1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238#include <linux/utsname.h>
239#include <linux/module.h>
240#include <linux/kernel.h>
241#include <linux/major.h>
242#include <linux/string.h>
243#include <linux/fcntl.h>
244#include <linux/slab.h>
245#include <linux/random.h>
246#include <linux/poll.h>
247#include <linux/init.h>
248#include <linux/fs.h>
249#include <linux/genhd.h>
250#include <linux/interrupt.h>
251#include <linux/mm.h>
252#include <linux/spinlock.h>
253#include <linux/percpu.h>
254#include <linux/cryptohash.h>
255#include <linux/fips.h>
256#include <linux/ptrace.h>
257#include <linux/kmemcheck.h>
258
259#ifdef CONFIG_GENERIC_HARDIRQS
260# include <linux/irq.h>
261#endif
262
263#include <asm/processor.h>
264#include <asm/uaccess.h>
265#include <asm/irq.h>
266#include <asm/irq_regs.h>
267#include <asm/io.h>
268
269#define CREATE_TRACE_POINTS
270#include <trace/events/random.h>
271
272
273
274
275#define INPUT_POOL_WORDS 128
276#define OUTPUT_POOL_WORDS 32
277#define SEC_XFER_SIZE 512
278#define EXTRACT_SIZE 10
279
280#define LONGS(x) (((x) + sizeof(unsigned long) - 1)/sizeof(unsigned long))
281
282
283
284
285
286static int random_read_wakeup_thresh = 64;
287
288
289
290
291
292
293static int random_write_wakeup_thresh = 128;
294
295
296
297
298
299
300static int trickle_thresh __read_mostly = INPUT_POOL_WORDS * 28;
301
302static DEFINE_PER_CPU(int, trickle_count);
303
304
305
306
307
308
309
310
311
312static struct poolinfo {
313 int poolwords;
314 int tap1, tap2, tap3, tap4, tap5;
315} poolinfo_table[] = {
316
317 { 128, 103, 76, 51, 25, 1 },
318
319 { 32, 26, 20, 14, 7, 1 },
320#if 0
321
322 { 2048, 1638, 1231, 819, 411, 1 },
323
324
325 { 1024, 817, 615, 412, 204, 1 },
326
327
328 { 1024, 819, 616, 410, 207, 2 },
329
330
331 { 512, 411, 308, 208, 104, 1 },
332
333
334 { 512, 409, 307, 206, 102, 2 },
335
336 { 512, 409, 309, 205, 103, 2 },
337
338
339 { 256, 205, 155, 101, 52, 1 },
340
341
342 { 128, 103, 78, 51, 27, 2 },
343
344
345 { 64, 52, 39, 26, 14, 1 },
346#endif
347};
348
349#define POOLBITS poolwords*32
350#define POOLBYTES poolwords*4
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
399static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);
400static struct fasync_struct *fasync;
401
402static bool debug;
403module_param(debug, bool, 0644);
404#define DEBUG_ENT(fmt, arg...) do { \
405 if (debug) \
406 printk(KERN_DEBUG "random %04d %04d %04d: " \
407 fmt,\
408 input_pool.entropy_count,\
409 blocking_pool.entropy_count,\
410 nonblocking_pool.entropy_count,\
411 ## arg); } while (0)
412
413
414
415
416
417
418
419
420struct entropy_store;
421struct entropy_store {
422
423 struct poolinfo *poolinfo;
424 __u32 *pool;
425 const char *name;
426 struct entropy_store *pull;
427 int limit;
428
429
430 spinlock_t lock;
431 unsigned add_ptr;
432 unsigned input_rotate;
433 int entropy_count;
434 int entropy_total;
435 unsigned int initialized:1;
436 bool last_data_init;
437 __u8 last_data[EXTRACT_SIZE];
438};
439
440static __u32 input_pool_data[INPUT_POOL_WORDS];
441static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
442static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
443
444static struct entropy_store input_pool = {
445 .poolinfo = &poolinfo_table[0],
446 .name = "input",
447 .limit = 1,
448 .lock = __SPIN_LOCK_UNLOCKED(input_pool.lock),
449 .pool = input_pool_data
450};
451
452static struct entropy_store blocking_pool = {
453 .poolinfo = &poolinfo_table[1],
454 .name = "blocking",
455 .limit = 1,
456 .pull = &input_pool,
457 .lock = __SPIN_LOCK_UNLOCKED(blocking_pool.lock),
458 .pool = blocking_pool_data
459};
460
461static struct entropy_store nonblocking_pool = {
462 .poolinfo = &poolinfo_table[1],
463 .name = "nonblocking",
464 .pull = &input_pool,
465 .lock = __SPIN_LOCK_UNLOCKED(nonblocking_pool.lock),
466 .pool = nonblocking_pool_data
467};
468
469static __u32 const twist_table[8] = {
470 0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158,
471 0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278 };
472
473
474
475
476
477
478
479
480
481
482
483static void _mix_pool_bytes(struct entropy_store *r, const void *in,
484 int nbytes, __u8 out[64])
485{
486 unsigned long i, j, tap1, tap2, tap3, tap4, tap5;
487 int input_rotate;
488 int wordmask = r->poolinfo->poolwords - 1;
489 const char *bytes = in;
490 __u32 w;
491
492 tap1 = r->poolinfo->tap1;
493 tap2 = r->poolinfo->tap2;
494 tap3 = r->poolinfo->tap3;
495 tap4 = r->poolinfo->tap4;
496 tap5 = r->poolinfo->tap5;
497
498 smp_rmb();
499 input_rotate = ACCESS_ONCE(r->input_rotate);
500 i = ACCESS_ONCE(r->add_ptr);
501
502
503 while (nbytes--) {
504 w = rol32(*bytes++, input_rotate & 31);
505 i = (i - 1) & wordmask;
506
507
508 w ^= r->pool[i];
509 w ^= r->pool[(i + tap1) & wordmask];
510 w ^= r->pool[(i + tap2) & wordmask];
511 w ^= r->pool[(i + tap3) & wordmask];
512 w ^= r->pool[(i + tap4) & wordmask];
513 w ^= r->pool[(i + tap5) & wordmask];
514
515
516 r->pool[i] = (w >> 3) ^ twist_table[w & 7];
517
518
519
520
521
522
523
524 input_rotate += i ? 7 : 14;
525 }
526
527 ACCESS_ONCE(r->input_rotate) = input_rotate;
528 ACCESS_ONCE(r->add_ptr) = i;
529 smp_wmb();
530
531 if (out)
532 for (j = 0; j < 16; j++)
533 ((__u32 *)out)[j] = r->pool[(i - j) & wordmask];
534}
535
536static void __mix_pool_bytes(struct entropy_store *r, const void *in,
537 int nbytes, __u8 out[64])
538{
539 trace_mix_pool_bytes_nolock(r->name, nbytes, _RET_IP_);
540 _mix_pool_bytes(r, in, nbytes, out);
541}
542
543static void mix_pool_bytes(struct entropy_store *r, const void *in,
544 int nbytes, __u8 out[64])
545{
546 unsigned long flags;
547
548 trace_mix_pool_bytes(r->name, nbytes, _RET_IP_);
549 spin_lock_irqsave(&r->lock, flags);
550 _mix_pool_bytes(r, in, nbytes, out);
551 spin_unlock_irqrestore(&r->lock, flags);
552}
553
554struct fast_pool {
555 __u32 pool[4];
556 unsigned long last;
557 unsigned short count;
558 unsigned char rotate;
559 unsigned char last_timer_intr;
560};
561
562
563
564
565
566
567static void fast_mix(struct fast_pool *f, const void *in, int nbytes)
568{
569 const char *bytes = in;
570 __u32 w;
571 unsigned i = f->count;
572 unsigned input_rotate = f->rotate;
573
574 while (nbytes--) {
575 w = rol32(*bytes++, input_rotate & 31) ^ f->pool[i & 3] ^
576 f->pool[(i + 1) & 3];
577 f->pool[i & 3] = (w >> 3) ^ twist_table[w & 7];
578 input_rotate += (i++ & 3) ? 7 : 14;
579 }
580 f->count = i;
581 f->rotate = input_rotate;
582}
583
584
585
586
587static void credit_entropy_bits(struct entropy_store *r, int nbits)
588{
589 int entropy_count, orig;
590
591 if (!nbits)
592 return;
593
594 DEBUG_ENT("added %d entropy credits to %s\n", nbits, r->name);
595retry:
596 entropy_count = orig = ACCESS_ONCE(r->entropy_count);
597 entropy_count += nbits;
598
599 if (entropy_count < 0) {
600 DEBUG_ENT("negative entropy/overflow\n");
601 entropy_count = 0;
602 } else if (entropy_count > r->poolinfo->POOLBITS)
603 entropy_count = r->poolinfo->POOLBITS;
604 if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
605 goto retry;
606
607 if (!r->initialized && nbits > 0) {
608 r->entropy_total += nbits;
609 if (r->entropy_total > 128)
610 r->initialized = 1;
611 }
612
613 trace_credit_entropy_bits(r->name, nbits, entropy_count,
614 r->entropy_total, _RET_IP_);
615
616
617 if (r == &input_pool && entropy_count >= random_read_wakeup_thresh) {
618 wake_up_interruptible(&random_read_wait);
619 kill_fasync(&fasync, SIGIO, POLL_IN);
620 }
621}
622
623
624
625
626
627
628
629
630struct timer_rand_state {
631 cycles_t last_time;
632 long last_delta, last_delta2;
633 unsigned dont_count_entropy:1;
634};
635
636
637
638
639
640
641
642
643
644void add_device_randomness(const void *buf, unsigned int size)
645{
646 unsigned long time = get_cycles() ^ jiffies;
647
648 mix_pool_bytes(&input_pool, buf, size, NULL);
649 mix_pool_bytes(&input_pool, &time, sizeof(time), NULL);
650 mix_pool_bytes(&nonblocking_pool, buf, size, NULL);
651 mix_pool_bytes(&nonblocking_pool, &time, sizeof(time), NULL);
652}
653EXPORT_SYMBOL(add_device_randomness);
654
655static struct timer_rand_state input_timer_state;
656
657
658
659
660
661
662
663
664
665
666
667static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
668{
669 struct {
670 long jiffies;
671 unsigned cycles;
672 unsigned num;
673 } sample;
674 long delta, delta2, delta3;
675
676 preempt_disable();
677
678 if (input_pool.entropy_count > trickle_thresh &&
679 ((__this_cpu_inc_return(trickle_count) - 1) & 0xfff))
680 goto out;
681
682 sample.jiffies = jiffies;
683 sample.cycles = get_cycles();
684 sample.num = num;
685 mix_pool_bytes(&input_pool, &sample, sizeof(sample), NULL);
686
687
688
689
690
691
692
693 if (!state->dont_count_entropy) {
694 delta = sample.jiffies - state->last_time;
695 state->last_time = sample.jiffies;
696
697 delta2 = delta - state->last_delta;
698 state->last_delta = delta;
699
700 delta3 = delta2 - state->last_delta2;
701 state->last_delta2 = delta2;
702
703 if (delta < 0)
704 delta = -delta;
705 if (delta2 < 0)
706 delta2 = -delta2;
707 if (delta3 < 0)
708 delta3 = -delta3;
709 if (delta > delta2)
710 delta = delta2;
711 if (delta > delta3)
712 delta = delta3;
713
714
715
716
717
718
719 credit_entropy_bits(&input_pool,
720 min_t(int, fls(delta>>1), 11));
721 }
722out:
723 preempt_enable();
724}
725
726void add_input_randomness(unsigned int type, unsigned int code,
727 unsigned int value)
728{
729 static unsigned char last_value;
730
731
732 if (value == last_value)
733 return;
734
735 DEBUG_ENT("input event\n");
736 last_value = value;
737 add_timer_randomness(&input_timer_state,
738 (type << 4) ^ code ^ (code >> 4) ^ value);
739}
740EXPORT_SYMBOL_GPL(add_input_randomness);
741
742static DEFINE_PER_CPU(struct fast_pool, irq_randomness);
743
744void add_interrupt_randomness(int irq, int irq_flags)
745{
746 struct entropy_store *r;
747 struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness);
748 struct pt_regs *regs = get_irq_regs();
749 unsigned long now = jiffies;
750 __u32 input[4], cycles = get_cycles();
751
752 input[0] = cycles ^ jiffies;
753 input[1] = irq;
754 if (regs) {
755 __u64 ip = instruction_pointer(regs);
756 input[2] = ip;
757 input[3] = ip >> 32;
758 }
759
760 fast_mix(fast_pool, input, sizeof(input));
761
762 if ((fast_pool->count & 1023) &&
763 !time_after(now, fast_pool->last + HZ))
764 return;
765
766 fast_pool->last = now;
767
768 r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool;
769 __mix_pool_bytes(r, &fast_pool->pool, sizeof(fast_pool->pool), NULL);
770
771
772
773
774
775 if (cycles == 0) {
776 if (irq_flags & __IRQF_TIMER) {
777 if (fast_pool->last_timer_intr)
778 return;
779 fast_pool->last_timer_intr = 1;
780 } else
781 fast_pool->last_timer_intr = 0;
782 }
783 credit_entropy_bits(r, 1);
784}
785
786#ifdef CONFIG_BLOCK
787void add_disk_randomness(struct gendisk *disk)
788{
789 if (!disk || !disk->random)
790 return;
791
792 DEBUG_ENT("disk event %d:%d\n",
793 MAJOR(disk_devt(disk)), MINOR(disk_devt(disk)));
794
795 add_timer_randomness(disk->random, 0x100 + disk_devt(disk));
796}
797#endif
798
799
800
801
802
803
804
805static ssize_t extract_entropy(struct entropy_store *r, void *buf,
806 size_t nbytes, int min, int rsvd);
807
808
809
810
811
812
813static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
814{
815 __u32 tmp[OUTPUT_POOL_WORDS];
816
817 if (r->pull && r->entropy_count < nbytes * 8 &&
818 r->entropy_count < r->poolinfo->POOLBITS) {
819
820 int rsvd = r->limit ? 0 : random_read_wakeup_thresh/4;
821 int bytes = nbytes;
822
823
824 bytes = max_t(int, bytes, random_read_wakeup_thresh / 8);
825
826 bytes = min_t(int, bytes, sizeof(tmp));
827
828 DEBUG_ENT("going to reseed %s with %d bits "
829 "(%zu of %d requested)\n",
830 r->name, bytes * 8, nbytes * 8, r->entropy_count);
831
832 bytes = extract_entropy(r->pull, tmp, bytes,
833 random_read_wakeup_thresh / 8, rsvd);
834 mix_pool_bytes(r, tmp, bytes, NULL);
835 credit_entropy_bits(r, bytes*8);
836 }
837}
838
839
840
841
842
843
844
845
846
847
848
849
850
851static size_t account(struct entropy_store *r, size_t nbytes, int min,
852 int reserved)
853{
854 unsigned long flags;
855 int wakeup_write = 0;
856
857
858 spin_lock_irqsave(&r->lock, flags);
859
860 BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);
861 DEBUG_ENT("trying to extract %zu bits from %s\n",
862 nbytes * 8, r->name);
863
864
865 if (r->entropy_count / 8 < min + reserved) {
866 nbytes = 0;
867 } else {
868 int entropy_count, orig;
869retry:
870 entropy_count = orig = ACCESS_ONCE(r->entropy_count);
871
872 if (r->limit && nbytes + reserved >= entropy_count / 8)
873 nbytes = entropy_count/8 - reserved;
874
875 if (entropy_count / 8 >= nbytes + reserved) {
876 entropy_count -= nbytes*8;
877 if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
878 goto retry;
879 } else {
880 entropy_count = reserved;
881 if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
882 goto retry;
883 }
884
885 if (entropy_count < random_write_wakeup_thresh)
886 wakeup_write = 1;
887 }
888
889 DEBUG_ENT("debiting %zu entropy credits from %s%s\n",
890 nbytes * 8, r->name, r->limit ? "" : " (unlimited)");
891
892 spin_unlock_irqrestore(&r->lock, flags);
893
894 if (wakeup_write) {
895 wake_up_interruptible(&random_write_wait);
896 kill_fasync(&fasync, SIGIO, POLL_OUT);
897 }
898
899 return nbytes;
900}
901
902static void extract_buf(struct entropy_store *r, __u8 *out)
903{
904 int i;
905 union {
906 __u32 w[5];
907 unsigned long l[LONGS(EXTRACT_SIZE)];
908 } hash;
909 __u32 workspace[SHA_WORKSPACE_WORDS];
910 __u8 extract[64];
911 unsigned long flags;
912
913
914 sha_init(hash.w);
915 spin_lock_irqsave(&r->lock, flags);
916 for (i = 0; i < r->poolinfo->poolwords; i += 16)
917 sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
918
919
920
921
922
923
924
925
926
927
928 __mix_pool_bytes(r, hash.w, sizeof(hash.w), extract);
929 spin_unlock_irqrestore(&r->lock, flags);
930
931
932
933
934
935 sha_transform(hash.w, extract, workspace);
936 memset(extract, 0, sizeof(extract));
937 memset(workspace, 0, sizeof(workspace));
938
939
940
941
942
943
944 hash.w[0] ^= hash.w[3];
945 hash.w[1] ^= hash.w[4];
946 hash.w[2] ^= rol32(hash.w[2], 16);
947
948
949
950
951
952 for (i = 0; i < LONGS(EXTRACT_SIZE); i++) {
953 unsigned long v;
954 if (!arch_get_random_long(&v))
955 break;
956 hash.l[i] ^= v;
957 }
958
959 memcpy(out, &hash, EXTRACT_SIZE);
960 memset(&hash, 0, sizeof(hash));
961}
962
963static ssize_t extract_entropy(struct entropy_store *r, void *buf,
964 size_t nbytes, int min, int reserved)
965{
966 ssize_t ret = 0, i;
967 __u8 tmp[EXTRACT_SIZE];
968 unsigned long flags;
969
970
971 if (fips_enabled) {
972 spin_lock_irqsave(&r->lock, flags);
973 if (!r->last_data_init) {
974 r->last_data_init = true;
975 spin_unlock_irqrestore(&r->lock, flags);
976 trace_extract_entropy(r->name, EXTRACT_SIZE,
977 r->entropy_count, _RET_IP_);
978 xfer_secondary_pool(r, EXTRACT_SIZE);
979 extract_buf(r, tmp);
980 spin_lock_irqsave(&r->lock, flags);
981 memcpy(r->last_data, tmp, EXTRACT_SIZE);
982 }
983 spin_unlock_irqrestore(&r->lock, flags);
984 }
985
986 trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_);
987 xfer_secondary_pool(r, nbytes);
988 nbytes = account(r, nbytes, min, reserved);
989
990 while (nbytes) {
991 extract_buf(r, tmp);
992
993 if (fips_enabled) {
994 spin_lock_irqsave(&r->lock, flags);
995 if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
996 panic("Hardware RNG duplicated output!\n");
997 memcpy(r->last_data, tmp, EXTRACT_SIZE);
998 spin_unlock_irqrestore(&r->lock, flags);
999 }
1000 i = min_t(int, nbytes, EXTRACT_SIZE);
1001 memcpy(buf, tmp, i);
1002 nbytes -= i;
1003 buf += i;
1004 ret += i;
1005 }
1006
1007
1008 memset(tmp, 0, sizeof(tmp));
1009
1010 return ret;
1011}
1012
1013static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1014 size_t nbytes)
1015{
1016 ssize_t ret = 0, i;
1017 __u8 tmp[EXTRACT_SIZE];
1018
1019 trace_extract_entropy_user(r->name, nbytes, r->entropy_count, _RET_IP_);
1020 xfer_secondary_pool(r, nbytes);
1021 nbytes = account(r, nbytes, 0, 0);
1022
1023 while (nbytes) {
1024 if (need_resched()) {
1025 if (signal_pending(current)) {
1026 if (ret == 0)
1027 ret = -ERESTARTSYS;
1028 break;
1029 }
1030 schedule();
1031 }
1032
1033 extract_buf(r, tmp);
1034 i = min_t(int, nbytes, EXTRACT_SIZE);
1035 if (copy_to_user(buf, tmp, i)) {
1036 ret = -EFAULT;
1037 break;
1038 }
1039
1040 nbytes -= i;
1041 buf += i;
1042 ret += i;
1043 }
1044
1045
1046 memset(tmp, 0, sizeof(tmp));
1047
1048 return ret;
1049}
1050
1051
1052
1053
1054
1055
1056
1057void get_random_bytes(void *buf, int nbytes)
1058{
1059 extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
1060}
1061EXPORT_SYMBOL(get_random_bytes);
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073void get_random_bytes_arch(void *buf, int nbytes)
1074{
1075 char *p = buf;
1076
1077 trace_get_random_bytes(nbytes, _RET_IP_);
1078 while (nbytes) {
1079 unsigned long v;
1080 int chunk = min(nbytes, (int)sizeof(unsigned long));
1081
1082 if (!arch_get_random_long(&v))
1083 break;
1084
1085 memcpy(p, &v, chunk);
1086 p += chunk;
1087 nbytes -= chunk;
1088 }
1089
1090 if (nbytes)
1091 extract_entropy(&nonblocking_pool, p, nbytes, 0, 0);
1092}
1093EXPORT_SYMBOL(get_random_bytes_arch);
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105static void init_std_data(struct entropy_store *r)
1106{
1107 int i;
1108 ktime_t now = ktime_get_real();
1109 unsigned long rv;
1110
1111 r->entropy_count = 0;
1112 r->entropy_total = 0;
1113 r->last_data_init = false;
1114 mix_pool_bytes(r, &now, sizeof(now), NULL);
1115 for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) {
1116 if (!arch_get_random_long(&rv))
1117 break;
1118 mix_pool_bytes(r, &rv, sizeof(rv), NULL);
1119 }
1120 mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
1121}
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133static int rand_initialize(void)
1134{
1135 init_std_data(&input_pool);
1136 init_std_data(&blocking_pool);
1137 init_std_data(&nonblocking_pool);
1138 return 0;
1139}
1140module_init(rand_initialize);
1141
1142#ifdef CONFIG_BLOCK
1143void rand_initialize_disk(struct gendisk *disk)
1144{
1145 struct timer_rand_state *state;
1146
1147
1148
1149
1150
1151 state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
1152 if (state)
1153 disk->random = state;
1154}
1155#endif
1156
1157static ssize_t
1158random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
1159{
1160 ssize_t n, retval = 0, count = 0;
1161
1162 if (nbytes == 0)
1163 return 0;
1164
1165 while (nbytes > 0) {
1166 n = nbytes;
1167 if (n > SEC_XFER_SIZE)
1168 n = SEC_XFER_SIZE;
1169
1170 DEBUG_ENT("reading %zu bits\n", n*8);
1171
1172 n = extract_entropy_user(&blocking_pool, buf, n);
1173
1174 if (n < 0) {
1175 retval = n;
1176 break;
1177 }
1178
1179 DEBUG_ENT("read got %zd bits (%zd still needed)\n",
1180 n*8, (nbytes-n)*8);
1181
1182 if (n == 0) {
1183 if (file->f_flags & O_NONBLOCK) {
1184 retval = -EAGAIN;
1185 break;
1186 }
1187
1188 DEBUG_ENT("sleeping?\n");
1189
1190 wait_event_interruptible(random_read_wait,
1191 input_pool.entropy_count >=
1192 random_read_wakeup_thresh);
1193
1194 DEBUG_ENT("awake\n");
1195
1196 if (signal_pending(current)) {
1197 retval = -ERESTARTSYS;
1198 break;
1199 }
1200
1201 continue;
1202 }
1203
1204 count += n;
1205 buf += n;
1206 nbytes -= n;
1207 break;
1208
1209 }
1210
1211 return (count ? count : retval);
1212}
1213
1214static ssize_t
1215urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
1216{
1217 return extract_entropy_user(&nonblocking_pool, buf, nbytes);
1218}
1219
1220static unsigned int
1221random_poll(struct file *file, poll_table * wait)
1222{
1223 unsigned int mask;
1224
1225 poll_wait(file, &random_read_wait, wait);
1226 poll_wait(file, &random_write_wait, wait);
1227 mask = 0;
1228 if (input_pool.entropy_count >= random_read_wakeup_thresh)
1229 mask |= POLLIN | POLLRDNORM;
1230 if (input_pool.entropy_count < random_write_wakeup_thresh)
1231 mask |= POLLOUT | POLLWRNORM;
1232 return mask;
1233}
1234
1235static int
1236write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
1237{
1238 size_t bytes;
1239 __u32 buf[16];
1240 const char __user *p = buffer;
1241
1242 while (count > 0) {
1243 bytes = min(count, sizeof(buf));
1244 if (copy_from_user(&buf, p, bytes))
1245 return -EFAULT;
1246
1247 count -= bytes;
1248 p += bytes;
1249
1250 mix_pool_bytes(r, buf, bytes, NULL);
1251 cond_resched();
1252 }
1253
1254 return 0;
1255}
1256
1257static ssize_t random_write(struct file *file, const char __user *buffer,
1258 size_t count, loff_t *ppos)
1259{
1260 size_t ret;
1261
1262 ret = write_pool(&blocking_pool, buffer, count);
1263 if (ret)
1264 return ret;
1265 ret = write_pool(&nonblocking_pool, buffer, count);
1266 if (ret)
1267 return ret;
1268
1269 return (ssize_t)count;
1270}
1271
1272static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1273{
1274 int size, ent_count;
1275 int __user *p = (int __user *)arg;
1276 int retval;
1277
1278 switch (cmd) {
1279 case RNDGETENTCNT:
1280
1281 if (put_user(input_pool.entropy_count, p))
1282 return -EFAULT;
1283 return 0;
1284 case RNDADDTOENTCNT:
1285 if (!capable(CAP_SYS_ADMIN))
1286 return -EPERM;
1287 if (get_user(ent_count, p))
1288 return -EFAULT;
1289 credit_entropy_bits(&input_pool, ent_count);
1290 return 0;
1291 case RNDADDENTROPY:
1292 if (!capable(CAP_SYS_ADMIN))
1293 return -EPERM;
1294 if (get_user(ent_count, p++))
1295 return -EFAULT;
1296 if (ent_count < 0)
1297 return -EINVAL;
1298 if (get_user(size, p++))
1299 return -EFAULT;
1300 retval = write_pool(&input_pool, (const char __user *)p,
1301 size);
1302 if (retval < 0)
1303 return retval;
1304 credit_entropy_bits(&input_pool, ent_count);
1305 return 0;
1306 case RNDZAPENTCNT:
1307 case RNDCLEARPOOL:
1308
1309 if (!capable(CAP_SYS_ADMIN))
1310 return -EPERM;
1311 rand_initialize();
1312 return 0;
1313 default:
1314 return -EINVAL;
1315 }
1316}
1317
1318static int random_fasync(int fd, struct file *filp, int on)
1319{
1320 return fasync_helper(fd, filp, on, &fasync);
1321}
1322
1323const struct file_operations random_fops = {
1324 .read = random_read,
1325 .write = random_write,
1326 .poll = random_poll,
1327 .unlocked_ioctl = random_ioctl,
1328 .fasync = random_fasync,
1329 .llseek = noop_llseek,
1330};
1331
1332const struct file_operations urandom_fops = {
1333 .read = urandom_read,
1334 .write = random_write,
1335 .unlocked_ioctl = random_ioctl,
1336 .fasync = random_fasync,
1337 .llseek = noop_llseek,
1338};
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350void generate_random_uuid(unsigned char uuid_out[16])
1351{
1352 get_random_bytes(uuid_out, 16);
1353
1354 uuid_out[6] = (uuid_out[6] & 0x0F) | 0x40;
1355
1356 uuid_out[8] = (uuid_out[8] & 0x3F) | 0x80;
1357}
1358EXPORT_SYMBOL(generate_random_uuid);
1359
1360
1361
1362
1363
1364
1365
1366#ifdef CONFIG_SYSCTL
1367
1368#include <linux/sysctl.h>
1369
1370static int min_read_thresh = 8, min_write_thresh;
1371static int max_read_thresh = INPUT_POOL_WORDS * 32;
1372static int max_write_thresh = INPUT_POOL_WORDS * 32;
1373static char sysctl_bootid[16];
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384static int proc_do_uuid(struct ctl_table *table, int write,
1385 void __user *buffer, size_t *lenp, loff_t *ppos)
1386{
1387 struct ctl_table fake_table;
1388 unsigned char buf[64], tmp_uuid[16], *uuid;
1389
1390 uuid = table->data;
1391 if (!uuid) {
1392 uuid = tmp_uuid;
1393 generate_random_uuid(uuid);
1394 } else {
1395 static DEFINE_SPINLOCK(bootid_spinlock);
1396
1397 spin_lock(&bootid_spinlock);
1398 if (!uuid[8])
1399 generate_random_uuid(uuid);
1400 spin_unlock(&bootid_spinlock);
1401 }
1402
1403 sprintf(buf, "%pU", uuid);
1404
1405 fake_table.data = buf;
1406 fake_table.maxlen = sizeof(buf);
1407
1408 return proc_dostring(&fake_table, write, buffer, lenp, ppos);
1409}
1410
1411static int sysctl_poolsize = INPUT_POOL_WORDS * 32;
1412extern struct ctl_table random_table[];
1413struct ctl_table random_table[] = {
1414 {
1415 .procname = "poolsize",
1416 .data = &sysctl_poolsize,
1417 .maxlen = sizeof(int),
1418 .mode = 0444,
1419 .proc_handler = proc_dointvec,
1420 },
1421 {
1422 .procname = "entropy_avail",
1423 .maxlen = sizeof(int),
1424 .mode = 0444,
1425 .proc_handler = proc_dointvec,
1426 .data = &input_pool.entropy_count,
1427 },
1428 {
1429 .procname = "read_wakeup_threshold",
1430 .data = &random_read_wakeup_thresh,
1431 .maxlen = sizeof(int),
1432 .mode = 0644,
1433 .proc_handler = proc_dointvec_minmax,
1434 .extra1 = &min_read_thresh,
1435 .extra2 = &max_read_thresh,
1436 },
1437 {
1438 .procname = "write_wakeup_threshold",
1439 .data = &random_write_wakeup_thresh,
1440 .maxlen = sizeof(int),
1441 .mode = 0644,
1442 .proc_handler = proc_dointvec_minmax,
1443 .extra1 = &min_write_thresh,
1444 .extra2 = &max_write_thresh,
1445 },
1446 {
1447 .procname = "boot_id",
1448 .data = &sysctl_bootid,
1449 .maxlen = 16,
1450 .mode = 0444,
1451 .proc_handler = proc_do_uuid,
1452 },
1453 {
1454 .procname = "uuid",
1455 .maxlen = 16,
1456 .mode = 0444,
1457 .proc_handler = proc_do_uuid,
1458 },
1459 { }
1460};
1461#endif
1462
1463static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned;
1464
1465static int __init random_int_secret_init(void)
1466{
1467 get_random_bytes(random_int_secret, sizeof(random_int_secret));
1468 return 0;
1469}
1470late_initcall(random_int_secret_init);
1471
1472
1473
1474
1475
1476
1477
1478static DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash);
1479unsigned int get_random_int(void)
1480{
1481 __u32 *hash;
1482 unsigned int ret;
1483
1484 if (arch_get_random_int(&ret))
1485 return ret;
1486
1487 hash = get_cpu_var(get_random_int_hash);
1488
1489 hash[0] += current->pid + jiffies + get_cycles();
1490 md5_transform(hash, random_int_secret);
1491 ret = hash[0];
1492 put_cpu_var(get_random_int_hash);
1493
1494 return ret;
1495}
1496EXPORT_SYMBOL(get_random_int);
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507unsigned long
1508randomize_range(unsigned long start, unsigned long end, unsigned long len)
1509{
1510 unsigned long range = end - len - start;
1511
1512 if (end <= start + len)
1513 return 0;
1514 return PAGE_ALIGN(get_random_int() % range + start);
1515}
1516