git.baikalelectronics.ru Git - kernel.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Tue, 5 Apr 2022 13:57:05 +0000 (15:57 +0200)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Tue, 5 Apr 2022 14:13:13 +0000 (16:13 +0200)
commit	e31e7c54a6308e8c79365ffc10fb95c9f83ffda3
tree	b59e840a1d16b0b62b6603a13f2b55e0fcf4c212	tree \| snapshot
parent	e7457cbbc372c6586a2685f33b986576a8625553	commit \| diff

random: opportunistically initialize on /dev/urandom reads

In a688631c3316 ("random: block in /dev/urandom"), we tried to make a
successful try_to_generate_entropy() call *required* if the RNG was not
already initialized. Unfortunately, weird architectures and old
userspaces combined in TCG test harnesses, making that change still not
realistic, so it was reverted in 8aacbc4464c8 ("Revert "random: block in
/dev/urandom"").

However, rather than making a successful try_to_generate_entropy() call
*required*, we can instead make it *best-effort*.

If try_to_generate_entropy() fails, it fails, and nothing changes from
the current behavior. If it succeeds, then /dev/urandom becomes safe to
use for free. This way, we don't risk the regression potential that led
to us reverting the required-try_to_generate_entropy() call before.

Practically speaking, this means that at least on x86, /dev/urandom
becomes safe. Probably other architectures with working cycle counters
will also become safe. And architectures with slow or broken cycle
counters at least won't be affected at all by this change.

So it may not be the glorious "all things are unified!" change we were
hoping for initially, but practically speaking, it makes a positive
impact.

Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>