random: use hwgenerator randomness more frequently at early boot

Mix in randomness from hw-rng sources more frequently during early boot, approximately once for every rng reseed. Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

random: use hwgenerator randomness more frequently at early boot
Mix in randomness from hw-rng sources more frequently during early boot, approximately once for every rng reseed. Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
745558f9 · Dominik Brodowski · Jason A. Donenfeld · cd4f24ae · 745558f9
Commit 745558f9 authored Sep 04, 2022 by Dominik Brodowski Committed by Jason A. Donenfeld Sep 23, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 12 deletions

drivers/char/random.c drivers/char/random.c +10 -12

No files found.
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -260,25 +260,23 @@ static void crng_fast_key_erasure(u8 key[CHACHA_KEY_SIZE],
 }
 /*
- * Return whether the crng seed is considered to be sufficiently old
+ * Return the interval until the next reseeding, which is normally
- * that a reseeding is needed. This happens if the last reseeding
+ * CRNG_RESEED_INTERVAL, but during early boot, it is at an interval
- * was CRNG_RESEED_INTERVAL ago, or during early boot, at an interval
 * proportional to the uptime.
 */
-static bool crng_has_old_seed(void)
+static unsigned int crng_reseed_interval(void)
 {
 	static bool early_boot = true;
-	unsigned long interval = CRNG_RESEED_INTERVAL;
 	if (unlikely(READ_ONCE(early_boot))) {
 		time64_t uptime = ktime_get_seconds();
 		if (uptime >= CRNG_RESEED_INTERVAL / HZ * 2)
 			WRITE_ONCE(early_boot, false);
 		else
-			interval = max_t(unsigned int, CRNG_RESEED_START_INTERVAL,
+			return max_t(unsigned int, CRNG_RESEED_START_INTERVAL,
-					 (unsigned int)uptime / 2 * HZ);
+				     (unsigned int)uptime / 2 * HZ);
 	}
-	return time_is_before_jiffies(READ_ONCE(base_crng.birth) + interval);
+	return CRNG_RESEED_INTERVAL;
 }
 /*
@@ -320,7 +318,7 @@ static void crng_make_state(u32 chacha_state[CHACHA_STATE_WORDS],
 	 * If the base_crng is old enough, we reseed, which in turn bumps the
 	 * generation counter that we check below.
 	 */
-	if (unlikely(crng_has_old_seed()))
+	if (unlikely(time_is_before_jiffies(READ_ONCE(base_crng.birth) + crng_reseed_interval())))
 		crng_reseed();
 	local_lock_irqsave(&crngs.lock, flags);
@@ -866,11 +864,11 @@ void add_hwgenerator_randomness(const void *buf, size_t len, size_t entropy)
 	credit_init_bits(entropy);
 	/*
-	 * Throttle writing to once every CRNG_RESEED_INTERVAL, unless
+	 * Throttle writing to once every reseed interval, unless we're not yet
-	 * we're not yet initialized.
+	 * initialized.
 	 */
 	if (!kthread_should_stop() && crng_ready())
-		schedule_timeout_interruptible(CRNG_RESEED_INTERVAL);
+		schedule_timeout_interruptible(crng_reseed_interval());
 }
 EXPORT_SYMBOL_GPL(add_hwgenerator_randomness);