random: warn when kernel uses unseeded randomness

This enables an important dmesg notification about when drivers have used the crng without it being seeded first. Prior, these errors would occur silently, and so there hasn't been a great way of diagnosing these types of bugs for obscure setups. By adding this as a config option, we can leave it on by default, so that we learn where these issues happen, in the field, will still allowing some people to turn it off, if they really know what they're doing and do not want the log entries. However, we don't leave it _completely_ by default. An earlier version of this patch simply had `default y`. I'd really love that, but it turns out, this problem with unseeded randomness being used is really quite present and is going to take a long time to fix. Thus, as a compromise between log-messages-for-all and nobody-knows, this is `default y`, except it is also `depends on DEBUG_KERNEL`. This will ensure that the curious see the messages while others don't have to. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-06-07 23:06:55 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2017-06-19 22:06:28 -0400
commit: d06bfd1989fe97623b32d6df4ffa6e4338c99dc8 (patch)
tree: 26155c03fdfc23828c93712813a55f75b1b39e29 /drivers/char/random.c
parent: 7aed9f72c3c70bdc18e72ec086c1a0eafdcd273f (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 3853dd4f92e7..fa5bbd5a7ca0 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -288,7 +288,6 @@
 #define SEC_XFER_SIZE           512
 #define EXTRACT_SIZE            10
-#define DEBUG_RANDOM_BOOT 0
 #define LONGS(x) (((x) + sizeof(unsigned long) - 1)/sizeof(unsigned long))
@@ -1481,7 +1480,7 @@ void get_random_bytes(void *buf, int nbytes)
 {
        __u8 tmp[CHACHA20_BLOCK_SIZE];
-#if DEBUG_RANDOM_BOOT > 0
+#ifdef CONFIG_WARN_UNSEEDED_RANDOM
        if (!crng_ready())
                printk(KERN_NOTICE "random: %pF get_random_bytes called "
                       "with crng_init = %d\n", (void *) _RET_IP_, crng_init);
@@ -2075,6 +2074,12 @@ u64 get_random_u64(void)
            return ret;
 #endif
+#ifdef CONFIG_WARN_UNSEEDED_RANDOM
+        if (!crng_ready())
+                printk(KERN_NOTICE "random: %pF get_random_u64 called "
+                       "with crng_init = %d\n", (void *) _RET_IP_, crng_init);
+#endif
        batch = &get_cpu_var(batched_entropy_u64);
        if (use_lock)
                read_lock_irqsave(&batched_entropy_reset_lock, flags);
@@ -2101,6 +2106,12 @@ u32 get_random_u32(void)
        if (arch_get_random_int(&ret))
                return ret;
+#ifdef CONFIG_WARN_UNSEEDED_RANDOM
+        if (!crng_ready())
+                printk(KERN_NOTICE "random: %pF get_random_u32 called "
+                       "with crng_init = %d\n", (void *) _RET_IP_, crng_init);
+#endif
        batch = &get_cpu_var(batched_entropy_u32);
        if (use_lock)
                read_lock_irqsave(&batched_entropy_reset_lock, flags);
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-06-07 23:06:55 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2017-06-19 22:06:28 -0400
commit	d06bfd1989fe97623b32d6df4ffa6e4338c99dc8 (patch)
tree	26155c03fdfc23828c93712813a55f75b1b39e29 /drivers/char/random.c
parent	7aed9f72c3c70bdc18e72ec086c1a0eafdcd273f (diff)