From fab892232e275e4e9351a50d018c0a9513155814 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Wed, 6 May 2009 17:17:26 +0100 Subject: vt: Add a note on the historical abuse of CLOCK_TICK_RATE This is one area where we can't just magic away the bizarre use of CLOCK_TICK_RATE as it leaks to user space APIs. It also means the visible CLOCK_TICK_RATE is frozen for architectures which is horrible. We need to fix this somehow Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds --- drivers/char/vt_ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'drivers/char') diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c index a2dee0eb6da..e6ce632a393 100644 --- a/drivers/char/vt_ioctl.c +++ b/drivers/char/vt_ioctl.c @@ -400,6 +400,9 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, case KIOCSOUND: if (!perm) goto eperm; + /* FIXME: This is an old broken API but we need to keep it + supported and somehow separate the historic advertised + tick rate from any real one */ if (arg) arg = CLOCK_TICK_RATE / arg; kd_mksound(arg, 0); @@ -417,6 +420,9 @@ int vt_ioctl(struct tty_struct *tty, struct file * file, */ ticks = HZ * ((arg >> 16) & 0xffff) / 1000; count = ticks ? (arg & 0xffff) : 0; + /* FIXME: This is an old broken API but we need to keep it + supported and somehow separate the historic advertised + tick rate from any real one */ if (count) count = CLOCK_TICK_RATE / count; kd_mksound(count, ticks); -- cgit v1.2.3 From 8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Tue, 5 May 2009 08:17:43 -0700 Subject: random: make get_random_int() more random It's a really simple patch that basically just open-codes the current "secure_ip_id()" call, but when open-coding it we now use a _static_ hashing area, so that it gets updated every time. And to make sure somebody can't just start from the same original seed of all-zeroes, and then do the "half_md4_transform()" over and over until they get the same sequence as the kernel has, each iteration also mixes in the same old "current->pid + jiffies" we used - so we should now have a regular strong pseudo-number generator, but we also have one that doesn't have a single seed. Note: the "pid + jiffies" is just meant to be a tiny tiny bit of noise. It has no real meaning. It could be anything. I just picked the previous seed, it's just that now we keep the state in between calls and that will feed into the next result, and that should make all the difference. I made that hash be a per-cpu data just to avoid cache-line ping-pong: having multiple CPU's write to the same data would be fine for randomness, and add yet another layer of chaos to it, but since get_random_int() is supposed to be a fast interface I did it that way instead. I considered using "__raw_get_cpu_var()" to avoid any preemption overhead while still getting the hash be _mostly_ ping-pong free, but in the end good taste won out. Signed-off-by: Ingo Molnar Signed-off-by: Linus Torvalds --- drivers/char/random.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'drivers/char') diff --git a/drivers/char/random.c b/drivers/char/random.c index f824ef8a927..b2ced39d76b 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1665,15 +1665,20 @@ EXPORT_SYMBOL(secure_dccp_sequence_number); * value is not cryptographically secure but for several uses the cost of * depleting entropy is too high */ +DEFINE_PER_CPU(__u32 [4], get_random_int_hash); unsigned int get_random_int(void) { - /* - * Use IP's RNG. It suits our purpose perfectly: it re-keys itself - * every second, from the entropy pool (and thus creates a limited - * drain on it), and uses halfMD4Transform within the second. We - * also mix it with jiffies and the PID: - */ - return secure_ip_id((__force __be32)(current->pid + jiffies)); + struct keydata *keyptr; + __u32 *hash = get_cpu_var(get_random_int_hash); + int ret; + + keyptr = get_keyptr(); + hash[0] += current->pid + jiffies + get_cycles() + (int)(long)&ret; + + ret = half_md4_transform(hash, keyptr->secret); + put_cpu_var(get_random_int_hash); + + return ret; } /* -- cgit v1.2.3