Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5401246c authored by Jason A. Donenfeld's avatar Jason A. Donenfeld Committed by Greg Kroah-Hartman
Browse files

random: deobfuscate irq u32/u64 contributions 



commit b2f408fe403800c91a49f6589d95b6759ce1b30b upstream.

In the irq handler, we fill out 16 bytes differently on 32-bit and
64-bit platforms, and for 32-bit vs 64-bit cycle counters, which doesn't
always correspond with the bitness of the platform. Whether or not you
like this strangeness, it is a matter of fact.  But it might not be a
fact you well realized until now, because the code that loaded the irq
info into 4 32-bit words was quite confusing.  Instead, this commit
makes everything explicit by having separate (compile-time) branches for
32-bit and 64-bit types.

Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 65e03354

drivers/char/random.c

+28 −21
Original line number Diff line number Diff line
@@ -284,7 +284,10 @@ static void mix_pool_bytes(const void *in, size_t nbytes) 
}



struct fast_pool {

	u32 pool[4];

	union {

		u32 pool32[4];

		u64 pool64[2];

	};

	unsigned long last;

	u16 reg_idx;

	u8 count;
@@ -295,10 +298,10 @@ struct fast_pool { 
 * collector.  It's hardcoded for an 128 bit pool and assumes that any

 * locks that might be needed are taken by the caller.

 */

static void fast_mix(struct fast_pool *f)

static void fast_mix(u32 pool[4])

{

	u32 a = f->pool[0],	b = f->pool[1];

	u32 c = f->pool[2],	d = f->pool[3];

	u32 a = pool[0],	b = pool[1];

	u32 c = pool[2],	d = pool[3];



	a += b;			c += d;

	b = rol32(b, 6);	d = rol32(d, 27);
@@ -316,9 +319,8 @@ static void fast_mix(struct fast_pool *f) 
	b = rol32(b, 16);	d = rol32(d, 14);

	d ^= a;			b ^= c;



	f->pool[0] = a;  f->pool[1] = b;

	f->pool[2] = c;  f->pool[3] = d;

	f->count++;

	pool[0] = a;  pool[1] = b;

	pool[2] = c;  pool[3] = d;

}



static void process_random_ready_list(void)
@@ -834,29 +836,34 @@ void add_interrupt_randomness(int irq) 
	struct pt_regs *regs = get_irq_regs();

	unsigned long now = jiffies;

	cycles_t cycles = random_get_entropy();

	u32 c_high, j_high;

	u64 ip;



	if (cycles == 0)

		cycles = get_reg(fast_pool, regs);

	c_high = (sizeof(cycles) > 4) ? cycles >> 32 : 0;

	j_high = (sizeof(now) > 4) ? now >> 32 : 0;

	fast_pool->pool[0] ^= cycles ^ j_high ^ irq;

	fast_pool->pool[1] ^= now ^ c_high;

	ip = regs ? instruction_pointer(regs) : _RET_IP_;

	fast_pool->pool[2] ^= ip;

	fast_pool->pool[3] ^=

		(sizeof(ip) > 4) ? ip >> 32 : get_reg(fast_pool, regs);



	fast_mix(fast_pool);

	if (sizeof(cycles) == 8)

		fast_pool->pool64[0] ^= cycles ^ rol64(now, 32) ^ irq;

	else {

		fast_pool->pool32[0] ^= cycles ^ irq;

		fast_pool->pool32[1] ^= now;

	}



	if (sizeof(unsigned long) == 8)

		fast_pool->pool64[1] ^= regs ? instruction_pointer(regs) : _RET_IP_;

	else {

		fast_pool->pool32[2] ^= regs ? instruction_pointer(regs) : _RET_IP_;

		fast_pool->pool32[3] ^= get_reg(fast_pool, regs);

	}



	fast_mix(fast_pool->pool32);

	++fast_pool->count;



	if (unlikely(crng_init == 0)) {

		if (fast_pool->count >= 64 &&

		    crng_fast_load(fast_pool->pool, sizeof(fast_pool->pool)) > 0) {

		    crng_fast_load(fast_pool->pool32, sizeof(fast_pool->pool32)) > 0) {

			fast_pool->count = 0;

			fast_pool->last = now;

			if (spin_trylock(&input_pool.lock)) {

				_mix_pool_bytes(&fast_pool->pool, sizeof(fast_pool->pool));

				_mix_pool_bytes(&fast_pool->pool32, sizeof(fast_pool->pool32));

				spin_unlock(&input_pool.lock);

			}

		}
@@ -870,7 +877,7 @@ void add_interrupt_randomness(int irq) 
		return;



	fast_pool->last = now;

	_mix_pool_bytes(&fast_pool->pool, sizeof(fast_pool->pool));

	_mix_pool_bytes(&fast_pool->pool32, sizeof(fast_pool->pool32));

	spin_unlock(&input_pool.lock);



	fast_pool->count = 0;