Am Wed, Feb 09, 2022 at 02:19:15AM +0100 schrieb Jason A. Donenfeld: > Continuing the reasoning of "random: ensure early RDSEED goes through > mixer on init", we don't want RDRAND interacting with anything without > going through the mixer function, as a backdoored CPU could presumably > cancel out data during an xor, which it'd have a harder time doing when > being forced through a cryptographic hash function. There's actually no > need at all to be calling RDRAND in write_pool(), because before we > extract from the pool, we always do so with 32 bytes of RDSEED hashed in > at that stage. Xoring at this stage is needless and introduces a minor > liability. Looks good generally, just one unrelated change slipped in: > bytes = min(count, sizeof(buf)); > - if (copy_from_user(&buf, p, bytes)) > + if (copy_from_user(buf, p, bytes)) > return -EFAULT; Otherwise: Reviewed-by: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> Thanks, Dominik