On Tue, Sep 27, 2022 at 10:30 AM Dominik Brodowski linux@dominikbrodowski.net wrote:
Am Tue, Sep 27, 2022 at 10:28:11AM +0200 schrieb Jason A. Donenfeld:
On Tue, Sep 27, 2022 at 8:35 AM Dominik Brodowski linux@dominikbrodowski.net wrote:
#if defined(LATENT_ENTROPY_PLUGIN) static const u8 compiletime_seed[BLAKE2S_BLOCK_SIZE] __initconst __latent_entropy; @@ -803,34 +798,46 @@ int __init random_init(const char *command_line) i += longs; continue; }
entropy[0] = random_get_entropy();
_mix_pool_bytes(entropy, sizeof(*entropy)); arch_bits -= sizeof(*entropy) * 8; ++i; }
Previously, random_get_entropy() was mixed into the pool ARRAY_SIZE(entropy) times.
+/*
- This is called a little bit after the prior function, and now there is
- access to timestamps counters. Interrupts are not yet enabled.
- */
+void __init random_init(void) +{
unsigned long entropy = random_get_entropy();
ktime_t now = ktime_get_real();
_mix_pool_bytes(utsname(), sizeof(*(utsname())));
But now, it's only mixed into the pool once. Is this change on purpose?
Yea, it is. I don't think it's really doing much of use. Before we did it because it was convenient -- because we simply could. But in reality mostly what we care about is capturing when it gets to that point in the execution. For jitter, the actual jitter function (try_to_generate_entropy()) is better here.
However, before feeling too sad about it, remember that extract_entropy() is still filling a block with rdtsc when rdrand fails, the same way as this function was. So it's still in there anyway.
With that explanation on the record (I think it's important to make such subtle changes explicit),
Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
I'll augment the commit message to note this too. Thanks for the review.
Jason