On Wed, Nov 14, 2012 at 8:12 PM, Jeff Liu <[email protected]> wrote: > Hello, > > The problems have been fixed in this version as per Kees's comments for v3. > > Hi Kees, > Would you please ACK this patch if you think it is ok except the strength > of these various RNGs you are concerned? > > > Changes: > -------- > v4->v3: > - s/random_stack_user()/get_atrandom_bytes()/ > - Move this function to ahead of its use to avoid the predeclaration. > > v3->v2: > - Tweak code comments of random_stack_user(). > - Remove redundant bits mask and shift upon the random variable. > > v2->v1: > - Fix random copy to check up buffer length that are not 4-byte multiples. > > v3 can be found at: > http://www.spinics.net/lists/linux-fsdevel/msg59597.html > v2 can be found at: > http://www.spinics.net/lists/linux-fsdevel/msg59418.html > v1 can be found at: > http://www.spinics.net/lists/linux-fsdevel/msg59128.html > > > Thanks, > -Jeff > > > Entropy is quickly depleted under normal operations like ls(1), cat(1), > etc... between 2.6.30 to current mainline, for instance: > > $ cat /proc/sys/kernel/random/entropy_avail > 3428 > $ cat /proc/sys/kernel/random/entropy_avail > 2911 > $cat /proc/sys/kernel/random/entropy_avail > 2620 > > We observed this problem has been occurring since 2.6.30 with > fs/binfmt_elf.c: create_elf_tables()->get_random_bytes(), introduced by > f06295b44c296c8f ("ELF: implement AT_RANDOM for glibc PRNG seeding"). > > /* > * Generate 16 random bytes for userspace PRNG seeding. > */ > get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); > > The patch introduces a wrapper around get_random_int() which has lower > overhead than calling get_random_bytes() directly. > > With this patch applied: > $ cat /proc/sys/kernel/random/entropy_avail > 2731 > $ cat /proc/sys/kernel/random/entropy_avail > 2802 > $ cat /proc/sys/kernel/random/entropy_avail > 2878 > > Analyzed by John Sobecki. > > Signed-off-by: Jie Liu <[email protected]> > Cc: Andrew Morton <[email protected]> > Cc: Al Viro <[email protected]> > Cc: Andreas Dilger <[email protected]> > Cc: Alan Cox <[email protected]> > Cc: Arnd Bergmann <[email protected]> > Cc: John Sobecki <[email protected]> > Cc: James Morris <[email protected]> > Cc: Jakub Jelinek <[email protected]> > Cc: Ted Ts'o <[email protected]> > Cc: Greg Kroah-Hartman <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: Ulrich Drepper <[email protected]>
Acked-by: Kees Cook <[email protected]> -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
