In reaction to the fixes to address CVE-2018-1108, some Linux

distributions that have certain systemd versions in some cases
 combined with patches to libcrypt for FIPS/FEDRAMP compliance, have
 led to boot-time stalls for some hardware.  The reaction by some
 distros and Linux sysadmins has been to install packages that try to
 do complicated things with the CPU and hope that leads to randomness.
 To mitigate this, if RDRAND is available, mix it into entropy provided
 by userspace.  It won't hurt. and it will probably help.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAltdBIcACgkQ8vlZVpUN
 gaMklgf+IuPF7Pn9skIUDtyBRGHL/retaHcfCkabpmsb+zPwS5u+IWS9VGplgMMs
 UsYWlUhZLqi2LA8uPNFAu4wl9kbkDiA1SSlALEGb/iGsUDf1ac9ooltX7jI7I3Ms
 YOTTTdL/gQ58DwBCyGpwTgGW05tN9hcLKb9RXwXau5MZ2oCaqvllQ3gmjbYteIRH
 lBN6bhvc5VGhbmcLleDXrPVjxtS9bMV6Z4F6+2b2Ka7nxExwT/WyAyAD6gsJ3xqj
 77c+YniAbg4LYEHoGUVqi+IsSIzmUVbhsqn5JVtoto9eJrasaWxVynWZVkYVZ2fy
 WwBRA9v042x7vyowGl5Vf7K0jviBjQ==
 =3Lu2
 -----END PGP SIGNATURE-----

Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

Pull random fixes from Ted Ts'o:
 "In reaction to the fixes to address CVE-2018-1108, some Linux
  distributions that have certain systemd versions in some cases
  combined with patches to libcrypt for FIPS/FEDRAMP compliance, have
  led to boot-time stalls for some hardware.

  The reaction by some distros and Linux sysadmins has been to install
  packages that try to do complicated things with the CPU and hope that
  leads to randomness.

  To mitigate this, if RDRAND is available, mix it into entropy provided
  by userspace. It won't hurt, and it will probably help"

* tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: mix rdrand with entropy sent in from userspace
This commit is contained in:
Linus Torvalds 2018-07-28 19:40:06 -07:00
commit a26fb01c28

View file

@ -1895,14 +1895,22 @@ static int
write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
{
size_t bytes;
__u32 buf[16];
__u32 t, buf[16];
const char __user *p = buffer;
while (count > 0) {
int b, i = 0;
bytes = min(count, sizeof(buf));
if (copy_from_user(&buf, p, bytes))
return -EFAULT;
for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) {
if (!arch_get_random_int(&t))
break;
buf[i] ^= t;
}
count -= bytes;
p += bytes;