--- zzzz-none-000/linux-4.4.271/drivers/char/random.c 2021-06-03 06:22:09.000000000 +0000 +++ maple-fsgw-759/linux-4.4.271/drivers/char/random.c 2023-12-20 10:37:06.000000000 +0000 @@ -139,6 +139,9 @@ * that might otherwise be identical and have very little entropy * available to them (particularly common in the embedded world). * + * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) + * int random_input_wait(void); + * * add_input_randomness() uses the input layer interrupt timing, as well as * the event type information from the hardware. * @@ -152,6 +155,13 @@ * seek times do not make for good sources of entropy, as their seek * times are usually fairly consistent. * + * random_input_words() just provides a raw block of entropy to the input + * pool, such as from a hardware entropy generator. + * + * random_input_wait() suspends the caller until such time as the + * entropy pool falls below the write threshold, and returns a count of how + * much entropy (in bits) is needed to sustain the pool. + * * All of these routines try to estimate how many bits of randomness a * particular randomness source. They do this by keeping track of the * first and second order deltas of the event timings. @@ -965,6 +975,61 @@ EXPORT_SYMBOL_GPL(add_disk_randomness); #endif +/* + * random_input_words - add bulk entropy to pool + * + * @buf: buffer to add + * @wordcount: number of __u32 words to add + * @ent_count: total amount of entropy (in bits) to credit + * + * this provides bulk input of entropy to the input pool + * + */ +void random_input_words(__u32 *buf, size_t wordcount, int ent_count) +{ + mix_pool_bytes(&input_pool, buf, wordcount*4); + + credit_entropy_bits(&input_pool, ent_count); + + /* + * Wake up waiting processes if we have enough + * entropy. + */ + if (input_pool.entropy_count >= random_read_wakeup_bits) + wake_up_interruptible(&random_read_wait); +} +EXPORT_SYMBOL(random_input_words); + +/* + * random_input_wait - wait until random needs entropy + * + * this function sleeps until the /dev/random subsystem actually + * needs more entropy, and then return the amount of entropy + * that it would be nice to have added to the system. + */ +int random_input_wait(void) +{ + int count; + + wait_event_interruptible(random_write_wait, + input_pool.entropy_count < random_write_wakeup_bits); + + count = random_write_wakeup_bits - input_pool.entropy_count; + + /* likely we got woken up due to a signal */ + if (count <= 0) count = random_read_wakeup_bits; + + pr_debug("requesting %d bits from input_wait()er %d<%d\n", + count, + input_pool.entropy_count, random_write_wakeup_bits); + + return count; +} +EXPORT_SYMBOL(random_input_wait); + + +#define EXTRACT_SIZE 10 + /********************************************************************* * * Entropy extraction routines @@ -1470,7 +1535,7 @@ if (unlikely(nonblocking_pool.initialized == 0) && maxwarn > 0) { maxwarn--; - printk(KERN_NOTICE "random: %s: uninitialized urandom read " + pr_debug(KERN_NOTICE "random: %s: uninitialized urandom read " "(%zd bytes read, %d bits of entropy available)\n", current->comm, nbytes, nonblocking_pool.entropy_total); } @@ -1615,6 +1680,55 @@ .llseek = noop_llseek, }; +/* + * Each time the timer fires, we expect that we got an unpredictable + * jump in the cycle counter. Even if the timer is running on another + * CPU, the timer activity will be touching the stack of the CPU that is + * generating entropy.. + * + * Note that we don't re-arm the timer in the timer itself - we are + * happy to be scheduled away, since that just makes the load more + * complex, but we do not want the timer to keep ticking unless the + * entropy loop is running. + * + * So the re-arming always happens in the entropy loop itself. + */ +static void entropy_timer(unsigned long data) +{ + credit_entropy_bits(&input_pool, 1); +} + +/* + * If we have an actual cycle counter, see if we can + * generate enough entropy with timing noise + */ +static void try_to_generate_entropy(void) +{ + struct { + unsigned long now; + struct timer_list timer; + } stack; + + stack.now = random_get_entropy(); + + /* Slow counter - or none. Don't even bother */ + if (stack.now == random_get_entropy()) + return; + + setup_timer_on_stack(&stack.timer, entropy_timer, 0); + while (!nonblocking_pool.initialized) { + if (!timer_pending(&stack.timer)) + mod_timer(&stack.timer, jiffies+1); + mix_pool_bytes(&input_pool, &stack.now, sizeof(stack.now)); + schedule(); + stack.now = random_get_entropy(); + } + + del_timer_sync(&stack.timer); + destroy_timer_on_stack(&stack.timer); + mix_pool_bytes(&input_pool, &stack.now, sizeof(stack.now)); +} + SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, flags) { @@ -1630,6 +1744,9 @@ if (unlikely(nonblocking_pool.initialized == 0)) { if (flags & GRND_NONBLOCK) return -EAGAIN; + + try_to_generate_entropy(); + wait_event_interruptible(urandom_init_wait, nonblocking_pool.initialized); if (signal_pending(current))