summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2013-09-22 15:14:32 -0400
committerTheodore Ts'o <tytso@mit.edu>2013-10-10 14:32:19 -0400
commitf5c2742c23886e707f062881c5f206c1fc704782 (patch)
tree3acaa54c3f8e4dd55723b1c93ae36cbc648ad2bf
parentc59974aea43fd292a0784dbf7b3d7347e2caf4e9 (diff)
downloadop-kernel-dev-f5c2742c23886e707f062881c5f206c1fc704782.zip
op-kernel-dev-f5c2742c23886e707f062881c5f206c1fc704782.tar.gz
random: cap the rate which the /dev/urandom pool gets reseeded
In order to avoid draining the input pool of its entropy at too high of a rate, enforce a minimum time interval between reseedings of the urandom pool. This is set to 60 seconds by default. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-rw-r--r--drivers/char/random.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index b8809d4..a68b4a0 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -307,6 +307,13 @@ static int random_read_wakeup_thresh = 64;
static int random_write_wakeup_thresh = 128;
/*
+ * The minimum number of seconds between urandom pool resending. We
+ * do this to limit the amount of entropy that can be drained from the
+ * input pool even if there are heavy demands on /dev/urandom.
+ */
+static int random_min_urandom_seed = 60;
+
+/*
* When the input pool goes over trickle_thresh, start dropping most
* samples to avoid wasting CPU time and reduce lock contention.
*/
@@ -438,6 +445,7 @@ struct entropy_store {
struct entropy_store *pull;
/* read-write data: */
+ unsigned long last_pulled;
spinlock_t lock;
unsigned short add_ptr;
unsigned short input_rotate;
@@ -887,6 +895,14 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
{
__u32 tmp[OUTPUT_POOL_WORDS];
+ if (r->limit == 0 && random_min_urandom_seed) {
+ unsigned long now = jiffies;
+
+ if (time_before(now,
+ r->last_pulled + random_min_urandom_seed * HZ))
+ return;
+ r->last_pulled = now;
+ }
if (r->pull &&
r->entropy_count < (nbytes << (ENTROPY_SHIFT + 3)) &&
r->entropy_count < r->poolinfo->poolfracbits) {
@@ -1190,6 +1206,7 @@ static void init_std_data(struct entropy_store *r)
r->entropy_count = 0;
r->entropy_total = 0;
r->last_data_init = 0;
+ r->last_pulled = jiffies;
mix_pool_bytes(r, &now, sizeof(now), NULL);
for (i = r->poolinfo->poolbytes; i > 0; i -= sizeof(rv)) {
if (!arch_get_random_long(&rv))
@@ -1541,6 +1558,13 @@ struct ctl_table random_table[] = {
.extra2 = &max_write_thresh,
},
{
+ .procname = "urandom_min_reseed_secs",
+ .data = &random_min_urandom_seed,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+ {
.procname = "boot_id",
.data = &sysctl_bootid,
.maxlen = 16,
OpenPOWER on IntegriCloud