tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

hwrng: core - treat default_quality as a maximum and default to 1024

Most hw_random devices return entropy which is assumed to be of full
quality, but driver authors don't bother setting the quality knob. Some
hw_random devices return less than full quality entropy, and then driver
authors set the quality knob. Therefore, the entropy crediting should be
opt-out rather than opt-in per-driver, to reflect the actual reality on
the ground.

For example, the two Raspberry Pi RNG drivers produce full entropy
randomness, and both EDK2 and U-Boot's drivers for these treat them as
such. The result is that EFI then uses these numbers and passes the to
Linux, and Linux credits them as boot, thereby initializing the RNG.
Yet, in Linux, the quality knob was never set to anything, and so on the
chance that Linux is booted without EFI, nothing is ever credited.
That's annoying.

The same pattern appears to repeat itself throughout various drivers. In
fact, very very few drivers have bothered setting quality=1024.

Looking at the git history of existing drivers and corresponding mailing
list discussion, this conclusion tracks. There's been a decent amount of
discussion about drivers that set quality < 1024 -- somebody read and
interepreted a datasheet, or made some back of the envelope calculation
somehow. But there's been very little, if any, discussion about most
drivers where the quality is just set to 1024 or unset (or set to 1000
when the authors misunderstood the API and assumed it was base-10 rather
than base-2); in both cases the intent was fairly clear of, "this is a
hardware random device; it's fine."

So let's invert this logic. A hw_random struct's quality knob now
controls the maximum quality a driver can produce, or 0 to specify 1024.
Then, the module-wide switch called "default_quality" is changed to
represent the maximum quality of any driver. By default it's 1024, and
the quality of any particular driver is then given by:

min(default_quality, rng->quality ?: 1024);

This way, the user can still turn this off for weird reasons (and we can
replace whatever driver-specific disabling hacks existed in the past),
yet we get proper crediting for relevant RNGs.

Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Jason A. Donenfeld and committed by
Herbert Xu 16bdbae3 557ffd5a

+4 -27
-1
arch/um/drivers/random.c
··· 82 82 sigio_broken(random_fd); 83 83 hwrng.name = RNG_MODULE_NAME; 84 84 hwrng.read = rng_dev_read; 85 - hwrng.quality = 1024; 86 85 87 86 err = hwrng_register(&hwrng); 88 87 if (err) {
-1
drivers/char/hw_random/cavium-rng-vf.c
··· 225 225 return -ENOMEM; 226 226 227 227 rng->ops.read = cavium_rng_read; 228 - rng->ops.quality = 1000; 229 228 230 229 pci_set_drvdata(pdev, rng); 231 230
-1
drivers/char/hw_random/cn10k-rng.c
··· 145 145 return -ENOMEM; 146 146 147 147 rng->ops.read = cn10k_rng_read; 148 - rng->ops.quality = 1000; 149 148 rng->ops.priv = (unsigned long)rng; 150 149 151 150 reset_rng_health_state(rng);
+3 -6
drivers/char/hw_random/core.c
··· 41 41 static int data_avail; 42 42 static u8 *rng_buffer, *rng_fillbuf; 43 43 static unsigned short current_quality; 44 - static unsigned short default_quality; /* = 0; default to "off" */ 44 + static unsigned short default_quality = 1024; /* default to maximum */ 45 45 46 46 module_param(current_quality, ushort, 0644); 47 47 MODULE_PARM_DESC(current_quality, 48 48 "current hwrng entropy estimation per 1024 bits of input -- obsolete, use rng_quality instead"); 49 49 module_param(default_quality, ushort, 0644); 50 50 MODULE_PARM_DESC(default_quality, 51 - "default entropy content of hwrng per 1024 bits of input"); 51 + "default maximum entropy content of hwrng per 1024 bits of input"); 52 52 53 53 static void drop_current_rng(void); 54 54 static int hwrng_init(struct hwrng *rng); ··· 170 170 reinit_completion(&rng->cleanup_done); 171 171 172 172 skip_init: 173 - if (!rng->quality) 174 - rng->quality = default_quality; 175 - if (rng->quality > 1024) 176 - rng->quality = 1024; 173 + rng->quality = min_t(u16, min_t(u16, default_quality, 1024), rng->quality ?: 1024); 177 174 current_quality = rng->quality; /* obsolete */ 178 175 179 176 return 0;
-1
drivers/char/hw_random/mpfs-rng.c
··· 78 78 79 79 rng_priv->rng.read = mpfs_rng_read; 80 80 rng_priv->rng.name = pdev->name; 81 - rng_priv->rng.quality = 1024; 82 81 83 82 platform_set_drvdata(pdev, rng_priv); 84 83
-1
drivers/char/hw_random/npcm-rng.c
··· 111 111 priv->rng.name = pdev->name; 112 112 priv->rng.read = npcm_rng_read; 113 113 priv->rng.priv = (unsigned long)&pdev->dev; 114 - priv->rng.quality = 1000; 115 114 priv->clkp = (u32)(uintptr_t)of_device_get_match_data(&pdev->dev); 116 115 117 116 writel(NPCM_RNG_M1ROSEL, priv->base + NPCM_RNGMODE_REG);
-1
drivers/char/hw_random/s390-trng.c
··· 191 191 .name = "s390-trng", 192 192 .data_read = trng_hwrng_data_read, 193 193 .read = trng_hwrng_read, 194 - .quality = 1024, 195 194 }; 196 195 197 196
-2
drivers/char/hw_random/timeriomem-rng.c
··· 145 145 if (!of_property_read_u32(pdev->dev.of_node, 146 146 "quality", &i)) 147 147 priv->rng_ops.quality = i; 148 - else 149 - priv->rng_ops.quality = 0; 150 148 } else { 151 149 period = pdata->period; 152 150 priv->rng_ops.quality = pdata->quality;
-1
drivers/char/hw_random/virtio-rng.c
··· 148 148 .cleanup = virtio_cleanup, 149 149 .priv = (unsigned long)vi, 150 150 .name = vi->name, 151 - .quality = 1000, 152 151 }; 153 152 vdev->priv = vi; 154 153
-1
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c
··· 108 108 } 109 109 ce->trng.name = "sun8i Crypto Engine TRNG"; 110 110 ce->trng.read = sun8i_ce_trng_read; 111 - ce->trng.quality = 1000; 112 111 113 112 ret = hwrng_register(&ce->trng); 114 113 if (ret)
-1
drivers/crypto/atmel-sha204a.c
··· 107 107 108 108 i2c_priv->hwrng.name = dev_name(&client->dev); 109 109 i2c_priv->hwrng.read = atmel_sha204a_rng_read; 110 - i2c_priv->hwrng.quality = 1024; 111 110 112 111 ret = devm_hwrng_register(&client->dev, &i2c_priv->hwrng); 113 112 if (ret)
-1
drivers/crypto/caam/caamrng.c
··· 246 246 ctx->rng.cleanup = caam_cleanup; 247 247 ctx->rng.read = caam_read; 248 248 ctx->rng.priv = (unsigned long)ctx; 249 - ctx->rng.quality = 1024; 250 249 251 250 dev_info(ctrldev, "registering rng-caam\n"); 252 251
-1
drivers/firmware/turris-mox-rwtm.c
··· 528 528 rwtm->hwrng.name = DRIVER_NAME "_hwrng"; 529 529 rwtm->hwrng.read = mox_hwrng_read; 530 530 rwtm->hwrng.priv = (unsigned long) rwtm; 531 - rwtm->hwrng.quality = 1024; 532 531 533 532 ret = devm_hwrng_register(dev, &rwtm->hwrng); 534 533 if (ret < 0) {
-6
drivers/s390/crypto/zcrypt_api.c
··· 53 53 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_req); 54 54 EXPORT_TRACEPOINT_SYMBOL(s390_zcrypt_rep); 55 55 56 - static int zcrypt_hwrng_seed = 1; 57 - module_param_named(hwrng_seed, zcrypt_hwrng_seed, int, 0440); 58 - MODULE_PARM_DESC(hwrng_seed, "Turn on/off hwrng auto seed, default is 1 (on)."); 59 - 60 56 DEFINE_SPINLOCK(zcrypt_list_lock); 61 57 LIST_HEAD(zcrypt_card_list); 62 58 ··· 2059 2063 goto out; 2060 2064 } 2061 2065 zcrypt_rng_buffer_index = 0; 2062 - if (!zcrypt_hwrng_seed) 2063 - zcrypt_rng_dev.quality = 0; 2064 2066 rc = hwrng_register(&zcrypt_rng_dev); 2065 2067 if (rc) 2066 2068 goto out_free;
-1
drivers/usb/misc/chaoskey.c
··· 200 200 201 201 dev->hwrng.name = dev->name ? dev->name : chaoskey_driver.name; 202 202 dev->hwrng.read = chaoskey_rng_read; 203 - dev->hwrng.quality = 1024; 204 203 205 204 dev->hwrng_registered = (hwrng_register(&dev->hwrng) == 0); 206 205 if (!dev->hwrng_registered)
+1 -1
include/linux/hw_random.h
··· 34 34 * @priv: Private data, for use by the RNG driver. 35 35 * @quality: Estimation of true entropy in RNG's bitstream 36 36 * (in bits of entropy per 1024 bits of input; 37 - * valid values: 1 to 1024, or 0 for unknown). 37 + * valid values: 1 to 1024, or 0 for maximum). 38 38 */ 39 39 struct hwrng { 40 40 const char *name;