random: use hwgenerator randomness more frequently at early boot

Mix in randomness from hw-rng sources more frequently during early
boot, approximately once for every rng reseed.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index c8cc235..16e0c5f 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -260,25 +260,23 @@ static void crng_fast_key_erasure(u8 key[CHACHA_KEY_SIZE],
 }
 
 /*
- * Return whether the crng seed is considered to be sufficiently old
- * that a reseeding is needed. This happens if the last reseeding
- * was CRNG_RESEED_INTERVAL ago, or during early boot, at an interval
+ * Return the interval until the next reseeding, which is normally
+ * CRNG_RESEED_INTERVAL, but during early boot, it is at an interval
  * proportional to the uptime.
  */
-static bool crng_has_old_seed(void)
+static unsigned int crng_reseed_interval(void)
 {
        static bool early_boot = true;
-       unsigned long interval = CRNG_RESEED_INTERVAL;
 
        if (unlikely(READ_ONCE(early_boot))) {
                time64_t uptime = ktime_get_seconds();
                if (uptime >= CRNG_RESEED_INTERVAL / HZ * 2)
                        WRITE_ONCE(early_boot, false);
                else
-                       interval = max_t(unsigned int, CRNG_RESEED_START_INTERVAL,
-                                        (unsigned int)uptime / 2 * HZ);
+                       return max_t(unsigned int, CRNG_RESEED_START_INTERVAL,
+                                    (unsigned int)uptime / 2 * HZ);
        }
-       return time_is_before_jiffies(READ_ONCE(base_crng.birth) + interval);
+       return CRNG_RESEED_INTERVAL;
 }
 
 /*
@@ -320,7 +318,7 @@ static void crng_make_state(u32 chacha_state[CHACHA_STATE_WORDS],
         * If the base_crng is old enough, we reseed, which in turn bumps the
         * generation counter that we check below.
         */
-       if (unlikely(crng_has_old_seed()))
+       if (unlikely(time_is_before_jiffies(READ_ONCE(base_crng.birth) + crng_reseed_interval())))
                crng_reseed();
 
        local_lock_irqsave(&crngs.lock, flags);
@@ -866,11 +864,11 @@ void add_hwgenerator_randomness(const void *buf, size_t len, size_t entropy)
        credit_init_bits(entropy);
 
        /*
-        * Throttle writing to once every CRNG_RESEED_INTERVAL, unless
-        * we're not yet initialized.
+        * Throttle writing to once every reseed interval, unless we're not yet
+        * initialized.
         */
        if (!kthread_should_stop() && crng_ready())
-               schedule_timeout_interruptible(CRNG_RESEED_INTERVAL);
+               schedule_timeout_interruptible(crng_reseed_interval());
 }
 EXPORT_SYMBOL_GPL(add_hwgenerator_randomness);