random: credit architectural init the exact amount

RDRAND and RDSEED can fail sometimes, which is fine. We currently initialize the RNG with 512 bits of RDRAND/RDSEED. We only need 256 bits of those to succeed in order to initialize the RNG. Instead of the current "all or nothing" approach, actually credit these contributions the amount that is actually contributed. Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
martinezjavier · May 18, 2022 · 12e45a2 · 12e45a2
1 parent 2f14062
commit 12e45a2
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/drivers/char/random.c b/drivers/char/random.c
@@ -927,21 +927,21 @@ static struct notifier_block pm_notifier = { .notifier_call = random_pm_notifica
  */
 int __init random_init(const char *command_line)
 {
- size_t i;
  ktime_t now = ktime_get_real();
- bool arch_init = true;
+ unsigned int i, arch_bytes;
  unsigned long rv;
 
 #if defined(LATENT_ENTROPY_PLUGIN)
  static const u8 compiletime_seed[BLAKE2S_BLOCK_SIZE] __initconst __latent_entropy;
  _mix_pool_bytes(compiletime_seed, sizeof(compiletime_seed));
 #endif
 
- for (i = 0; i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) {
+ for (i = 0, arch_bytes = BLAKE2S_BLOCK_SIZE;
+ i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) {
  if (!arch_get_random_seed_long_early(&rv) &&
  !arch_get_random_long_early(&rv)) {
  rv = random_get_entropy();
- arch_init = false;
+ arch_bytes -= sizeof(rv);
  }
  _mix_pool_bytes(&rv, sizeof(rv));
  }
@@ -952,8 +952,8 @@ int __init random_init(const char *command_line)
 
  if (crng_ready())
  crng_reseed();
- else if (arch_init && trust_cpu)
- credit_init_bits(BLAKE2S_BLOCK_SIZE * 8);
+ else if (trust_cpu)
+ credit_init_bits(arch_bytes * 8);
 
  WARN_ON(register_pm_notifier(&pm_notifier));