[PATCH 00/10] /dev/random fixups

July 05th, 2012 - 02:20 pm ET by Theodore Tso | Report spam

This patch series addresses some shortcomings in the /dev/random driver
discovered by Zakir Durumeric, Nadia Halderman, J. Alex Heninger, and
Eric Wustrow. For more information please see https://factorable.net/

One notable change from previous versions of this patch is that I'm now
fixing in the EIP from the interrupt handler into entropy pool as well
as the timestamp, in order to add more variability. In addition, if the
CPU has a hardware random number generator, we use it in
xfer_secondary_pool so that some input from the CPU's HWRNG is mixed in
whenever we generate random bytes.

Thanks to Dan Carbenter, Thomas Gleixner, Greg K-H, David Miller, Willy
Tarreau, Linus Torvalds, and Eric Wustrow who all provided very valuable
input, testing, and code.

Please review and comment; the plan is for Linus to pull them during the
next merge window.

- Ted

Linus Torvalds (1):
random: create add_device_randomness() interface

Theodore Ts'o (9):
random: make 'add_interrupt_randomness()' do something sane
random: use lockless techniques when mixing entropy pools
usb: feed USB device information to the /dev/random driver
net: feed /dev/random with the MAC address when registering a device
random: use the arch-specific rng in xfer_secondary_pool
random: add new get_random_bytes_arch() function
random: unify mix_pool_bytes() and mix_pool_bytes_entropy()
random: add tracepoints for easier debugging and verification
MAINTAINERS: Theodore Ts'o is taking over the random driver

MAINTAINERS | 4 +-
drivers/char/random.c | 223 ++++++++++++++++++++++++++++++++-
drivers/mfd/ab3100-core.c | 2 -
drivers/usb/core/hub.c | 9 ++
include/linux/random.h | 2 +
include/trace/events/random.h | 132 +++++++++++++++++++++++++
kernel/irq/handle.c | 3 +-
net/core/dev.c | 3 +
8 files changed, 319 insertions(+), 59 deletions(-)
create mode 100644 include/trace/events/random.h

1.7.11.1.108.gb129051

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow the discussion Replies

38 replies Replies

Make a reply

Replies

#1 Theodore Tso

July 05th, 2012 - 02:20 pm ET | Report spam

From: Linus Torvalds

Add a new interface, add_device_randomness() for adding data to the
random pool that is likely to differ between two devices (or possibly
even per boot). This would be things like MAC addresses or serial
numbers, or the read-out of the RTC. This does *not* add any actual
entropy to the pool, but it initializes the pool to different values
for devices that might otherwise be identical and have very little
entropy available to them (particularly common in the embedded world).

[ Modified by tytso to mix in a timestamp, since there may be some
variability caused by the time needed to detect/configure the hardware
in question. ]

Signed-off-by: Linus Torvalds
Signed-off-by: "Theodore Ts'o"
Cc:

drivers/char/random.c | 28 ++++++++++++++++++++++++++++
include/linux/random.h | 1 +
2 files changed, 29 insertions(+)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 789709e..59ddcce 100644
a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -125,11 +125,20 @@
* The current exported interfaces for gathering environmental noise
* from the devices are:
*
+ * void add_device_randomness(const void *buf, unsigned int size);
* void add_input_randomness(unsigned int type, unsigned int code,
* unsigned int value);
* void add_interrupt_randomness(int irq);
* void add_disk_randomness(struct gendisk *disk);
*
+ * add_device_randomness() is for adding data to the random pool that
+ * is likely to differ between two devices (or possibly even per boot).
+ * This would be things like MAC addresses or serial numbers, or the
+ * read-out of the RTC. This does *not* add any actual entropy to the
+ * pool, but it initializes the pool to different values for devices
+ * that might otherwise be identical and have very little entropy
+ * available to them (particularly common in the embedded world).
+ *
* add_input_randomness() uses the input layer interrupt timing, as well as
* the event type information from the hardware.
*
@@ -652,6 +661,25 @@ static void set_timer_rand_state(unsigned int irq,
}
#endif

+/*
+ * Add device- or boot-specific data to the input and nonblocking
+ * pools to help initialize them to unique values.
+ *
+ * None of this adds any entropy, it is meant to avoid the
+ * problem of the nonblocking pool having similar initial state
+ * across largely identical devices.
+ */
+void add_device_randomness(const void *buf, unsigned int size)
+{
+ unsigned long time = get_cycles() ^ jiffies;
+
+ mix_pool_bytes(&input_pool, buf, size);
+ mix_pool_bytes(&input_pool, &time, sizeof(time));
+ mix_pool_bytes(&nonblocking_pool, buf, size);
+ mix_pool_bytes(&nonblocking_pool, &time, sizeof(time));
+}
+EXPORT_SYMBOL(add_device_randomness);
+
static struct timer_rand_state input_timer_state;

/*
diff --git a/include/linux/random.h b/include/linux/random.h
index 8f74538..6b55c51 100644
a/include/linux/random.h
+++ b/include/linux/random.h
@@ -50,6 +50,7 @@ struct rnd_state {

extern void rand_initialize_irq(int irq);

+extern void add_device_randomness(const void *, unsigned int);
extern void add_input_randomness(unsigned int type, unsigned int code,
unsigned int value);
extern void add_interrupt_randomness(int irq);
1.7.11.1.108.gb129051

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Read all the answers

[PATCH 00/10] /dev/random fixups

Replies

Similar topics