Commit 478f74a3 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'random-5.18-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random 

Pull random number generator fixes from Jason Donenfeld:

 - If a hardware random number generator passes a sufficiently large
   chunk of entropy to random.c during early boot, we now skip the
   "fast_init" business and let it initialize the RNG.

   This makes CONFIG_RANDOM_TRUST_BOOTLOADER=y actually useful.

 - We already have the command line `random.trust_cpu=0/1` option for
   RDRAND, which let distros enable CONFIG_RANDOM_TRUST_CPU=y while
   placating concerns of more paranoid users.

   Now we add `random.trust_bootloader=0/1` so that distros can
   similarly enable CONFIG_RANDOM_TRUST_BOOTLOADER=y.

 - Re-add a comment that got removed by accident in the recent revert.

 - Add the spec-compliant ACPI CID for vmgenid, which Microsoft added to
   the vmgenid spec at Ard's request during earlier review.

 - Restore build-time randomness via the latent entropy plugin, which
   was lost when we transitioned to using a hash function.

* tag 'random-5.18-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random:
  random: mix build-time latent entropy into pool at init
  virt: vmgenid: recognize new CID added by Hyper-V
  random: re-add removed comment about get_random_{u32,u64} reseeding
  random: treat bootloader trust toggle the same way as cpu trust toggle
  random: skip fast_init if hwrng provides large chunk of entropy
parents 354b8bf2 1754abb3

Documentation/admin-guide/kernel-parameters.txt

+6 −0
Original line number Diff line number Diff line
@@ -4427,6 +4427,12 @@ 
			fully seed the kernel's CRNG. Default is controlled

			by CONFIG_RANDOM_TRUST_CPU.



	random.trust_bootloader={on,off}

			[KNL] Enable or disable trusting the use of a

			seed passed by the bootloader (if available) to

			fully seed the kernel's CRNG. Default is controlled

			by CONFIG_RANDOM_TRUST_BOOTLOADER.



	randomize_kstack_offset=

			[KNL] Enable or disable kernel stack offset

			randomization, which provides roughly 5 bits of

drivers/char/Kconfig

+2 −1
Original line number Diff line number Diff line
@@ -449,6 +449,7 @@ config RANDOM_TRUST_BOOTLOADER 
	device randomness. Say Y here to assume the entropy provided by the

	booloader is trustworthy so it will be added to the kernel's entropy

	pool. Otherwise, say N here so it will be regarded as device input that

	only mixes the entropy pool.

	only mixes the entropy pool. This can also be configured at boot with

	"random.trust_bootloader=on/off".



endmenu

drivers/char/random.c

+17 −5
Original line number Diff line number Diff line
@@ -224,9 +224,10 @@ static void _warn_unseeded_randomness(const char *func_name, void *caller, void 
 *

 * These interfaces will return the requested number of random bytes

 * into the given buffer or as a return value. This is equivalent to

 * a read from /dev/urandom. The integer family of functions may be

 * higher performance for one-off random integers, because they do a

 * bit of buffering.

 * a read from /dev/urandom. The u32, u64, int, and long family of

 * functions may be higher performance for one-off random integers,

 * because they do a bit of buffering and do not invoke reseeding

 * until the buffer is emptied.

 *

 *********************************************************************/
@@ -948,11 +949,17 @@ static bool drain_entropy(void *buf, size_t nbytes, bool force) 
 **********************************************************************/



static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);

static bool trust_bootloader __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER);

static int __init parse_trust_cpu(char *arg)

{

	return kstrtobool(arg, &trust_cpu);

}

static int __init parse_trust_bootloader(char *arg)

{

	return kstrtobool(arg, &trust_bootloader);

}

early_param("random.trust_cpu", parse_trust_cpu);

early_param("random.trust_bootloader", parse_trust_bootloader);



/*

 * The first collection of entropy occurs at system boot while interrupts
@@ -968,6 +975,11 @@ int __init rand_initialize(void) 
	bool arch_init = true;

	unsigned long rv;



#if defined(LATENT_ENTROPY_PLUGIN)

	static const u8 compiletime_seed[BLAKE2S_BLOCK_SIZE] __initconst __latent_entropy;

	_mix_pool_bytes(compiletime_seed, sizeof(compiletime_seed));

#endif



	for (i = 0; i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) {

		if (!arch_get_random_seed_long_early(&rv) &&

		    !arch_get_random_long_early(&rv)) {
@@ -1128,7 +1140,7 @@ void rand_initialize_disk(struct gendisk *disk) 
void add_hwgenerator_randomness(const void *buffer, size_t count,

				size_t entropy)

{

	if (unlikely(crng_init == 0)) {

	if (unlikely(crng_init == 0 && entropy < POOL_MIN_BITS)) {

		size_t ret = crng_pre_init_inject(buffer, count, true);

		mix_pool_bytes(buffer, ret);

		count -= ret;
@@ -1160,7 +1172,7 @@ EXPORT_SYMBOL_GPL(add_hwgenerator_randomness); 
 */

void add_bootloader_randomness(const void *buf, size_t size)

{

	if (IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER))

	if (trust_bootloader)

		add_hwgenerator_randomness(buf, size, size * 8);

	else

		add_device_randomness(buf, size);

drivers/virt/vmgenid.c

+1 −0
Original line number Diff line number Diff line
@@ -78,6 +78,7 @@ static void vmgenid_notify(struct acpi_device *device, u32 event) 
}



static const struct acpi_device_id vmgenid_ids[] = {

	{ "VMGENCTR", 0 },

	{ "VM_GEN_COUNTER", 0 },

	{ }

};