From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH 5.18 24/47] random: order timer entropy functions below interrupt functions
Date: Fri, 27 May 2022 10:50:04 +0200 [thread overview]
Message-ID: <20220527084805.321518683@linuxfoundation.org> (raw)
In-Reply-To: <20220527084801.223648383@linuxfoundation.org>
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
commit a4b5c26b79ffdfcfb816c198f2fc2b1e7b5b580f upstream.
There are no code changes here; this is just a reordering of functions,
so that in subsequent commits, the timer entropy functions can call into
the interrupt ones.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 238 +++++++++++++++++++++++++-------------------------
1 file changed, 119 insertions(+), 119 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -854,14 +854,14 @@ static void credit_init_bits(size_t nbit
* the above entropy accumulation routines:
*
* void add_device_randomness(const void *buf, size_t size);
- * void add_input_randomness(unsigned int type, unsigned int code,
- * unsigned int value);
- * void add_disk_randomness(struct gendisk *disk);
* void add_hwgenerator_randomness(const void *buffer, size_t count,
* size_t entropy);
* void add_bootloader_randomness(const void *buf, size_t size);
* void add_vmfork_randomness(const void *unique_vm_id, size_t size);
* void add_interrupt_randomness(int irq);
+ * void add_input_randomness(unsigned int type, unsigned int code,
+ * unsigned int value);
+ * void add_disk_randomness(struct gendisk *disk);
*
* add_device_randomness() adds data to the input pool that
* is likely to differ between two devices (or possibly even per boot).
@@ -871,19 +871,6 @@ static void credit_init_bits(size_t nbit
* that might otherwise be identical and have very little entropy
* available to them (particularly common in the embedded world).
*
- * add_input_randomness() uses the input layer interrupt timing, as well
- * as the event type information from the hardware.
- *
- * add_disk_randomness() uses what amounts to the seek time of block
- * layer request events, on a per-disk_devt basis, as input to the
- * entropy pool. Note that high-speed solid state drives with very low
- * seek times do not make for good sources of entropy, as their seek
- * times are usually fairly consistent.
- *
- * The above two routines try to estimate how many bits of entropy
- * to credit. They do this by keeping track of the first and second
- * order deltas of the event timings.
- *
* add_hwgenerator_randomness() is for true hardware RNGs, and will credit
* entropy as specified by the caller. If the entropy pool is full it will
* block until more entropy is needed.
@@ -901,6 +888,19 @@ static void credit_init_bits(size_t nbit
* as inputs, it feeds the input pool roughly once a second or after 64
* interrupts, crediting 1 bit of entropy for whichever comes first.
*
+ * add_input_randomness() uses the input layer interrupt timing, as well
+ * as the event type information from the hardware.
+ *
+ * add_disk_randomness() uses what amounts to the seek time of block
+ * layer request events, on a per-disk_devt basis, as input to the
+ * entropy pool. Note that high-speed solid state drives with very low
+ * seek times do not make for good sources of entropy, as their seek
+ * times are usually fairly consistent.
+ *
+ * The last two routines try to estimate how many bits of entropy
+ * to credit. They do this by keeping track of the first and second
+ * order deltas of the event timings.
+ *
**********************************************************************/
static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);
@@ -978,109 +978,6 @@ void add_device_randomness(const void *b
}
EXPORT_SYMBOL(add_device_randomness);
-/* There is one of these per entropy source */
-struct timer_rand_state {
- unsigned long last_time;
- long last_delta, last_delta2;
-};
-
-/*
- * This function adds entropy to the entropy "pool" by using timing
- * delays. It uses the timer_rand_state structure to make an estimate
- * of how many bits of entropy this call has added to the pool.
- *
- * The number "num" is also added to the pool - it should somehow describe
- * the type of event which just happened. This is currently 0-255 for
- * keyboard scan codes, and 256 upwards for interrupts.
- */
-static void add_timer_randomness(struct timer_rand_state *state, unsigned int num)
-{
- unsigned long entropy = random_get_entropy(), now = jiffies, flags;
- long delta, delta2, delta3;
-
- spin_lock_irqsave(&input_pool.lock, flags);
- _mix_pool_bytes(&entropy, sizeof(entropy));
- _mix_pool_bytes(&num, sizeof(num));
- spin_unlock_irqrestore(&input_pool.lock, flags);
-
- if (crng_ready())
- return;
-
- /*
- * Calculate number of bits of randomness we probably added.
- * We take into account the first, second and third-order deltas
- * in order to make our estimate.
- */
- delta = now - READ_ONCE(state->last_time);
- WRITE_ONCE(state->last_time, now);
-
- delta2 = delta - READ_ONCE(state->last_delta);
- WRITE_ONCE(state->last_delta, delta);
-
- delta3 = delta2 - READ_ONCE(state->last_delta2);
- WRITE_ONCE(state->last_delta2, delta2);
-
- if (delta < 0)
- delta = -delta;
- if (delta2 < 0)
- delta2 = -delta2;
- if (delta3 < 0)
- delta3 = -delta3;
- if (delta > delta2)
- delta = delta2;
- if (delta > delta3)
- delta = delta3;
-
- /*
- * delta is now minimum absolute delta.
- * Round down by 1 bit on general principles,
- * and limit entropy estimate to 12 bits.
- */
- credit_init_bits(min_t(unsigned int, fls(delta >> 1), 11));
-}
-
-void add_input_randomness(unsigned int type, unsigned int code,
- unsigned int value)
-{
- static unsigned char last_value;
- static struct timer_rand_state input_timer_state = { INITIAL_JIFFIES };
-
- /* Ignore autorepeat and the like. */
- if (value == last_value)
- return;
-
- last_value = value;
- add_timer_randomness(&input_timer_state,
- (type << 4) ^ code ^ (code >> 4) ^ value);
-}
-EXPORT_SYMBOL_GPL(add_input_randomness);
-
-#ifdef CONFIG_BLOCK
-void add_disk_randomness(struct gendisk *disk)
-{
- if (!disk || !disk->random)
- return;
- /* First major is 1, so we get >= 0x200 here. */
- add_timer_randomness(disk->random, 0x100 + disk_devt(disk));
-}
-EXPORT_SYMBOL_GPL(add_disk_randomness);
-
-void rand_initialize_disk(struct gendisk *disk)
-{
- struct timer_rand_state *state;
-
- /*
- * If kzalloc returns null, we just won't use that entropy
- * source.
- */
- state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
- if (state) {
- state->last_time = INITIAL_JIFFIES;
- disk->random = state;
- }
-}
-#endif
-
/*
* Interface for in-kernel drivers of true hardware RNGs.
* Those devices may produce endless random bits and will be throttled
@@ -1276,6 +1173,109 @@ void add_interrupt_randomness(int irq)
}
EXPORT_SYMBOL_GPL(add_interrupt_randomness);
+/* There is one of these per entropy source */
+struct timer_rand_state {
+ unsigned long last_time;
+ long last_delta, last_delta2;
+};
+
+/*
+ * This function adds entropy to the entropy "pool" by using timing
+ * delays. It uses the timer_rand_state structure to make an estimate
+ * of how many bits of entropy this call has added to the pool.
+ *
+ * The number "num" is also added to the pool - it should somehow describe
+ * the type of event which just happened. This is currently 0-255 for
+ * keyboard scan codes, and 256 upwards for interrupts.
+ */
+static void add_timer_randomness(struct timer_rand_state *state, unsigned int num)
+{
+ unsigned long entropy = random_get_entropy(), now = jiffies, flags;
+ long delta, delta2, delta3;
+
+ spin_lock_irqsave(&input_pool.lock, flags);
+ _mix_pool_bytes(&entropy, sizeof(entropy));
+ _mix_pool_bytes(&num, sizeof(num));
+ spin_unlock_irqrestore(&input_pool.lock, flags);
+
+ if (crng_ready())
+ return;
+
+ /*
+ * Calculate number of bits of randomness we probably added.
+ * We take into account the first, second and third-order deltas
+ * in order to make our estimate.
+ */
+ delta = now - READ_ONCE(state->last_time);
+ WRITE_ONCE(state->last_time, now);
+
+ delta2 = delta - READ_ONCE(state->last_delta);
+ WRITE_ONCE(state->last_delta, delta);
+
+ delta3 = delta2 - READ_ONCE(state->last_delta2);
+ WRITE_ONCE(state->last_delta2, delta2);
+
+ if (delta < 0)
+ delta = -delta;
+ if (delta2 < 0)
+ delta2 = -delta2;
+ if (delta3 < 0)
+ delta3 = -delta3;
+ if (delta > delta2)
+ delta = delta2;
+ if (delta > delta3)
+ delta = delta3;
+
+ /*
+ * delta is now minimum absolute delta.
+ * Round down by 1 bit on general principles,
+ * and limit entropy estimate to 12 bits.
+ */
+ credit_init_bits(min_t(unsigned int, fls(delta >> 1), 11));
+}
+
+void add_input_randomness(unsigned int type, unsigned int code,
+ unsigned int value)
+{
+ static unsigned char last_value;
+ static struct timer_rand_state input_timer_state = { INITIAL_JIFFIES };
+
+ /* Ignore autorepeat and the like. */
+ if (value == last_value)
+ return;
+
+ last_value = value;
+ add_timer_randomness(&input_timer_state,
+ (type << 4) ^ code ^ (code >> 4) ^ value);
+}
+EXPORT_SYMBOL_GPL(add_input_randomness);
+
+#ifdef CONFIG_BLOCK
+void add_disk_randomness(struct gendisk *disk)
+{
+ if (!disk || !disk->random)
+ return;
+ /* First major is 1, so we get >= 0x200 here. */
+ add_timer_randomness(disk->random, 0x100 + disk_devt(disk));
+}
+EXPORT_SYMBOL_GPL(add_disk_randomness);
+
+void rand_initialize_disk(struct gendisk *disk)
+{
+ struct timer_rand_state *state;
+
+ /*
+ * If kzalloc returns null, we just won't use that entropy
+ * source.
+ */
+ state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
+ if (state) {
+ state->last_time = INITIAL_JIFFIES;
+ disk->random = state;
+ }
+}
+#endif
+
/*
* Each time the timer fires, we expect that we got an unpredictable
* jump in the cycle counter. Even if the timer is running on another
next prev parent reply other threads:[~2022-05-27 8:58 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-27 8:49 [PATCH 5.18 00/47] 5.18.1-rc1 review Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 01/47] lockdown: also lock down previous kgdb use Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 02/47] HID: amd_sfh: Add support for sensor discovery Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 03/47] random: fix sysctl documentation nits Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 04/47] init: call time_init() before rand_initialize() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 05/47] ia64: define get_cycles macro for arch-override Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 06/47] s390: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 07/47] parisc: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 08/47] alpha: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 09/47] powerpc: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 10/47] timekeeping: Add raw clock fallback for random_get_entropy() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 11/47] m68k: use fallback for random_get_entropy() instead of zero Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 12/47] riscv: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 13/47] mips: use fallback for random_get_entropy() instead of just c0 random Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 14/47] arm: use fallback for random_get_entropy() instead of zero Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 15/47] nios2: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 16/47] x86/tsc: Use " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 17/47] um: use " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 18/47] sparc: " Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.18 19/47] xtensa: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 20/47] random: insist on random_get_entropy() existing in order to simplify Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 21/47] random: do not use batches when !crng_ready() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 22/47] random: use first 128 bits of input as fast init Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 23/47] random: do not pretend to handle premature next security model Greg Kroah-Hartman
2022-05-27 8:50 ` Greg Kroah-Hartman [this message]
2022-05-27 8:50 ` [PATCH 5.18 25/47] random: do not use input pool from hard IRQs Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 26/47] random: help compiler out with fast_mix() by using simpler arguments Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 27/47] siphash: use one source of truth for siphash permutations Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 28/47] random: use symbolic constants for crng_init states Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 29/47] random: avoid initializing twice in credit race Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 30/47] random: move initialization out of reseeding hot path Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 31/47] random: remove ratelimiting for in-kernel unseeded randomness Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 32/47] random: use proper jiffies comparison macro Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 33/47] random: handle latent entropy and command line from random_init() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 34/47] random: credit architectural init the exact amount Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 35/47] random: use static branch for crng_ready() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 36/47] random: remove extern from functions in header Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 37/47] random: use proper return types on get_random_{int,long}_wait() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 38/47] random: make consistent use of buf and len Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 39/47] random: move initialization functions out of hot pages Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 40/47] random: move randomize_page() into mm where it belongs Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 41/47] random: unify batched entropy implementations Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 42/47] random: convert to using fops->read_iter() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 43/47] random: convert to using fops->write_iter() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 44/47] random: wire up fops->splice_{read,write}_iter() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 45/47] random: check for signals after page of pool writes Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 46/47] ACPI: sysfs: Fix BERT error region memory mapping Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.18 47/47] ALSA: ctxfi: Add SB046x PCI ID Greg Kroah-Hartman
2022-05-27 22:40 ` [PATCH 5.18 00/47] 5.18.1-rc1 review Guenter Roeck
2022-05-28 1:53 ` Justin Forbes
2022-05-28 2:24 ` Ron Economos
2022-05-28 2:50 ` Bagas Sanjaya
2022-05-28 11:16 ` Naresh Kamboju
2022-05-28 13:39 ` Rudi Heitbaum
2022-05-29 2:48 ` Fox Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220527084805.321518683@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jason@zx2c4.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).