tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'random-5.17-rc3-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random

Pull random number generator fixes from Jason Donenfeld:
"For this week, we have:

- A fix to make more frequent use of hwgenerator randomness, from
Dominik.

- More cleanups to the boot initialization sequence, from Dominik.

- A fix for an old shortcoming with the ZAP ioctl, from me.

- A workaround for a still unfixed Clang CFI/FullLTO compiler bug,
from me. On one hand, it's a bummer to commit workarounds for
experimental compiler features that have bugs. But on the other, I
think this actually improves the code somewhat, independent of the
bug. So a win-win"

* tag 'random-5.17-rc3-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random:
random: only call crng_finalize_init() for primary_crng
random: access primary_pool directly rather than through pointer
random: wake up /dev/random writers after zap
random: continually use hwgenerator randomness
lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI

Linus Torvalds ba6ef8af ddb16b08

+55 -40
+2 -2
arch/arm/crypto/blake2s-shash.c
··· 13 13 static int crypto_blake2s_update_arm(struct shash_desc *desc, 14 14 const u8 *in, unsigned int inlen) 15 15 { 16 - return crypto_blake2s_update(desc, in, inlen, blake2s_compress); 16 + return crypto_blake2s_update(desc, in, inlen, false); 17 17 } 18 18 19 19 static int crypto_blake2s_final_arm(struct shash_desc *desc, u8 *out) 20 20 { 21 - return crypto_blake2s_final(desc, out, blake2s_compress); 21 + return crypto_blake2s_final(desc, out, false); 22 22 } 23 23 24 24 #define BLAKE2S_ALG(name, driver_name, digest_size) \
+2 -2
arch/x86/crypto/blake2s-shash.c
··· 18 18 static int crypto_blake2s_update_x86(struct shash_desc *desc, 19 19 const u8 *in, unsigned int inlen) 20 20 { 21 - return crypto_blake2s_update(desc, in, inlen, blake2s_compress); 21 + return crypto_blake2s_update(desc, in, inlen, false); 22 22 } 23 23 24 24 static int crypto_blake2s_final_x86(struct shash_desc *desc, u8 *out) 25 25 { 26 - return crypto_blake2s_final(desc, out, blake2s_compress); 26 + return crypto_blake2s_final(desc, out, false); 27 27 } 28 28 29 29 #define BLAKE2S_ALG(name, driver_name, digest_size) \
+2 -2
crypto/blake2s_generic.c
··· 15 15 static int crypto_blake2s_update_generic(struct shash_desc *desc, 16 16 const u8 *in, unsigned int inlen) 17 17 { 18 - return crypto_blake2s_update(desc, in, inlen, blake2s_compress_generic); 18 + return crypto_blake2s_update(desc, in, inlen, true); 19 19 } 20 20 21 21 static int crypto_blake2s_final_generic(struct shash_desc *desc, u8 *out) 22 22 { 23 - return crypto_blake2s_final(desc, out, blake2s_compress_generic); 23 + return crypto_blake2s_final(desc, out, true); 24 24 } 25 25 26 26 #define BLAKE2S_ALG(name, driver_name, digest_size) \
+22 -17
drivers/char/random.c
··· 762 762 return arch_init; 763 763 } 764 764 765 - static bool __init crng_init_try_arch_early(struct crng_state *crng) 765 + static bool __init crng_init_try_arch_early(void) 766 766 { 767 767 int i; 768 768 bool arch_init = true; ··· 774 774 rv = random_get_entropy(); 775 775 arch_init = false; 776 776 } 777 - crng->state[i] ^= rv; 777 + primary_crng.state[i] ^= rv; 778 778 } 779 779 780 780 return arch_init; ··· 788 788 crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; 789 789 } 790 790 791 - static void __init crng_initialize_primary(struct crng_state *crng) 791 + static void __init crng_initialize_primary(void) 792 792 { 793 - _extract_entropy(&crng->state[4], sizeof(u32) * 12); 794 - if (crng_init_try_arch_early(crng) && trust_cpu && crng_init < 2) { 793 + _extract_entropy(&primary_crng.state[4], sizeof(u32) * 12); 794 + if (crng_init_try_arch_early() && trust_cpu && crng_init < 2) { 795 795 invalidate_batched_entropy(); 796 796 numa_crng_init(); 797 797 crng_init = 2; 798 798 pr_notice("crng init done (trusting CPU's manufacturer)\n"); 799 799 } 800 - crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; 800 + primary_crng.init_time = jiffies - CRNG_RESEED_INTERVAL - 1; 801 801 } 802 802 803 - static void crng_finalize_init(struct crng_state *crng) 803 + static void crng_finalize_init(void) 804 804 { 805 - if (crng != &primary_crng || crng_init >= 2) 806 - return; 807 805 if (!system_wq) { 808 806 /* We can't call numa_crng_init until we have workqueues, 809 807 * so mark this for processing later. */ ··· 812 814 invalidate_batched_entropy(); 813 815 numa_crng_init(); 814 816 crng_init = 2; 817 + crng_need_final_init = false; 815 818 process_random_ready_list(); 816 819 wake_up_interruptible(&crng_init_wait); 817 820 kill_fasync(&fasync, SIGIO, POLL_IN); ··· 979 980 memzero_explicit(&buf, sizeof(buf)); 980 981 WRITE_ONCE(crng->init_time, jiffies); 981 982 spin_unlock_irqrestore(&crng->lock, flags); 982 - crng_finalize_init(crng); 983 + if (crng == &primary_crng && crng_init < 2) 984 + crng_finalize_init(); 983 985 } 984 986 985 987 static void _extract_crng(struct crng_state *crng, u8 out[CHACHA_BLOCK_SIZE]) ··· 1697 1697 { 1698 1698 init_std_data(); 1699 1699 if (crng_need_final_init) 1700 - crng_finalize_init(&primary_crng); 1701 - crng_initialize_primary(&primary_crng); 1700 + crng_finalize_init(); 1701 + crng_initialize_primary(); 1702 1702 crng_global_init_time = jiffies; 1703 1703 if (ratelimit_disable) { 1704 1704 urandom_warning.interval = 0; ··· 1856 1856 */ 1857 1857 if (!capable(CAP_SYS_ADMIN)) 1858 1858 return -EPERM; 1859 - input_pool.entropy_count = 0; 1859 + if (xchg(&input_pool.entropy_count, 0) && random_write_wakeup_bits) { 1860 + wake_up_interruptible(&random_write_wait); 1861 + kill_fasync(&fasync, SIGIO, POLL_OUT); 1862 + } 1860 1863 return 0; 1861 1864 case RNDRESEEDCRNG: 1862 1865 if (!capable(CAP_SYS_ADMIN)) ··· 2208 2205 return; 2209 2206 } 2210 2207 2211 - /* Suspend writing if we're above the trickle threshold. 2208 + /* Throttle writing if we're above the trickle threshold. 2212 2209 * We'll be woken up again once below random_write_wakeup_thresh, 2213 - * or when the calling thread is about to terminate. 2210 + * when the calling thread is about to terminate, or once 2211 + * CRNG_RESEED_INTERVAL has lapsed. 2214 2212 */ 2215 - wait_event_interruptible(random_write_wait, 2213 + wait_event_interruptible_timeout(random_write_wait, 2216 2214 !system_wq || kthread_should_stop() || 2217 - POOL_ENTROPY_BITS() <= random_write_wakeup_bits); 2215 + POOL_ENTROPY_BITS() <= random_write_wakeup_bits, 2216 + CRNG_RESEED_INTERVAL); 2218 2217 mix_pool_bytes(buffer, count); 2219 2218 credit_entropy_bits(entropy); 2220 2219 }
+25 -15
include/crypto/internal/blake2s.h
··· 24 24 state->f[0] = -1; 25 25 } 26 26 27 - typedef void (*blake2s_compress_t)(struct blake2s_state *state, 28 - const u8 *block, size_t nblocks, u32 inc); 29 - 30 27 /* Helper functions for BLAKE2s shared by the library and shash APIs */ 31 28 32 - static inline void __blake2s_update(struct blake2s_state *state, 33 - const u8 *in, size_t inlen, 34 - blake2s_compress_t compress) 29 + static __always_inline void 30 + __blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen, 31 + bool force_generic) 35 32 { 36 33 const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen; 37 34 ··· 36 39 return; 37 40 if (inlen > fill) { 38 41 memcpy(state->buf + state->buflen, in, fill); 39 - (*compress)(state, state->buf, 1, BLAKE2S_BLOCK_SIZE); 42 + if (force_generic) 43 + blake2s_compress_generic(state, state->buf, 1, 44 + BLAKE2S_BLOCK_SIZE); 45 + else 46 + blake2s_compress(state, state->buf, 1, 47 + BLAKE2S_BLOCK_SIZE); 40 48 state->buflen = 0; 41 49 in += fill; 42 50 inlen -= fill; ··· 49 47 if (inlen > BLAKE2S_BLOCK_SIZE) { 50 48 const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE); 51 49 /* Hash one less (full) block than strictly possible */ 52 - (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE); 50 + if (force_generic) 51 + blake2s_compress_generic(state, in, nblocks - 1, 52 + BLAKE2S_BLOCK_SIZE); 53 + else 54 + blake2s_compress(state, in, nblocks - 1, 55 + BLAKE2S_BLOCK_SIZE); 53 56 in += BLAKE2S_BLOCK_SIZE * (nblocks - 1); 54 57 inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1); 55 58 } ··· 62 55 state->buflen += inlen; 63 56 } 64 57 65 - static inline void __blake2s_final(struct blake2s_state *state, u8 *out, 66 - blake2s_compress_t compress) 58 + static __always_inline void 59 + __blake2s_final(struct blake2s_state *state, u8 *out, bool force_generic) 67 60 { 68 61 blake2s_set_lastblock(state); 69 62 memset(state->buf + state->buflen, 0, 70 63 BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */ 71 - (*compress)(state, state->buf, 1, state->buflen); 64 + if (force_generic) 65 + blake2s_compress_generic(state, state->buf, 1, state->buflen); 66 + else 67 + blake2s_compress(state, state->buf, 1, state->buflen); 72 68 cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); 73 69 memcpy(out, state->h, state->outlen); 74 70 } ··· 109 99 110 100 static inline int crypto_blake2s_update(struct shash_desc *desc, 111 101 const u8 *in, unsigned int inlen, 112 - blake2s_compress_t compress) 102 + bool force_generic) 113 103 { 114 104 struct blake2s_state *state = shash_desc_ctx(desc); 115 105 116 - __blake2s_update(state, in, inlen, compress); 106 + __blake2s_update(state, in, inlen, force_generic); 117 107 return 0; 118 108 } 119 109 120 110 static inline int crypto_blake2s_final(struct shash_desc *desc, u8 *out, 121 - blake2s_compress_t compress) 111 + bool force_generic) 122 112 { 123 113 struct blake2s_state *state = shash_desc_ctx(desc); 124 114 125 - __blake2s_final(state, out, compress); 115 + __blake2s_final(state, out, force_generic); 126 116 return 0; 127 117 } 128 118
+2 -2
lib/crypto/blake2s.c
··· 18 18 19 19 void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen) 20 20 { 21 - __blake2s_update(state, in, inlen, blake2s_compress); 21 + __blake2s_update(state, in, inlen, false); 22 22 } 23 23 EXPORT_SYMBOL(blake2s_update); 24 24 25 25 void blake2s_final(struct blake2s_state *state, u8 *out) 26 26 { 27 27 WARN_ON(IS_ENABLED(DEBUG) && !out); 28 - __blake2s_final(state, out, blake2s_compress); 28 + __blake2s_final(state, out, false); 29 29 memzero_explicit(state, sizeof(*state)); 30 30 } 31 31 EXPORT_SYMBOL(blake2s_final);