> @@ -1826,7 +1830,9 @@ _random_read(int nonblock, char __user *buf, size_t
> nbytes)
>
> nbytes = min_t(size_t, nbytes, SEC_XFER_SIZE);
> while (1) {
> - n = extract_entropy_user(&blocking_pool, buf, nbytes);
> + n = input_pool.initialized
> + ? extract_entropy_user(&blocking_pool, buf, nbytes)
Aehm, sorry, now I see this creates a race condition with this code here, since
this the crng_reseed here also tries to read from the input_pool,
but input_pool.initialized is already true:
if (crng_init < 2 && entropy_bits >= 128) {
crng_reseed(&primary_crng, r);
entropy_bits = r->entropy_count >> ENTROPY_SHIFT;
I was able to get a system in this behavior by running 3 instances of
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
int main()
{
int f = open("/dev/random", O_NDELAY);
if (f<0) return 1;
for(;;)
{
unsigned char buf[16];
int x = read(f, buf, sizeof(buf));
if (x>=0)
{
int i;
printf("read %d bytes: ", x);
for (i=0; i<x; i++) printf("%02x ", buf[i]);
printf("\n");
}
}
}
and it managed to steal the entropy away,
before the crng_reseed was able to run.
So I think I will have to change this condition to:
> + n = input_pool.initialized && crng_ready()
> + ? extract_entropy_user(&blocking_pool, buf, nbytes)
Thanks (for your patience :-)
Bernd.
