提交 ee7998c5 编写于 作者: K Kees Cook 提交者: Linus Torvalds

random: do not ignore early device randomness

The add_device_randomness() function would ignore incoming bytes if the
crng wasn't ready.  This additionally makes sure to make an early enough
call to add_latent_entropy() to influence the initial stack canary,
which is especially important on non-x86 systems where it stays the same
through the life of the boot.

Link: http://lkml.kernel.org/r/20170626233038.GA48751@beastSigned-off-by: NKees Cook <keescook@chromium.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jessica Yu <jeyu@redhat.com>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 9380fa60
...@@ -987,6 +987,11 @@ void add_device_randomness(const void *buf, unsigned int size) ...@@ -987,6 +987,11 @@ void add_device_randomness(const void *buf, unsigned int size)
unsigned long time = random_get_entropy() ^ jiffies; unsigned long time = random_get_entropy() ^ jiffies;
unsigned long flags; unsigned long flags;
if (!crng_ready()) {
crng_fast_load(buf, size);
return;
}
trace_add_device_randomness(size, _RET_IP_); trace_add_device_randomness(size, _RET_IP_);
spin_lock_irqsave(&input_pool.lock, flags); spin_lock_irqsave(&input_pool.lock, flags);
_mix_pool_bytes(&input_pool, buf, size); _mix_pool_bytes(&input_pool, buf, size);
......
...@@ -518,6 +518,7 @@ asmlinkage __visible void __init start_kernel(void) ...@@ -518,6 +518,7 @@ asmlinkage __visible void __init start_kernel(void)
/* /*
* Set up the initial canary ASAP: * Set up the initial canary ASAP:
*/ */
add_latent_entropy();
boot_init_stack_canary(); boot_init_stack_canary();
cgroup_init_early(); cgroup_init_early();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册