In reaction to the fixes to address CVE-2018-1108, some Linux
distributions that have certain systemd versions in some cases combined with patches to libcrypt for FIPS/FEDRAMP compliance, have led to boot-time stalls for some hardware. The reaction by some distros and Linux sysadmins has been to install packages that try to do complicated things with the CPU and hope that leads to randomness. To mitigate this, if RDRAND is available, mix it into entropy provided by userspace. It won't hurt. and it will probably help. -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAltdBIcACgkQ8vlZVpUN gaMklgf+IuPF7Pn9skIUDtyBRGHL/retaHcfCkabpmsb+zPwS5u+IWS9VGplgMMs UsYWlUhZLqi2LA8uPNFAu4wl9kbkDiA1SSlALEGb/iGsUDf1ac9ooltX7jI7I3Ms YOTTTdL/gQ58DwBCyGpwTgGW05tN9hcLKb9RXwXau5MZ2oCaqvllQ3gmjbYteIRH lBN6bhvc5VGhbmcLleDXrPVjxtS9bMV6Z4F6+2b2Ka7nxExwT/WyAyAD6gsJ3xqj 77c+YniAbg4LYEHoGUVqi+IsSIzmUVbhsqn5JVtoto9eJrasaWxVynWZVkYVZ2fy WwBRA9v042x7vyowGl5Vf7K0jviBjQ== =3Lu2 -----END PGP SIGNATURE----- Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull random fixes from Ted Ts'o: "In reaction to the fixes to address CVE-2018-1108, some Linux distributions that have certain systemd versions in some cases combined with patches to libcrypt for FIPS/FEDRAMP compliance, have led to boot-time stalls for some hardware. The reaction by some distros and Linux sysadmins has been to install packages that try to do complicated things with the CPU and hope that leads to randomness. To mitigate this, if RDRAND is available, mix it into entropy provided by userspace. It won't hurt, and it will probably help" * tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: mix rdrand with entropy sent in from userspace
This commit is contained in:
commit
a26fb01c28
1 changed files with 9 additions and 1 deletions
|
@ -1895,14 +1895,22 @@ static int
|
|||
write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
|
||||
{
|
||||
size_t bytes;
|
||||
__u32 buf[16];
|
||||
__u32 t, buf[16];
|
||||
const char __user *p = buffer;
|
||||
|
||||
while (count > 0) {
|
||||
int b, i = 0;
|
||||
|
||||
bytes = min(count, sizeof(buf));
|
||||
if (copy_from_user(&buf, p, bytes))
|
||||
return -EFAULT;
|
||||
|
||||
for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) {
|
||||
if (!arch_get_random_int(&t))
|
||||
break;
|
||||
buf[i] ^= t;
|
||||
}
|
||||
|
||||
count -= bytes;
|
||||
p += bytes;
|
||||
|
||||
|
|
Loading…
Reference in a new issue