random: Use arch-specific RNG to initialize the entropy store

commit 3e88bdff1c65145f7ba297ccec69c774afe4c785 upstream.

If there is an architecture-specific random number generator (such as
RDRAND for Intel architectures), use it to initialize /dev/random's
entropy stores.  Even in the worst case, if RDRAND is something like
AES(NSA_KEY, counter++), it won't hurt, and it will definitely help
against any other adversaries.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Link: http://lkml.kernel.org/r/1324589281-31931-1-git-send-email-tytso@mit.edu
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index ed86caedaa8c784691c0f97700d96deca4ac192d..4874f5546fcce47144f46a7aae97f1036da50de6 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -958,6 +958,7 @@ EXPORT_SYMBOL(get_random_bytes);
  */
 static void init_std_data(struct entropy_store *r)
 {
+       int i;
        ktime_t now;
        unsigned long flags;
 
@@ -967,6 +968,11 @@ static void init_std_data(struct entropy_store *r)
 
        now = ktime_get_real();
        mix_pool_bytes(r, &now, sizeof(now));
+       for (i = r->poolinfo->poolwords; i; i--) {
+               if (!arch_get_random_long(&flags))
+                       break;
+               mix_pool_bytes(r, &flags, sizeof(flags));
+       }
        mix_pool_bytes(r, utsname(), sizeof(*(utsname())));
 }