This is a note to let you know that I've just added the patch titled random: credit architectural init the exact amount to the 5.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: random-credit-architectural-init-the-exact-amount.patch and it can be found in the queue-5.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Thu May 26 04:17:01 PM CEST 2022 From: "Jason A. Donenfeld" <Jason@xxxxxxxxx> Date: Thu, 12 May 2022 15:32:26 +0200 Subject: random: credit architectural init the exact amount From: "Jason A. Donenfeld" <Jason@xxxxxxxxx> commit 12e45a2a6308105469968951e6d563e8f4fea187 upstream. RDRAND and RDSEED can fail sometimes, which is fine. We currently initialize the RNG with 512 bits of RDRAND/RDSEED. We only need 256 bits of those to succeed in order to initialize the RNG. Instead of the current "all or nothing" approach, actually credit these contributions the amount that is actually contributed. Reviewed-by: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/char/random.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -899,9 +899,8 @@ early_param("random.trust_bootloader", p */ int __init random_init(const char *command_line) { - size_t i; ktime_t now = ktime_get_real(); - bool arch_init = true; + unsigned int i, arch_bytes; unsigned long rv; #if defined(LATENT_ENTROPY_PLUGIN) @@ -909,11 +908,12 @@ int __init random_init(const char *comma _mix_pool_bytes(compiletime_seed, sizeof(compiletime_seed)); #endif - for (i = 0; i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) { + for (i = 0, arch_bytes = BLAKE2S_BLOCK_SIZE; + i < BLAKE2S_BLOCK_SIZE; i += sizeof(rv)) { if (!arch_get_random_seed_long_early(&rv) && !arch_get_random_long_early(&rv)) { rv = random_get_entropy(); - arch_init = false; + arch_bytes -= sizeof(rv); } _mix_pool_bytes(&rv, sizeof(rv)); } @@ -924,8 +924,8 @@ int __init random_init(const char *comma if (crng_ready()) crng_reseed(); - else if (arch_init && trust_cpu) - credit_init_bits(BLAKE2S_BLOCK_SIZE * 8); + else if (trust_cpu) + credit_init_bits(arch_bytes * 8); return 0; } Patches currently in stable-queue which might be from Jason@xxxxxxxxx are queue-5.18/random-remove-ratelimiting-for-in-kernel-unseeded-randomness.patch queue-5.18/random-fix-sysctl-documentation-nits.patch queue-5.18/random-help-compiler-out-with-fast_mix-by-using-simpler-arguments.patch queue-5.18/siphash-use-one-source-of-truth-for-siphash-permutations.patch queue-5.18/um-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/random-order-timer-entropy-functions-below-interrupt-functions.patch queue-5.18/random-unify-batched-entropy-implementations.patch queue-5.18/random-make-consistent-use-of-buf-and-len.patch queue-5.18/random-move-randomize_page-into-mm-where-it-belongs.patch queue-5.18/random-use-first-128-bits-of-input-as-fast-init.patch queue-5.18/random-use-proper-return-types-on-get_random_-int-long-_wait.patch queue-5.18/s390-define-get_cycles-macro-for-arch-override.patch queue-5.18/timekeeping-add-raw-clock-fallback-for-random_get_entropy.patch queue-5.18/random-use-static-branch-for-crng_ready.patch queue-5.18/arm-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/mips-use-fallback-for-random_get_entropy-instead-of-just-c0-random.patch queue-5.18/random-avoid-initializing-twice-in-credit-race.patch queue-5.18/random-move-initialization-functions-out-of-hot-pages.patch queue-5.18/random-do-not-pretend-to-handle-premature-next-security-model.patch queue-5.18/random-do-not-use-batches-when-crng_ready.patch queue-5.18/m68k-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/random-move-initialization-out-of-reseeding-hot-path.patch queue-5.18/x86-tsc-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/random-credit-architectural-init-the-exact-amount.patch queue-5.18/random-check-for-signals-after-page-of-pool-writes.patch queue-5.18/random-remove-extern-from-functions-in-header.patch queue-5.18/random-do-not-use-input-pool-from-hard-irqs.patch queue-5.18/random-wire-up-fops-splice_-read-write-_iter.patch queue-5.18/random-insist-on-random_get_entropy-existing-in-order-to-simplify.patch queue-5.18/powerpc-define-get_cycles-macro-for-arch-override.patch queue-5.18/parisc-define-get_cycles-macro-for-arch-override.patch queue-5.18/sparc-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/nios2-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/init-call-time_init-before-rand_initialize.patch queue-5.18/riscv-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/ia64-define-get_cycles-macro-for-arch-override.patch queue-5.18/random-handle-latent-entropy-and-command-line-from-random_init.patch queue-5.18/random-use-proper-jiffies-comparison-macro.patch queue-5.18/alpha-define-get_cycles-macro-for-arch-override.patch queue-5.18/random-convert-to-using-fops-read_iter.patch queue-5.18/xtensa-use-fallback-for-random_get_entropy-instead-of-zero.patch queue-5.18/random-use-symbolic-constants-for-crng_init-states.patch queue-5.18/random-convert-to-using-fops-write_iter.patch