On Wed, Nov 14, 2012 at 8:12 PM, Jeff Liu <jeff....@oracle.com> wrote: > Hello, > > The problems have been fixed in this version as per Kees's comments for v3. > > Hi Kees, > Would you please ACK this patch if you think it is ok except the strength > of these various RNGs you are concerned? > > > Changes: > -------- > v4->v3: > - s/random_stack_user()/get_atrandom_bytes()/ > - Move this function to ahead of its use to avoid the predeclaration. > > v3->v2: > - Tweak code comments of random_stack_user(). > - Remove redundant bits mask and shift upon the random variable. > > v2->v1: > - Fix random copy to check up buffer length that are not 4-byte multiples. > > v3 can be found at: > http://www.spinics.net/lists/linux-fsdevel/msg59597.html > v2 can be found at: > http://www.spinics.net/lists/linux-fsdevel/msg59418.html > v1 can be found at: > http://www.spinics.net/lists/linux-fsdevel/msg59128.html > > > Thanks, > -Jeff > > > Entropy is quickly depleted under normal operations like ls(1), cat(1), > etc... between 2.6.30 to current mainline, for instance: > > $ cat /proc/sys/kernel/random/entropy_avail > 3428 > $ cat /proc/sys/kernel/random/entropy_avail > 2911 > $cat /proc/sys/kernel/random/entropy_avail > 2620 > > We observed this problem has been occurring since 2.6.30 with > fs/binfmt_elf.c: create_elf_tables()->get_random_bytes(), introduced by > f06295b44c296c8f ("ELF: implement AT_RANDOM for glibc PRNG seeding"). > > /* > * Generate 16 random bytes for userspace PRNG seeding. > */ > get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); > > The patch introduces a wrapper around get_random_int() which has lower > overhead than calling get_random_bytes() directly. > > With this patch applied: > $ cat /proc/sys/kernel/random/entropy_avail > 2731 > $ cat /proc/sys/kernel/random/entropy_avail > 2802 > $ cat /proc/sys/kernel/random/entropy_avail > 2878 > > Analyzed by John Sobecki. > > Signed-off-by: Jie Liu <jeff....@oracle.com> > Cc: Andrew Morton <a...@linux-foundation.org> > Cc: Al Viro <v...@zeniv.linux.org.uk> > Cc: Andreas Dilger <aedil...@gmail.com> > Cc: Alan Cox <a...@linux.intel.com> > Cc: Arnd Bergmann <a...@arndb.de> > Cc: John Sobecki <john.sobe...@oracle.com> > Cc: James Morris <james.l.mor...@oracle.com> > Cc: Jakub Jelinek <ja...@redhat.com> > Cc: Ted Ts'o <ty...@mit.edu> > Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org> > Cc: Kees Cook <keesc...@chromium.org> > Cc: Ulrich Drepper <drep...@redhat.com>
Acked-by: Kees Cook <keesc...@chromium.org> -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
