of input) must be larger than 128 to credit at least one bit. However, imx-rngc.c sets the quality to 19, but may return less than 32 bytes; hid_u2fzero.c sets the quality to 1; and users may override the quality setting manually. In case there is less than one bit to credit, keep track of it and add that credit to the next iteration. Cc: Matt Mackall Cc: Herbert Xu Cc: Jason A. Donenfeld Signed-off-by: Dominik Brodowski --- drivers/char/hw_random/core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index bc9f95cbac92..6d7f05641c7c 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -427,6 +427,7 @@ static int hwrng_fillfn(void *unused) long rc; while (!kthread_should_stop()) { + size_t entropy, entropy_credit = 0; /* in 1/1024 of a bit */ struct hwrng *rng; if (!current_quality) @@ -445,9 +446,17 @@ static int hwrng_fillfn(void *unused) msleep_interruptible(10000); continue; } + + /* If we cannot credit at least one bit of entropy, + * keep track of the remainder for the next iteration + */ + entropy = rc * current_quality * 8 + entropy_credit; + if ((entropy >> 10) == 0) + entropy_credit = entropy; + /* Outside lock, sure, but y'know: randomness. */ add_hwgenerator_randomness((void *)rng_fillbuf, rc, - rc * current_quality * 8 >> 10); + entropy >> 10); } hwrng_fill = NULL; return 0;