Am Freitag, 5. Dezember 2014, 23:53:59 schrieb Herbert Xu: Hi Herbert, > On Wed, Dec 03, 2014 at 08:59:01PM +0100, Stephan Mueller wrote: > > +static int rng_recvmsg(struct kiocb *unused, struct socket *sock, > > + struct msghdr *msg, size_t len, int flags) > > +{ > > + struct sock *sk = sock->sk; > > + struct alg_sock *ask = alg_sk(sk); > > + struct rng_ctx *ctx = ask->private; > > + int err = -EFAULT; > > + > > + if (len == 0) > > + return 0; > > + if (len > MAXSIZE) > > + len = MAXSIZE; > > + > > + lock_sock(sk); > > This lock simply protects ctx->result. Since you're using a > tiny buffer why not just put it on the stack? When I developed the DRBG code, I got comments that 128 byte variables shall not be on the stack in kernel code. But if you agree that I can put a 128 byte variable on the stack, I will see it done. > > > + u8 *buf = kmalloc(seedsize, GFP_KERNEL); > > + if (!buf) > > + goto err; > > + get_random_bytes(buf, seedsize); > > + ret = crypto_rng_reset(private, buf, len); > > I think you should leave the seeding and the seed to the user. > Perhaps do it through setsockopt (on the parent socket). Sure. But please note that the seeding happens only when seedsize > 0. Such seeding therefore is not performed for krng, and the DRBG because both seed automatically. Therefore, may I propose the following: We offer a setsockopt for (re)seeding. For all RNGs with seedsize > 0, we return EAGAIN for recvmsg until a setsockopt for at least seedsize is provided. That would imply that krng and DRBG would be usable without seeding from user space. -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html