Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-7.1.y 2026-03-09T20:27:21+00:00 2026-03-09T20:27:21+00:00 David Howells dhowells@redhat.com 2026-02-26T01:00:05+00:00 urn:sha1:ce260754bb435aea18e6a1a1ce3759249013f5a4 Make the jitterentropy RNG use the SHA-3 library API instead of crypto_shash. This ends up being quite a bit simpler, as various dynamic allocations and error checks become unnecessary. Signed-off-by: David Howells <dhowells@redhat.com> Co-developed-by: Eric Biggers <ebiggers@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260226010005.43528-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2025-07-18T10:52:01+00:00 Ruben Wauters rubenru09@aol.com 2025-07-13T13:13:50+00:00 urn:sha1:4fec76bcc5357fb10f2f69c1bf1e163db93616f1 The ARRAY_SIZE macro is already defined in linux/array_size.h This patch replaces the ARRAY_SIZE definition in jitterentropy.c with an include, to make the code cleaner, and help reduce the number of duplicate ARRAY_SIZE definitions in the codebase. Signed-off-by: Ruben Wauters <rubenru09@aol.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-08-30T10:22:30+00:00 Thorsten Blum thorsten.blum@toblux.com 2024-08-19T14:18:44+00:00 urn:sha1:7f60adffe531c06bacab79dbf687f0ea85fb99e8 Use the min() macro to simplify the jent_read_entropy() function and improve its readability. Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-04-05T07:46:33+00:00 Thorsten Blum thorsten.blum@toblux.com 2024-03-29T15:53:45+00:00 urn:sha1:4ad27a8be9dbefd4820da0f60da879d512b2f659 The PDF is also available via https. Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-04-05T07:46:33+00:00 Thorsten Blum thorsten.blum@toblux.com 2024-03-29T15:44:54+00:00 urn:sha1:8fa5f4f01c9fb4d4e2af1ebf6537c7b814c9eb2e s/in// Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-10-27T10:04:25+00:00 Stephan Müller smueller@chronox.de 2023-10-19T07:40:42+00:00 urn:sha1:cf27d9475f37fb69b5bc293e6e6d6c1d03cf7cc6 The health test result in the current code is only given for the currently processed raw time stamp. This implies to react on the health test error, the result must be checked after each raw time stamp being processed. To avoid this constant checking requirement, any health test error is recorded and stored to be analyzed at a later time, if needed. This change ensures that the power-up test catches any health test error. Without that patch, the power-up health test result is not enforced. The introduced changes are already in use with the user space version of the Jitter RNG. Fixes: 04597c8dd6c4 ("jitter - add RCT/APT support for different OSRs") Reported-by: Joachim Vandersmissen <git@jvdsn.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-10-13T10:31:07+00:00 Stephan Müller smueller@chronox.de 2023-10-07T07:10:43+00:00 urn:sha1:8405ec8e3c02df8b3720874c3e2169fef4553868 In case a health test error occurs during runtime, the power-up health tests are rerun to verify that the noise source is still good and that the reported health test error was an outlier. For performing this power-up health test, the already existing entropy collector instance is used instead of allocating a new one. This change has the following implications: * The noise that is collected as part of the newly run health tests is inserted into the entropy collector and thus stirs the existing data present in there further. Thus, the entropy collected during the health test is not wasted. This is also allowed by SP800-90B. * The power-on health test is not affected by the state of the entropy collector, because it resets the APT / RCT state. The remainder of the state is unrelated to the health test as it is only applied to newly obtained time stamps. This change also fixes a bug report about an allocation while in an atomic lock (the lock is taken in jent_kcapi_random, jent_read_entropy is called and this can call jent_entropy_init). Fixes: 04597c8dd6c4 ("jitter - add RCT/APT support for different OSRs") Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-10-01T08:28:15+00:00 Stephan Müller smueller@chronox.de 2023-09-21T11:48:33+00:00 urn:sha1:59bcfd788552504606e3eb774ae68052379396b6 The memory size consumed by the Jitter RNG is one contributing factor in the amount of entropy that is gathered. As the amount of entropy directly correlates with the distance of the memory from the CPU, the caches that are possibly present on a given system have an impact on the collected entropy. Thus, the kernel compile time should offer a means to configure the amount of memory used by the Jitter RNG. Although this option could be turned into a runtime option (e.g. a kernel command line option), it should remain a compile time option as otherwise adminsitrators who may not have performed an entropy assessment may select a value that is inappropriate. The default value selected by the configuration is identical to the current Jitter RNG value. Thus, the patch should not lead to any change in the Jitter RNG behavior. To accommodate larger memory buffers, kvzalloc / kvfree is used. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-10-01T08:28:15+00:00 Stephan Müller smueller@chronox.de 2023-09-21T11:48:11+00:00 urn:sha1:04597c8dd6c4b55e946fec50dc3b14a5d9d54501 The oversampling rate (OSR) value specifies the heuristically implied entropy in the recorded data - H_submitter = 1/osr. A different entropy estimate implies a different APT/RCT cutoff value. This change adds support for OSRs 1 through 15. This OSR can be selected by the caller of the Jitter RNG. For this patch, the caller still uses one hard-coded OSR. A subsequent patch allows this value to be configured. In addition, the power-up self test is adjusted as follows: * It allows the caller to provide an oversampling rate that should be tested with - commonly it should be the same as used for the actual runtime operation. This makes the power-up testing therefore consistent with the runtime operation. * It calls now jent_measure_jitter (i.e. collects the full entropy that can possibly be harvested by the Jitter RNG) instead of only jent_condition_data (which only returns the entropy harvested from the conditioning component). This should now alleviate reports where the Jitter RNG initialization thinks there is too little entropy. * The power-up test now solely relies on the (enhanced) APT and RCT test that is used as a health test at runtime. The code allowing the different OSRs as well as the power-up test changes are present in the user space version of the Jitter RNG 3.4.1 and thus was already in production use for some time. Reported-by "Ospan, Abylay" <aospan@amazon.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-08-11T11:19:52+00:00 Joachim Vandersmissen git@jvdsn.com 2023-08-06T19:19:03+00:00 urn:sha1:91cb1e1432b3d873a0c8831d0dd8022db98ac8b8 The RCT cutoff values are correct, but they don't exactly match the ones one would expect when computing them using the formula in SP800-90B. This discrepancy is due to the fact that the Jitter Entropy RCT starts at 1. To avoid any confusion by future reviewers, add some comments and explicitly subtract 1 from the "correct" cutoff values in the definitions. Signed-off-by: Joachim Vandersmissen <git@jvdsn.com> Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>