summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2018-04-11 16:32:17 -0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-04-24 09:34:16 +0200
commit1d49e2ab766df649c540959a96f1ab839471fbe8 (patch)
tree9328742bd0fa967f93899cbd3d7a4f2af3637f02
parentbefd00cfc189672adfdf6850cf460a7f53c56cf0 (diff)
random: add new ioctl RNDRESEEDCRNG
commit d848e5f8e1ebdb227d045db55fe4f825e82965fa upstream. Add a new ioctl which forces the the crng to be reseeded. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/char/random.c13
-rw-r--r--include/uapi/linux/random.h3
2 files changed, 15 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 9d24f3cdc9bb..8d08a8062904 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -436,6 +436,7 @@ struct crng_state primary_crng = {
static int crng_init = 0;
#define crng_ready() (likely(crng_init > 1))
static int crng_init_cnt = 0;
+static unsigned long crng_global_init_time = 0;
#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
static void _extract_crng(struct crng_state *crng,
__u8 out[CHACHA20_BLOCK_SIZE]);
@@ -873,7 +874,8 @@ static void _extract_crng(struct crng_state *crng,
unsigned long v, flags;
if (crng_ready() &&
- time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
+ (time_after(crng_global_init_time, crng->init_time) ||
+ time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
spin_lock_irqsave(&crng->lock, flags);
if (arch_get_random_long(&v))
@@ -1668,6 +1670,7 @@ static int rand_initialize(void)
init_std_data(&input_pool);
init_std_data(&blocking_pool);
crng_initialize(&primary_crng);
+ crng_global_init_time = jiffies;
#ifdef CONFIG_NUMA
pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
@@ -1854,6 +1857,14 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
input_pool.entropy_count = 0;
blocking_pool.entropy_count = 0;
return 0;
+ case RNDRESEEDCRNG:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ if (crng_init < 2)
+ return -ENODATA;
+ crng_reseed(&primary_crng, NULL);
+ crng_global_init_time = jiffies - 1;
+ return 0;
default:
return -EINVAL;
}
diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h
index 3f93d1695e7f..b455b0d86f26 100644
--- a/include/uapi/linux/random.h
+++ b/include/uapi/linux/random.h
@@ -34,6 +34,9 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+/* Reseed CRNG. (Superuser only.) */
+#define RNDRESEEDCRNG _IO( 'R', 0x07 )
+
struct rand_pool_info {
int entropy_count;
int buf_size;