On Sat, 2012-07-07 at 21:41 -0400, Theodore Ts'o wrote: > On Sun, Jul 08, 2012 at 02:06:46AM +0100, Ben Hutchings wrote: > > > > Surely the number of random bytes being added is i * sizeof(long), not > > sizeof(u.hwrand)? > > > > Meh; Kees Cook has made the same observation. Basically, in the > unlikely case where RDRAND fails, we'll end up mixing in stack > garbage. It's not a security vulnerability, since the contents of the > entropy pool never gets exposed. In fact, one could argue that mixing > in some unknown garbage from the kernel stack might actually help a > little; but it can't hurt.
Sorry, I realised after reading further that there's no entropy being credited. However, I expect that kmemcheck will complain unless you limit the used length or call kmemcheck_mark_initialized(). Ben. -- Ben Hutchings Life would be so much easier if we could look at the source code.
signature.asc
Description: This is a digitally signed message part
