diff mbox series

hwrng: core - Fix wrong quality calculation at hw rng registration

Message ID 20240621095459.43622-1-freude@linux.ibm.com (mailing list archive)
State Changes Requested
Delegated to: Herbert Xu
Headers show
Series hwrng: core - Fix wrong quality calculation at hw rng registration | expand

Commit Message

Harald Freudenberger June 21, 2024, 9:54 a.m. UTC
When there are rng sources registering at the hwrng core via
hwrng_register() a struct hwrng is delivered. There is a quality
field in there which is used to decide which of the registered
hw rng sources will be used by the hwrng core.

With commit 16bdbae39428 ("hwrng: core - treat default_quality as
a maximum and default to 1024") there came in a new default of
1024 in case this field is empty and all the known hw rng sources
at that time had been reworked to not fill this field and thus
use the default of 1024.

The code choosing the 'better' hw rng source during registration
of a new hw rng source has never been adapted to this and thus
used 0 if the hw rng implementation does not fill the quality field.
So when two rng sources register, one with 0 (meaning 1024) and
the other one with 999, the 999 hw rng will be chosen.

This patch simple takes into account that a quality field value
of 0 is to be treated as 1024 and then the decision about which
hw rng to use works as expected.

Tested on s390 with two hardware rng sources: crypto cards and
trng true random generator device driver.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>

Reported-by: Christian Rund <Christian.Rund@de.ibm.com>
Fixes: 16bdbae39428 ("hwrng: core - treat default_quality as a maximum and default to 1024")
---
 drivers/char/hw_random/core.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Herbert Xu June 21, 2024, 11:17 a.m. UTC | #1
On Fri, Jun 21, 2024 at 11:54:59AM +0200, Harald Freudenberger wrote:
>
> @@ -545,8 +546,14 @@ int hwrng_register(struct hwrng *rng)
>  	complete(&rng->cleanup_done);
>  	init_completion(&rng->dying);
>  
> +	/* Quality field not set in struct hwrng means 1024 */
> +	rng_quality = rng->quality ? rng->quality : 1024;
> +	cur_quality = current_rng ?
> +		(current_rng->quality ? current_rng->quality : 1024) :
> +		0;

The number 1024 is meant to be user configurable.  We sould move
the rng->quality initialisation from hwrng_init to hwrng_register.

Thanks,
Holger Dengler June 21, 2024, 11:31 a.m. UTC | #2
On 21/06/2024 11:54, Harald Freudenberger wrote:
> When there are rng sources registering at the hwrng core via
> hwrng_register() a struct hwrng is delivered. There is a quality
> field in there which is used to decide which of the registered
> hw rng sources will be used by the hwrng core.
> 
> With commit 16bdbae39428 ("hwrng: core - treat default_quality as
> a maximum and default to 1024") there came in a new default of
> 1024 in case this field is empty and all the known hw rng sources
> at that time had been reworked to not fill this field and thus
> use the default of 1024.
> 
> The code choosing the 'better' hw rng source during registration
> of a new hw rng source has never been adapted to this and thus
> used 0 if the hw rng implementation does not fill the quality field.
> So when two rng sources register, one with 0 (meaning 1024) and
> the other one with 999, the 999 hw rng will be chosen.
> 
> This patch simple takes into account that a quality field value
> of 0 is to be treated as 1024 and then the decision about which
> hw rng to use works as expected.
> 
> Tested on s390 with two hardware rng sources: crypto cards and
> trng true random generator device driver.
> 
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> 
> Reported-by: Christian Rund <Christian.Rund@de.ibm.com>
> Fixes: 16bdbae39428 ("hwrng: core - treat default_quality as a maximum and default to 1024")
> ---
>  drivers/char/hw_random/core.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
> index 4084df65c9fa..993b8a1f1d19 100644
> --- a/drivers/char/hw_random/core.c
> +++ b/drivers/char/hw_random/core.c
> @@ -525,6 +525,7 @@ static int hwrng_fillfn(void *unused)
>  
>  int hwrng_register(struct hwrng *rng)
>  {
> +	unsigned short rng_quality, cur_quality;

In my opinion, we no not need these variables.

>  	int err = -EINVAL;
>  	struct hwrng *tmp;
>  
> @@ -545,8 +546,14 @@ int hwrng_register(struct hwrng *rng)
>  	complete(&rng->cleanup_done);
>  	init_completion(&rng->dying);
>  
> +	/* Quality field not set in struct hwrng means 1024 */
> +	rng_quality = rng->quality ? rng->quality : 1024;

Please use the shortcut "(a) ?: (b)" for "(a) ? (a) : (b)", also remove non-necessary parenthesis.

	rng_quality = rng->quality ?: 1024;

Because this variable is only used once, you can also change it directly in the if statement below.

> +	cur_quality = current_rng ?
> +		(current_rng->quality ? current_rng->quality : 1024) :
> +		0;
> +

This one is not necessary. The quality field of current_rng is has been updated already by the hwrng_init() function. 

>  	if (!current_rng ||
> -	    (!cur_rng_set_by_user && rng->quality > current_rng->quality)) {
> +	    (!cur_rng_set_by_user && rng_quality > cur_quality)) {

Unfortunately, the quality field of rng is read here, before the quality field is updated by hwrng_init().
Maybe we can use the following:

  	if (!current_rng ||
	    (!cur_rng_set_by_user && (rng->quality ?: 1024) > current_rng->quality)) {

>  		/*
>  		 * Set new rng as current as the new rng source
>  		 * provides better entropy quality and was not
diff mbox series

Patch

diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index 4084df65c9fa..993b8a1f1d19 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -525,6 +525,7 @@  static int hwrng_fillfn(void *unused)
 
 int hwrng_register(struct hwrng *rng)
 {
+	unsigned short rng_quality, cur_quality;
 	int err = -EINVAL;
 	struct hwrng *tmp;
 
@@ -545,8 +546,14 @@  int hwrng_register(struct hwrng *rng)
 	complete(&rng->cleanup_done);
 	init_completion(&rng->dying);
 
+	/* Quality field not set in struct hwrng means 1024 */
+	rng_quality = rng->quality ? rng->quality : 1024;
+	cur_quality = current_rng ?
+		(current_rng->quality ? current_rng->quality : 1024) :
+		0;
+
 	if (!current_rng ||
-	    (!cur_rng_set_by_user && rng->quality > current_rng->quality)) {
+	    (!cur_rng_set_by_user && rng_quality > cur_quality)) {
 		/*
 		 * Set new rng as current as the new rng source
 		 * provides better entropy quality and was not