1 files changed, 137 insertions, 35 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index e027e7fa1472..cd888d4ee605 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -261,6 +261,7 @@
 #include <linux/ptrace.h>
 #include <linux/workqueue.h>
 #include <linux/irq.h>
+#include <linux/ratelimit.h>
 #include <linux/syscalls.h>
 #include <linux/completion.h>
 #include <linux/uuid.h>
@@ -427,8 +428,9 @@ struct crng_state primary_crng = {
 * its value (from 0->1->2).
 */
 static int crng_init = 0;
-#define crng_ready() (likely(crng_init > 0))
+#define crng_ready() (likely(crng_init > 1))
 static int crng_init_cnt = 0;
+static unsigned long crng_global_init_time = 0;
 #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
 static void _extract_crng(struct crng_state *crng,
                          __u32 out[CHACHA20_BLOCK_WORDS]);
@@ -437,6 +439,16 @@ static void _crng_backtrack_protect(struct crng_state *crng,
 static void process_random_ready_list(void);
 static void _get_random_bytes(void *buf, int nbytes);
+static struct ratelimit_state unseeded_warning =
+        RATELIMIT_STATE_INIT("warn_unseeded_randomness", HZ, 3);
+static struct ratelimit_state urandom_warning =
+        RATELIMIT_STATE_INIT("warn_urandom_randomness", HZ, 3);
+static int ratelimit_disable __read_mostly;
+module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
+MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
 /**********************************************************************
 *
 * OS independent entropy store.   Here are the functions which handle
@@ -787,6 +799,43 @@ static void crng_initialize(struct crng_state *crng)
        crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;
 }
+#ifdef CONFIG_NUMA
+static void do_numa_crng_init(struct work_struct *work)
+{
+        int i;
+        struct crng_state *crng;
+        struct crng_state **pool;
+        pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
+        for_each_online_node(i) {
+                crng = kmalloc_node(sizeof(struct crng_state),
+                                    GFP_KERNEL | __GFP_NOFAIL, i);
+                spin_lock_init(&crng->lock);
+                crng_initialize(crng);
+                pool[i] = crng;
+        }
+        mb();
+        if (cmpxchg(&crng_node_pool, NULL, pool)) {
+                for_each_node(i)
+                        kfree(pool[i]);
+                kfree(pool);
+        }
+}
+static DECLARE_WORK(numa_crng_init_work, do_numa_crng_init);
+static void numa_crng_init(void)
+{
+        schedule_work(&numa_crng_init_work);
+}
+#else
+static void numa_crng_init(void) {}
+#endif
+/*
+ * crng_fast_load() can be called by code in the interrupt service
+ * path.  So we can't afford to dilly-dally.
+ */
 static int crng_fast_load(const char *cp, size_t len)
 {
        unsigned long flags;
@@ -794,7 +843,7 @@ static int crng_fast_load(const char *cp, size_t len)
        if (!spin_trylock_irqsave(&primary_crng.lock, flags))
                return 0;
-        if (crng_ready()) {
+        if (crng_init != 0) {
                spin_unlock_irqrestore(&primary_crng.lock, flags);
                return 0;
        }
@@ -813,6 +862,51 @@ static int crng_fast_load(const char *cp, size_t len)
        return 1;
 }
+/*
+ * crng_slow_load() is called by add_device_randomness, which has two
+ * attributes.  (1) We can't trust the buffer passed to it is
+ * guaranteed to be unpredictable (so it might not have any entropy at
+ * all), and (2) it doesn't have the performance constraints of
+ * crng_fast_load().
+ *
+ * So we do something more comprehensive which is guaranteed to touch
+ * all of the primary_crng's state, and which uses a LFSR with a
+ * period of 255 as part of the mixing algorithm.  Finally, we do
+ * *not* advance crng_init_cnt since buffer we may get may be something
+ * like a fixed DMI table (for example), which might very well be
+ * unique to the machine, but is otherwise unvarying.
+ */
+static int crng_slow_load(const char *cp, size_t len)
+{
+        unsigned long           flags;
+        static unsigned char    lfsr = 1;
+        unsigned char           tmp;
+        unsigned                i, max = CHACHA20_KEY_SIZE;
+        const char *            src_buf = cp;
+        char *                  dest_buf = (char *) &primary_crng.state[4];
+        if (!spin_trylock_irqsave(&primary_crng.lock, flags))
+                return 0;
+        if (crng_init != 0) {
+                spin_unlock_irqrestore(&primary_crng.lock, flags);
+                return 0;
+        }
+        if (len > max)
+                max = len;
+        for (i = 0; i < max ; i++) {
+                tmp = lfsr;
+                lfsr >>= 1;
+                if (tmp & 1)
+                        lfsr ^= 0xE1;
+                tmp = dest_buf[i % CHACHA20_KEY_SIZE];
+                dest_buf[i % CHACHA20_KEY_SIZE] ^= src_buf[i % len] ^ lfsr;
+                lfsr += (tmp << 3) | (tmp >> 5);
+        }
+        spin_unlock_irqrestore(&primary_crng.lock, flags);
+        return 1;
+}
 static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
 {
        unsigned long   flags;
@@ -831,7 +925,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
                _crng_backtrack_protect(&primary_crng, buf.block,
                                        CHACHA20_KEY_SIZE);
        }
-        spin_lock_irqsave(&primary_crng.lock, flags);
+        spin_lock_irqsave(&crng->lock, flags);
        for (i = 0; i < 8; i++) {
                unsigned long   rv;
                if (!arch_get_random_seed_long(&rv) &&
@@ -841,13 +935,26 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
        }
        memzero_explicit(&buf, sizeof(buf));
        crng->init_time = jiffies;
-        spin_unlock_irqrestore(&primary_crng.lock, flags);
+        spin_unlock_irqrestore(&crng->lock, flags);
        if (crng == &primary_crng && crng_init < 2) {
                invalidate_batched_entropy();
+                numa_crng_init();
                crng_init = 2;
                process_random_ready_list();
                wake_up_interruptible(&crng_init_wait);
                pr_notice("random: crng init done\n");
+                if (unseeded_warning.missed) {
+                        pr_notice("random: %d get_random_xx warning(s) missed "
+                                  "due to ratelimiting\n",
+                                  unseeded_warning.missed);
+                        unseeded_warning.missed = 0;
+                }
+                if (urandom_warning.missed) {
+                        pr_notice("random: %d urandom warning(s) missed "
+                                  "due to ratelimiting\n",
+                                  urandom_warning.missed);
+                        urandom_warning.missed = 0;
+                }
        }
 }
@@ -856,8 +963,9 @@ static void _extract_crng(struct crng_state *crng,
 {
        unsigned long v, flags;
-        if (crng_init > 1 &&
+        if (crng_ready() &&
-            time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))
+            (time_after(crng_global_init_time, crng->init_time) ||
+             time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
                crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
        spin_lock_irqsave(&crng->lock, flags);
        if (arch_get_random_long(&v))
@@ -981,10 +1089,8 @@ void add_device_randomness(const void *buf, unsigned int size)
        unsigned long time = random_get_entropy() ^ jiffies;
        unsigned long flags;
-        if (!crng_ready()) {
+        if (!crng_ready() && size)
-                crng_fast_load(buf, size);
+                crng_slow_load(buf, size);
-                return;
-        }
        trace_add_device_randomness(size, _RET_IP_);
        spin_lock_irqsave(&input_pool.lock, flags);
@@ -1139,7 +1245,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
        fast_mix(fast_pool);
        add_interrupt_bench(cycles);
-        if (!crng_ready()) {
+        if (unlikely(crng_init == 0)) {
                if ((fast_pool->count >= 64) &&
                    crng_fast_load((char *) fast_pool->pool,
                                   sizeof(fast_pool->pool))) {
@@ -1489,8 +1595,9 @@ static void _warn_unseeded_randomness(const char *func_name, void *caller,
 #ifndef CONFIG_WARN_ALL_UNSEEDED_RANDOM
        print_once = true;
 #endif
-        pr_notice("random: %s called from %pS with crng_init=%d\n",
+        if (__ratelimit(&unseeded_warning))
-                  func_name, caller, crng_init);
+                pr_notice("random: %s called from %pS with crng_init=%d\n",
+                          func_name, caller, crng_init);
 }
 /*
@@ -1680,28 +1787,14 @@ static void init_std_data(struct entropy_store *r)
 */
 static int rand_initialize(void)
 {
-#ifdef CONFIG_NUMA
-        int i;
-        struct crng_state *crng;
-        struct crng_state **pool;
-#endif
        init_std_data(&input_pool);
        init_std_data(&blocking_pool);
        crng_initialize(&primary_crng);
+        crng_global_init_time = jiffies;
-#ifdef CONFIG_NUMA
+        if (ratelimit_disable) {
-        pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
+                urandom_warning.interval = 0;
-        for_each_online_node(i) {
+                unseeded_warning.interval = 0;
-                crng = kmalloc_node(sizeof(struct crng_state),
-                                    GFP_KERNEL | __GFP_NOFAIL, i);
-                spin_lock_init(&crng->lock);
-                crng_initialize(crng);
-                pool[i] = crng;
        }
-        mb();
-        crng_node_pool = pool;
-#endif
        return 0;
 }
 early_initcall(rand_initialize);
@@ -1769,9 +1862,10 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
        if (!crng_ready() && maxwarn > 0) {
                maxwarn--;
-                printk(KERN_NOTICE "random: %s: uninitialized urandom read "
+                if (__ratelimit(&urandom_warning))
-                       "(%zd bytes read)\n",
+                        printk(KERN_NOTICE "random: %s: uninitialized "
-                       current->comm, nbytes);
+                               "urandom read (%zd bytes read)\n",
+                               current->comm, nbytes);
                spin_lock_irqsave(&primary_crng.lock, flags);
                crng_init_cnt = 0;
                spin_unlock_irqrestore(&primary_crng.lock, flags);
@@ -1875,6 +1969,14 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
                input_pool.entropy_count = 0;
                blocking_pool.entropy_count = 0;
                return 0;
+        case RNDRESEEDCRNG:
+                if (!capable(CAP_SYS_ADMIN))
+                        return -EPERM;
+                if (crng_init < 2)
+                        return -ENODATA;
+                crng_reseed(&primary_crng, NULL);
+                crng_global_init_time = jiffies - 1;
+                return 0;
        default:
                return -EINVAL;
        }
@@ -2212,7 +2314,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
 {
        struct entropy_store *poolp = &input_pool;
-        if (!crng_ready()) {
+        if (unlikely(crng_init == 0)) {
                crng_fast_load(buffer, count);
                return;
        }

diff --git a/drivers/char/random.c b/drivers/char/random.c index e027e7fa1472..cd888d4ee605 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c
@@ -261,6 +261,7 @@
261	#include <linux/ptrace.h>	261	#include <linux/ptrace.h>
262	#include <linux/workqueue.h>	262	#include <linux/workqueue.h>
263	#include <linux/irq.h>	263	#include <linux/irq.h>
		264	#include <linux/ratelimit.h>
264	#include <linux/syscalls.h>	265	#include <linux/syscalls.h>
265	#include <linux/completion.h>	266	#include <linux/completion.h>
266	#include <linux/uuid.h>	267	#include <linux/uuid.h>
@@ -427,8 +428,9 @@ struct crng_state primary_crng = {
427	* its value (from 0->1->2).	428	* its value (from 0->1->2).
428	*/	429	*/
429	static int crng_init = 0;	430	static int crng_init = 0;
430	#define crng_ready() (likely(crng_init > 0))	431	#define crng_ready() (likely(crng_init > 1))
431	static int crng_init_cnt = 0;	432	static int crng_init_cnt = 0;
		433	static unsigned long crng_global_init_time = 0;
432	#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)	434	#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
433	static void _extract_crng(struct crng_state *crng,	435	static void _extract_crng(struct crng_state *crng,
434	__u32 out[CHACHA20_BLOCK_WORDS]);	436	__u32 out[CHACHA20_BLOCK_WORDS]);
@@ -437,6 +439,16 @@ static void _crng_backtrack_protect(struct crng_state *crng,
437	static void process_random_ready_list(void);	439	static void process_random_ready_list(void);
438	static void _get_random_bytes(void *buf, int nbytes);	440	static void _get_random_bytes(void *buf, int nbytes);
439		441
		442	static struct ratelimit_state unseeded_warning =
		443	RATELIMIT_STATE_INIT("warn_unseeded_randomness", HZ, 3);
		444	static struct ratelimit_state urandom_warning =
		445	RATELIMIT_STATE_INIT("warn_urandom_randomness", HZ, 3);
		446
		447	static int ratelimit_disable __read_mostly;
		448
		449	module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
		450	MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
		451
440	/**********************************************************************	452	/**********************************************************************
441	*	453	*
442	* OS independent entropy store. Here are the functions which handle	454	* OS independent entropy store. Here are the functions which handle
@@ -787,6 +799,43 @@ static void crng_initialize(struct crng_state *crng)
787	crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;	799	crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;
788	}	800	}
789		801
		802	#ifdef CONFIG_NUMA
		803	static void do_numa_crng_init(struct work_struct *work)
		804	{
		805	int i;
		806	struct crng_state *crng;
		807	struct crng_state **pool;
		808
		809	pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL\|__GFP_NOFAIL);
		810	for_each_online_node(i) {
		811	crng = kmalloc_node(sizeof(struct crng_state),
		812	GFP_KERNEL \| __GFP_NOFAIL, i);
		813	spin_lock_init(&crng->lock);
		814	crng_initialize(crng);
		815	pool[i] = crng;
		816	}
		817	mb();
		818	if (cmpxchg(&crng_node_pool, NULL, pool)) {
		819	for_each_node(i)
		820	kfree(pool[i]);
		821	kfree(pool);
		822	}
		823	}
		824
		825	static DECLARE_WORK(numa_crng_init_work, do_numa_crng_init);
		826
		827	static void numa_crng_init(void)
		828	{
		829	schedule_work(&numa_crng_init_work);
		830	}
		831	#else
		832	static void numa_crng_init(void) {}
		833	#endif
		834
		835	/*
		836	* crng_fast_load() can be called by code in the interrupt service
		837	* path. So we can't afford to dilly-dally.
		838	*/
790	static int crng_fast_load(const char *cp, size_t len)	839	static int crng_fast_load(const char *cp, size_t len)
791	{	840	{
792	unsigned long flags;	841	unsigned long flags;
@@ -794,7 +843,7 @@ static int crng_fast_load(const char *cp, size_t len)
794		843
795	if (!spin_trylock_irqsave(&primary_crng.lock, flags))	844	if (!spin_trylock_irqsave(&primary_crng.lock, flags))
796	return 0;	845	return 0;
797	if (crng_ready()) {	846	if (crng_init != 0) {
798	spin_unlock_irqrestore(&primary_crng.lock, flags);	847	spin_unlock_irqrestore(&primary_crng.lock, flags);
799	return 0;	848	return 0;
800	}	849	}
@@ -813,6 +862,51 @@ static int crng_fast_load(const char *cp, size_t len)
813	return 1;	862	return 1;
814	}	863	}
815		864
		865	/*
		866	* crng_slow_load() is called by add_device_randomness, which has two
		867	* attributes. (1) We can't trust the buffer passed to it is
		868	* guaranteed to be unpredictable (so it might not have any entropy at
		869	* all), and (2) it doesn't have the performance constraints of
		870	* crng_fast_load().
		871	*
		872	* So we do something more comprehensive which is guaranteed to touch
		873	* all of the primary_crng's state, and which uses a LFSR with a
		874	* period of 255 as part of the mixing algorithm. Finally, we do
		875	* not advance crng_init_cnt since buffer we may get may be something
		876	* like a fixed DMI table (for example), which might very well be
		877	* unique to the machine, but is otherwise unvarying.
		878	*/
		879	static int crng_slow_load(const char *cp, size_t len)
		880	{
		881	unsigned long flags;
		882	static unsigned char lfsr = 1;
		883	unsigned char tmp;
		884	unsigned i, max = CHACHA20_KEY_SIZE;
		885	const char * src_buf = cp;
		886	char * dest_buf = (char *) &primary_crng.state[4];
		887
		888	if (!spin_trylock_irqsave(&primary_crng.lock, flags))
		889	return 0;
		890	if (crng_init != 0) {
		891	spin_unlock_irqrestore(&primary_crng.lock, flags);
		892	return 0;
		893	}
		894	if (len > max)
		895	max = len;
		896
		897	for (i = 0; i < max ; i++) {
		898	tmp = lfsr;
		899	lfsr >>= 1;
		900	if (tmp & 1)
		901	lfsr ^= 0xE1;
		902	tmp = dest_buf[i % CHACHA20_KEY_SIZE];
		903	dest_buf[i % CHACHA20_KEY_SIZE] ^= src_buf[i % len] ^ lfsr;
		904	lfsr += (tmp << 3) \| (tmp >> 5);
		905	}
		906	spin_unlock_irqrestore(&primary_crng.lock, flags);
		907	return 1;
		908	}
		909
816	static void crng_reseed(struct crng_state crng, struct entropy_store r)	910	static void crng_reseed(struct crng_state crng, struct entropy_store r)
817	{	911	{
818	unsigned long flags;	912	unsigned long flags;
@@ -831,7 +925,7 @@ static void crng_reseed(struct crng_state crng, struct entropy_store r)
831	_crng_backtrack_protect(&primary_crng, buf.block,	925	_crng_backtrack_protect(&primary_crng, buf.block,
832	CHACHA20_KEY_SIZE);	926	CHACHA20_KEY_SIZE);
833	}	927	}
834	spin_lock_irqsave(&primary_crng.lock, flags);	928	spin_lock_irqsave(&crng->lock, flags);
835	for (i = 0; i < 8; i++) {	929	for (i = 0; i < 8; i++) {
836	unsigned long rv;	930	unsigned long rv;
837	if (!arch_get_random_seed_long(&rv) &&	931	if (!arch_get_random_seed_long(&rv) &&
@@ -841,13 +935,26 @@ static void crng_reseed(struct crng_state crng, struct entropy_store r)
841	}	935	}
842	memzero_explicit(&buf, sizeof(buf));	936	memzero_explicit(&buf, sizeof(buf));
843	crng->init_time = jiffies;	937	crng->init_time = jiffies;
844	spin_unlock_irqrestore(&primary_crng.lock, flags);	938	spin_unlock_irqrestore(&crng->lock, flags);
845	if (crng == &primary_crng && crng_init < 2) {	939	if (crng == &primary_crng && crng_init < 2) {
846	invalidate_batched_entropy();	940	invalidate_batched_entropy();
		941	numa_crng_init();
847	crng_init = 2;	942	crng_init = 2;
848	process_random_ready_list();	943	process_random_ready_list();
849	wake_up_interruptible(&crng_init_wait);	944	wake_up_interruptible(&crng_init_wait);
850	pr_notice("random: crng init done\n");	945	pr_notice("random: crng init done\n");
		946	if (unseeded_warning.missed) {
		947	pr_notice("random: %d get_random_xx warning(s) missed "
		948	"due to ratelimiting\n",
		949	unseeded_warning.missed);
		950	unseeded_warning.missed = 0;
		951	}
		952	if (urandom_warning.missed) {
		953	pr_notice("random: %d urandom warning(s) missed "
		954	"due to ratelimiting\n",
		955	urandom_warning.missed);
		956	urandom_warning.missed = 0;
		957	}
851	}	958	}
852	}	959	}
853		960
@@ -856,8 +963,9 @@ static void _extract_crng(struct crng_state *crng,
856	{	963	{
857	unsigned long v, flags;	964	unsigned long v, flags;
858		965
859	if (crng_init > 1 &&	966	if (crng_ready() &&
860	time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))	967	(time_after(crng_global_init_time, crng->init_time) \|\|
		968	time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
861	crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);	969	crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
862	spin_lock_irqsave(&crng->lock, flags);	970	spin_lock_irqsave(&crng->lock, flags);
863	if (arch_get_random_long(&v))	971	if (arch_get_random_long(&v))
@@ -981,10 +1089,8 @@ void add_device_randomness(const void *buf, unsigned int size)
981	unsigned long time = random_get_entropy() ^ jiffies;	1089	unsigned long time = random_get_entropy() ^ jiffies;
982	unsigned long flags;	1090	unsigned long flags;
983		1091
984	if (!crng_ready()) {	1092	if (!crng_ready() && size)
985	crng_fast_load(buf, size);	1093	crng_slow_load(buf, size);
986	return;
987	}
988		1094
989	trace_add_device_randomness(size, _RET_IP_);	1095	trace_add_device_randomness(size, _RET_IP_);
990	spin_lock_irqsave(&input_pool.lock, flags);	1096	spin_lock_irqsave(&input_pool.lock, flags);
@@ -1139,7 +1245,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
1139	fast_mix(fast_pool);	1245	fast_mix(fast_pool);
1140	add_interrupt_bench(cycles);	1246	add_interrupt_bench(cycles);
1141		1247
1142	if (!crng_ready()) {	1248	if (unlikely(crng_init == 0)) {
1143	if ((fast_pool->count >= 64) &&	1249	if ((fast_pool->count >= 64) &&
1144	crng_fast_load((char *) fast_pool->pool,	1250	crng_fast_load((char *) fast_pool->pool,
1145	sizeof(fast_pool->pool))) {	1251	sizeof(fast_pool->pool))) {
@@ -1489,8 +1595,9 @@ static void _warn_unseeded_randomness(const char func_name, void caller,
1489	#ifndef CONFIG_WARN_ALL_UNSEEDED_RANDOM	1595	#ifndef CONFIG_WARN_ALL_UNSEEDED_RANDOM
1490	print_once = true;	1596	print_once = true;
1491	#endif	1597	#endif
1492	pr_notice("random: %s called from %pS with crng_init=%d\n",	1598	if (__ratelimit(&unseeded_warning))
1493	func_name, caller, crng_init);	1599	pr_notice("random: %s called from %pS with crng_init=%d\n",
		1600	func_name, caller, crng_init);
1494	}	1601	}
1495		1602
1496	/*	1603	/*
@@ -1680,28 +1787,14 @@ static void init_std_data(struct entropy_store *r)
1680	*/	1787	*/
1681	static int rand_initialize(void)	1788	static int rand_initialize(void)
1682	{	1789	{
1683	#ifdef CONFIG_NUMA
1684	int i;
1685	struct crng_state *crng;
1686	struct crng_state **pool;
1687	#endif
1688
1689	init_std_data(&input_pool);	1790	init_std_data(&input_pool);
1690	init_std_data(&blocking_pool);	1791	init_std_data(&blocking_pool);
1691	crng_initialize(&primary_crng);	1792	crng_initialize(&primary_crng);
1692		1793	crng_global_init_time = jiffies;
1693	#ifdef CONFIG_NUMA	1794	if (ratelimit_disable) {
1694	pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL\|__GFP_NOFAIL);	1795	urandom_warning.interval = 0;
1695	for_each_online_node(i) {	1796	unseeded_warning.interval = 0;
1696	crng = kmalloc_node(sizeof(struct crng_state),
1697	GFP_KERNEL \| __GFP_NOFAIL, i);
1698	spin_lock_init(&crng->lock);
1699	crng_initialize(crng);
1700	pool[i] = crng;
1701	}	1797	}
1702	mb();
1703	crng_node_pool = pool;
1704	#endif
1705	return 0;	1798	return 0;
1706	}	1799	}
1707	early_initcall(rand_initialize);	1800	early_initcall(rand_initialize);
@@ -1769,9 +1862,10 @@ urandom_read(struct file file, char __user buf, size_t nbytes, loff_t *ppos)
1769		1862
1770	if (!crng_ready() && maxwarn > 0) {	1863	if (!crng_ready() && maxwarn > 0) {
1771	maxwarn--;	1864	maxwarn--;
1772	printk(KERN_NOTICE "random: %s: uninitialized urandom read "	1865	if (__ratelimit(&urandom_warning))
1773	"(%zd bytes read)\n",	1866	printk(KERN_NOTICE "random: %s: uninitialized "
1774	current->comm, nbytes);	1867	"urandom read (%zd bytes read)\n",
		1868	current->comm, nbytes);
1775	spin_lock_irqsave(&primary_crng.lock, flags);	1869	spin_lock_irqsave(&primary_crng.lock, flags);
1776	crng_init_cnt = 0;	1870	crng_init_cnt = 0;
1777	spin_unlock_irqrestore(&primary_crng.lock, flags);	1871	spin_unlock_irqrestore(&primary_crng.lock, flags);
@@ -1875,6 +1969,14 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1875	input_pool.entropy_count = 0;	1969	input_pool.entropy_count = 0;
1876	blocking_pool.entropy_count = 0;	1970	blocking_pool.entropy_count = 0;
1877	return 0;	1971	return 0;
		1972	case RNDRESEEDCRNG:
		1973	if (!capable(CAP_SYS_ADMIN))
		1974	return -EPERM;
		1975	if (crng_init < 2)
		1976	return -ENODATA;
		1977	crng_reseed(&primary_crng, NULL);
		1978	crng_global_init_time = jiffies - 1;
		1979	return 0;
1878	default:	1980	default:
1879	return -EINVAL;	1981	return -EINVAL;
1880	}	1982	}
@@ -2212,7 +2314,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
2212	{	2314	{
2213	struct entropy_store *poolp = &input_pool;	2315	struct entropy_store *poolp = &input_pool;
2214		2316
2215	if (!crng_ready()) {	2317	if (unlikely(crng_init == 0)) {
2216	crng_fast_load(buffer, count);	2318	crng_fast_load(buffer, count);
2217	return;	2319	return;
2218	}	2320	}