Currently we credit entropy (via add_input_randomness()) regardless of where an event comes form, a device itself, or an input handler, such as evdev (and thus from userspace). While access to event devices is supposed to be tightly controlled (one does not want random processes to be able to observe or inject keystrokes), developers may use evdev to inject events for testing purposes. Let's make sure that such events to not contribute to the entropy to keep the pool 'pure' and do not expose developer's boxes to not so random data. Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> --- drivers/input/input.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/input/input.c b/drivers/input/input.c index 260f00ebe34d..0126b8bb6afa 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -368,12 +368,15 @@ static int input_get_disposition(struct input_dev *dev, } static void input_handle_event(struct input_dev *dev, - unsigned int type, unsigned int code, int value) + unsigned int type, unsigned int code, int value, + bool can_credit_entropy) { int disposition = input_get_disposition(dev, type, code, &value); - if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN) + if (can_credit_entropy && + disposition != INPUT_IGNORE_EVENT && type != EV_SYN) { add_input_randomness(type, code, value); + } if ((disposition & INPUT_PASS_TO_DEVICE) && dev->event) dev->event(dev, type, code, value); @@ -434,7 +437,7 @@ void input_event(struct input_dev *dev, if (is_event_supported(type, dev->evbit, EV_MAX)) { spin_lock_irqsave(&dev->event_lock, flags); - input_handle_event(dev, type, code, value); + input_handle_event(dev, type, code, value, true); spin_unlock_irqrestore(&dev->event_lock, flags); } } @@ -464,7 +467,7 @@ void input_inject_event(struct input_handle *handle, rcu_read_lock(); grab = rcu_dereference(dev->grab); if (!grab || grab == handle) - input_handle_event(dev, type, code, value); + input_handle_event(dev, type, code, value, false); rcu_read_unlock(); spin_unlock_irqrestore(&dev->event_lock, flags); -- 2.19.0.397.gdd90340f6a-goog