Hello, Entropy quickly depleting under normal I/O operations like ls(1), cat(1), etc... between 2.6.30 to current mainline, for instance: $ cat /proc/sys/kernel/random/entropy_avail 3428 $ cat /proc/sys/kernel/random/entropy_avail 2911 $cat /proc/sys/kernel/random/entropy_avail 2620 We observed this problem has been occurred with fs/binfmt_elf.c: create_elf_tables()->get_random_bytes() was introduced began at 2.6.30. /* * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); This proposal patch is trying to introduce a wrapper of get_random_int() which has lower overhead than calling get_random_bytes() directly. With this patch applied: $ cat /proc/sys/kernel/random/entropy_avail 2731 $ cat /proc/sys/kernel/random/entropy_avail 2802 $ cat /proc/sys/kernel/random/entropy_avail 2878 v2->v1: ------- - Fix random copy to check up buffer length that are not 4-byte multiples according to Andreas's comments, thank you. v1 can be found at: http://www.spinics.net/lists/linux-fsdevel/msg59128.html Any comments are more than welcome! -Jeff Signed-off-by: Jie Liu <jeff.liu@xxxxxxxxxx> Analyzed-by: John Sobecki <john.sobecki@xxxxxxxxxx> CC: Al Viro <viro@xxxxxxxxxxxxxxxxxx> CC: Andreas Dilger <aedilger@xxxxxxxxx> CC: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> CC: Alan Cox <alan@xxxxxxxxxxxxxxx> CC: Arnd Bergmann <arnn@xxxxxxxx> CC: James Morris <james.l.morris@xxxxxxxxxx> CC: Ted Ts'o <tytso@xxxxxxx> CC: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/binfmt_elf.c | 26 +++++++++++++++++++++++++- 1 files changed, 25 insertions(+), 1 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index fbd9f60..2c8121f 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -48,6 +48,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs); static int load_elf_library(struct file *); static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long); +static void randomize_stack_user(unsigned char *buf, size_t nbytes); /* * If we don't support core dumping, then supply a NULL so we @@ -200,7 +201,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, /* * Generate 16 random bytes for userspace PRNG seeding. */ - get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); + randomize_stack_user(k_rand_bytes, sizeof(k_rand_bytes)); u_rand_bytes = (elf_addr_t __user *) STACK_ALLOC(p, sizeof(k_rand_bytes)); if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) @@ -558,6 +559,29 @@ static unsigned long randomize_stack_top(unsigned long stack_top) #endif } +/* + * A wrapper of get_random_int() to generate random bytes which has lower + * overhead than call get_random_bytes() directly. + * create_elf_tables() call this function to generate 16 random bytes for + * userspace PRNG seeding. + */ +static void randomize_stack_user(unsigned char *buf, size_t nbytes) +{ + unsigned char *p = buf; + + while (nbytes) { + unsigned int random_variable; + size_t chunk = min(nbytes, sizeof(unsigned int)); + + random_variable = get_random_int() & STACK_RND_MASK; + random_variable <<= PAGE_SHIFT; + + memcpy(p, &random_variable, chunk); + p += chunk; + nbytes -= chunk; + } +} + static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) { struct file *interpreter = NULL; /* to shut gcc up */ -- 1.7.4.1 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
