summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-07-28 19:40:06 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2018-07-28 19:40:06 -0700
commita26fb01c2879ed7026e6cbd78bb701912d249eef (patch)
tree59c3c53ca0e7cb8abb5f0dfc87e7f28a0ca4c346 /drivers
parent2ffb57dfa793ca2932c524a1e91d403b28bd84b9 (diff)
parent81e69df38e2911b642ec121dec319fad2a4782f3 (diff)
downloadlinux-a26fb01c2879ed7026e6cbd78bb701912d249eef.tar.bz2
Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
Pull random fixes from Ted Ts'o: "In reaction to the fixes to address CVE-2018-1108, some Linux distributions that have certain systemd versions in some cases combined with patches to libcrypt for FIPS/FEDRAMP compliance, have led to boot-time stalls for some hardware. The reaction by some distros and Linux sysadmins has been to install packages that try to do complicated things with the CPU and hope that leads to randomness. To mitigate this, if RDRAND is available, mix it into entropy provided by userspace. It won't hurt, and it will probably help" * tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: mix rdrand with entropy sent in from userspace
Diffstat (limited to 'drivers')
-rw-r--r--drivers/char/random.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index cd888d4ee605..bd449ad52442 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1895,14 +1895,22 @@ static int
write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
{
size_t bytes;
- __u32 buf[16];
+ __u32 t, buf[16];
const char __user *p = buffer;
while (count > 0) {
+ int b, i = 0;
+
bytes = min(count, sizeof(buf));
if (copy_from_user(&buf, p, bytes))
return -EFAULT;
+ for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) {
+ if (!arch_get_random_int(&t))
+ break;
+ buf[i] ^= t;
+ }
+
count -= bytes;
p += bytes;