diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-07-28 19:40:06 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-07-28 19:40:06 -0700 |
commit | a26fb01c2879ed7026e6cbd78bb701912d249eef (patch) | |
tree | 59c3c53ca0e7cb8abb5f0dfc87e7f28a0ca4c346 /drivers/char | |
parent | 2ffb57dfa793ca2932c524a1e91d403b28bd84b9 (diff) | |
parent | 81e69df38e2911b642ec121dec319fad2a4782f3 (diff) | |
download | linux-a26fb01c2879ed7026e6cbd78bb701912d249eef.tar.bz2 |
Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
Pull random fixes from Ted Ts'o:
"In reaction to the fixes to address CVE-2018-1108, some Linux
distributions that have certain systemd versions in some cases
combined with patches to libcrypt for FIPS/FEDRAMP compliance, have
led to boot-time stalls for some hardware.
The reaction by some distros and Linux sysadmins has been to install
packages that try to do complicated things with the CPU and hope that
leads to randomness.
To mitigate this, if RDRAND is available, mix it into entropy provided
by userspace. It won't hurt, and it will probably help"
* tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: mix rdrand with entropy sent in from userspace
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/random.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index cd888d4ee605..bd449ad52442 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1895,14 +1895,22 @@ static int write_pool(struct entropy_store *r, const char __user *buffer, size_t count) { size_t bytes; - __u32 buf[16]; + __u32 t, buf[16]; const char __user *p = buffer; while (count > 0) { + int b, i = 0; + bytes = min(count, sizeof(buf)); if (copy_from_user(&buf, p, bytes)) return -EFAULT; + for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) { + if (!arch_get_random_int(&t)) + break; + buf[i] ^= t; + } + count -= bytes; p += bytes; |