On Tue, 19 Sept 2023 at 23:06, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> This would be the potential change, BTW:
Entirely regardless of your fundamental question, no, that's not the
potential change.
That causes a crng_reseed() even if the write fails completely and
returns -EFAULT.
So at a *minimum*, I'd expect the patch to be be something like
memzero_explicit(block, sizeof(block));
- return ret ? ret : -EFAULT;
+ if (!ret)
+ return -EFAULT;
+ crng_reseed(NULL);
+ return ret;
but even then I'd ask
- wouldn't we want some kind of minimum check?
- do we really trust writes to add any actual entropy at all and at what point?
which are admittedly likely the same question just in different guises.
Also, are there any relevant architectures where
"try_to_generate_entropy()" doesn't work? IOW, why do you even care?
Linus
