1 /* 2 * hw_random/core.c: HWRNG core API 3 * 4 * Copyright 2006 Michael Buesch <m@bues.ch> 5 * Copyright 2005 (c) MontaVista Software, Inc. 6 * 7 * Please read Documentation/admin-guide/hw_random.rst for details on use. 8 * 9 * This software may be used and distributed according to the terms 10 * of the GNU General Public License, incorporated herein by reference. 11 */ 12 13 #include <linux/delay.h> 14 #include <linux/device.h> 15 #include <linux/err.h> 16 #include <linux/fs.h> 17 #include <linux/hw_random.h> 18 #include <linux/kernel.h> 19 #include <linux/kthread.h> 20 #include <linux/miscdevice.h> 21 #include <linux/module.h> 22 #include <linux/random.h> 23 #include <linux/sched.h> 24 #include <linux/sched/signal.h> 25 #include <linux/slab.h> 26 #include <linux/string.h> 27 #include <linux/uaccess.h> 28 29 #define RNG_MODULE_NAME "hw_random" 30 31 #define RNG_BUFFER_SIZE (SMP_CACHE_BYTES < 32 ? 32 : SMP_CACHE_BYTES) 32 33 static struct hwrng *current_rng; 34 /* the current rng has been explicitly chosen by user via sysfs */ 35 static int cur_rng_set_by_user; 36 static struct task_struct *hwrng_fill; 37 /* list of registered rngs */ 38 static LIST_HEAD(rng_list); 39 /* Protects rng_list and current_rng */ 40 static DEFINE_MUTEX(rng_mutex); 41 /* Protects rng read functions, data_avail, rng_buffer and rng_fillbuf */ 42 static DEFINE_MUTEX(reading_mutex); 43 static int data_avail; 44 static u8 *rng_buffer, *rng_fillbuf; 45 static unsigned short current_quality; 46 static unsigned short default_quality = 1024; /* default to maximum */ 47 48 module_param(current_quality, ushort, 0644); 49 MODULE_PARM_DESC(current_quality, 50 "current hwrng entropy estimation per 1024 bits of input -- obsolete, use rng_quality instead"); 51 module_param(default_quality, ushort, 0644); 52 MODULE_PARM_DESC(default_quality, 53 "default maximum entropy content of hwrng per 1024 bits of input"); 54 55 static void drop_current_rng(void); 56 static int hwrng_init(struct hwrng *rng); 57 static int hwrng_fillfn(void *unused); 58 59 static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size, 60 int wait); 61 62 static size_t rng_buffer_size(void) 63 { 64 return RNG_BUFFER_SIZE; 65 } 66 67 static inline void cleanup_rng(struct kref *kref) 68 { 69 struct hwrng *rng = container_of(kref, struct hwrng, ref); 70 71 if (rng->cleanup) 72 rng->cleanup(rng); 73 74 complete(&rng->cleanup_done); 75 } 76 77 static int set_current_rng(struct hwrng *rng) 78 { 79 int err; 80 81 BUG_ON(!mutex_is_locked(&rng_mutex)); 82 83 err = hwrng_init(rng); 84 if (err) 85 return err; 86 87 drop_current_rng(); 88 current_rng = rng; 89 90 /* if necessary, start hwrng thread */ 91 if (!hwrng_fill) { 92 hwrng_fill = kthread_run(hwrng_fillfn, NULL, "hwrng"); 93 if (IS_ERR(hwrng_fill)) { 94 pr_err("hwrng_fill thread creation failed\n"); 95 hwrng_fill = NULL; 96 } 97 } 98 99 return 0; 100 } 101 102 static void drop_current_rng(void) 103 { 104 BUG_ON(!mutex_is_locked(&rng_mutex)); 105 if (!current_rng) 106 return; 107 108 /* decrease last reference for triggering the cleanup */ 109 kref_put(¤t_rng->ref, cleanup_rng); 110 current_rng = NULL; 111 } 112 113 /* Returns ERR_PTR(), NULL or refcounted hwrng */ 114 static struct hwrng *get_current_rng_nolock(void) 115 { 116 if (current_rng) 117 kref_get(¤t_rng->ref); 118 119 return current_rng; 120 } 121 122 static struct hwrng *get_current_rng(void) 123 { 124 struct hwrng *rng; 125 126 if (mutex_lock_interruptible(&rng_mutex)) 127 return ERR_PTR(-ERESTARTSYS); 128 129 rng = get_current_rng_nolock(); 130 131 mutex_unlock(&rng_mutex); 132 return rng; 133 } 134 135 static void put_rng(struct hwrng *rng) 136 { 137 /* 138 * Hold rng_mutex here so we serialize in case they set_current_rng 139 * on rng again immediately. 140 */ 141 mutex_lock(&rng_mutex); 142 if (rng) 143 kref_put(&rng->ref, cleanup_rng); 144 mutex_unlock(&rng_mutex); 145 } 146 147 static int hwrng_init(struct hwrng *rng) 148 { 149 if (kref_get_unless_zero(&rng->ref)) 150 goto skip_init; 151 152 if (rng->init) { 153 int ret; 154 155 ret = rng->init(rng); 156 if (ret) 157 return ret; 158 } 159 160 kref_init(&rng->ref); 161 reinit_completion(&rng->cleanup_done); 162 163 skip_init: 164 rng->quality = min_t(u16, min_t(u16, default_quality, 1024), rng->quality ?: 1024); 165 current_quality = rng->quality; /* obsolete */ 166 167 return 0; 168 } 169 170 static int rng_dev_open(struct inode *inode, struct file *filp) 171 { 172 /* enforce read-only access to this chrdev */ 173 if ((filp->f_mode & FMODE_READ) == 0) 174 return -EINVAL; 175 if (filp->f_mode & FMODE_WRITE) 176 return -EINVAL; 177 return 0; 178 } 179 180 static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size, 181 int wait) { 182 int present; 183 184 BUG_ON(!mutex_is_locked(&reading_mutex)); 185 if (rng->read) 186 return rng->read(rng, (void *)buffer, size, wait); 187 188 if (rng->data_present) 189 present = rng->data_present(rng, wait); 190 else 191 present = 1; 192 193 if (present) 194 return rng->data_read(rng, (u32 *)buffer); 195 196 return 0; 197 } 198 199 static ssize_t rng_dev_read(struct file *filp, char __user *buf, 200 size_t size, loff_t *offp) 201 { 202 u8 buffer[RNG_BUFFER_SIZE]; 203 ssize_t ret = 0; 204 int err = 0; 205 int bytes_read, len; 206 struct hwrng *rng; 207 208 while (size) { 209 rng = get_current_rng(); 210 if (IS_ERR(rng)) { 211 err = PTR_ERR(rng); 212 goto out; 213 } 214 if (!rng) { 215 err = -ENODEV; 216 goto out; 217 } 218 219 if (mutex_lock_interruptible(&reading_mutex)) { 220 err = -ERESTARTSYS; 221 goto out_put; 222 } 223 if (!data_avail) { 224 bytes_read = rng_get_data(rng, rng_buffer, 225 rng_buffer_size(), 226 !(filp->f_flags & O_NONBLOCK)); 227 if (bytes_read < 0) { 228 err = bytes_read; 229 goto out_unlock_reading; 230 } else if (bytes_read == 0 && 231 (filp->f_flags & O_NONBLOCK)) { 232 err = -EAGAIN; 233 goto out_unlock_reading; 234 } 235 236 data_avail = bytes_read; 237 } 238 239 len = data_avail; 240 if (len) { 241 if (len > size) 242 len = size; 243 244 data_avail -= len; 245 246 memcpy(buffer, rng_buffer + data_avail, len); 247 } 248 mutex_unlock(&reading_mutex); 249 put_rng(rng); 250 251 if (len) { 252 if (copy_to_user(buf + ret, buffer, len)) { 253 err = -EFAULT; 254 goto out; 255 } 256 257 size -= len; 258 ret += len; 259 } 260 261 262 if (need_resched()) 263 schedule_timeout_interruptible(1); 264 265 if (signal_pending(current)) { 266 err = -ERESTARTSYS; 267 goto out; 268 } 269 } 270 out: 271 memzero_explicit(buffer, sizeof(buffer)); 272 return ret ? : err; 273 274 out_unlock_reading: 275 mutex_unlock(&reading_mutex); 276 out_put: 277 put_rng(rng); 278 goto out; 279 } 280 281 static const struct file_operations rng_chrdev_ops = { 282 .owner = THIS_MODULE, 283 .open = rng_dev_open, 284 .read = rng_dev_read, 285 .llseek = noop_llseek, 286 }; 287 288 static const struct attribute_group *rng_dev_groups[]; 289 290 static struct miscdevice rng_miscdev = { 291 .minor = HWRNG_MINOR, 292 .name = RNG_MODULE_NAME, 293 .nodename = "hwrng", 294 .fops = &rng_chrdev_ops, 295 .groups = rng_dev_groups, 296 }; 297 298 static int enable_best_rng(void) 299 { 300 struct hwrng *rng, *new_rng = NULL; 301 int ret = -ENODEV; 302 303 BUG_ON(!mutex_is_locked(&rng_mutex)); 304 305 /* no rng to use? */ 306 if (list_empty(&rng_list)) { 307 drop_current_rng(); 308 cur_rng_set_by_user = 0; 309 return 0; 310 } 311 312 /* use the rng which offers the best quality */ 313 list_for_each_entry(rng, &rng_list, list) { 314 if (!new_rng || rng->quality > new_rng->quality) 315 new_rng = rng; 316 } 317 318 ret = ((new_rng == current_rng) ? 0 : set_current_rng(new_rng)); 319 if (!ret) 320 cur_rng_set_by_user = 0; 321 322 return ret; 323 } 324 325 static ssize_t rng_current_store(struct device *dev, 326 struct device_attribute *attr, 327 const char *buf, size_t len) 328 { 329 int err; 330 struct hwrng *rng, *new_rng; 331 332 err = mutex_lock_interruptible(&rng_mutex); 333 if (err) 334 return -ERESTARTSYS; 335 336 if (sysfs_streq(buf, "")) { 337 err = enable_best_rng(); 338 } else { 339 list_for_each_entry(rng, &rng_list, list) { 340 if (sysfs_streq(rng->name, buf)) { 341 err = set_current_rng(rng); 342 if (!err) 343 cur_rng_set_by_user = 1; 344 break; 345 } 346 } 347 } 348 new_rng = get_current_rng_nolock(); 349 mutex_unlock(&rng_mutex); 350 351 if (new_rng) 352 put_rng(new_rng); 353 354 return err ? : len; 355 } 356 357 static ssize_t rng_current_show(struct device *dev, 358 struct device_attribute *attr, 359 char *buf) 360 { 361 ssize_t ret; 362 struct hwrng *rng; 363 364 rng = get_current_rng(); 365 if (IS_ERR(rng)) 366 return PTR_ERR(rng); 367 368 ret = sysfs_emit(buf, "%s\n", rng ? rng->name : "none"); 369 put_rng(rng); 370 371 return ret; 372 } 373 374 static ssize_t rng_available_show(struct device *dev, 375 struct device_attribute *attr, 376 char *buf) 377 { 378 int err; 379 struct hwrng *rng; 380 381 err = mutex_lock_interruptible(&rng_mutex); 382 if (err) 383 return -ERESTARTSYS; 384 buf[0] = '\0'; 385 list_for_each_entry(rng, &rng_list, list) { 386 strlcat(buf, rng->name, PAGE_SIZE); 387 strlcat(buf, " ", PAGE_SIZE); 388 } 389 strlcat(buf, "\n", PAGE_SIZE); 390 mutex_unlock(&rng_mutex); 391 392 return strlen(buf); 393 } 394 395 static ssize_t rng_selected_show(struct device *dev, 396 struct device_attribute *attr, 397 char *buf) 398 { 399 return sysfs_emit(buf, "%d\n", cur_rng_set_by_user); 400 } 401 402 static ssize_t rng_quality_show(struct device *dev, 403 struct device_attribute *attr, 404 char *buf) 405 { 406 ssize_t ret; 407 struct hwrng *rng; 408 409 rng = get_current_rng(); 410 if (IS_ERR(rng)) 411 return PTR_ERR(rng); 412 413 if (!rng) /* no need to put_rng */ 414 return -ENODEV; 415 416 ret = sysfs_emit(buf, "%hu\n", rng->quality); 417 put_rng(rng); 418 419 return ret; 420 } 421 422 static ssize_t rng_quality_store(struct device *dev, 423 struct device_attribute *attr, 424 const char *buf, size_t len) 425 { 426 u16 quality; 427 int ret = -EINVAL; 428 429 if (len < 2) 430 return -EINVAL; 431 432 ret = mutex_lock_interruptible(&rng_mutex); 433 if (ret) 434 return -ERESTARTSYS; 435 436 ret = kstrtou16(buf, 0, &quality); 437 if (ret || quality > 1024) { 438 ret = -EINVAL; 439 goto out; 440 } 441 442 if (!current_rng) { 443 ret = -ENODEV; 444 goto out; 445 } 446 447 current_rng->quality = quality; 448 current_quality = quality; /* obsolete */ 449 450 /* the best available RNG may have changed */ 451 ret = enable_best_rng(); 452 453 out: 454 mutex_unlock(&rng_mutex); 455 return ret ? ret : len; 456 } 457 458 static DEVICE_ATTR_RW(rng_current); 459 static DEVICE_ATTR_RO(rng_available); 460 static DEVICE_ATTR_RO(rng_selected); 461 static DEVICE_ATTR_RW(rng_quality); 462 463 static struct attribute *rng_dev_attrs[] = { 464 &dev_attr_rng_current.attr, 465 &dev_attr_rng_available.attr, 466 &dev_attr_rng_selected.attr, 467 &dev_attr_rng_quality.attr, 468 NULL 469 }; 470 471 ATTRIBUTE_GROUPS(rng_dev); 472 473 static void __exit unregister_miscdev(void) 474 { 475 misc_deregister(&rng_miscdev); 476 } 477 478 static int __init register_miscdev(void) 479 { 480 return misc_register(&rng_miscdev); 481 } 482 483 static int hwrng_fillfn(void *unused) 484 { 485 size_t entropy, entropy_credit = 0; /* in 1/1024 of a bit */ 486 long rc; 487 488 while (!kthread_should_stop()) { 489 unsigned short quality; 490 struct hwrng *rng; 491 492 rng = get_current_rng(); 493 if (IS_ERR(rng) || !rng) 494 break; 495 mutex_lock(&reading_mutex); 496 rc = rng_get_data(rng, rng_fillbuf, 497 rng_buffer_size(), 1); 498 if (current_quality != rng->quality) 499 rng->quality = current_quality; /* obsolete */ 500 quality = rng->quality; 501 mutex_unlock(&reading_mutex); 502 503 if (rc <= 0) 504 hwrng_msleep(rng, 10000); 505 506 put_rng(rng); 507 508 if (rc <= 0) 509 continue; 510 511 /* If we cannot credit at least one bit of entropy, 512 * keep track of the remainder for the next iteration 513 */ 514 entropy = rc * quality * 8 + entropy_credit; 515 if ((entropy >> 10) == 0) 516 entropy_credit = entropy; 517 518 /* Outside lock, sure, but y'know: randomness. */ 519 add_hwgenerator_randomness((void *)rng_fillbuf, rc, 520 entropy >> 10, true); 521 } 522 hwrng_fill = NULL; 523 return 0; 524 } 525 526 int hwrng_register(struct hwrng *rng) 527 { 528 int err = -EINVAL; 529 struct hwrng *tmp; 530 531 if (!rng->name || (!rng->data_read && !rng->read)) 532 goto out; 533 534 mutex_lock(&rng_mutex); 535 536 /* Must not register two RNGs with the same name. */ 537 err = -EEXIST; 538 list_for_each_entry(tmp, &rng_list, list) { 539 if (strcmp(tmp->name, rng->name) == 0) 540 goto out_unlock; 541 } 542 list_add_tail(&rng->list, &rng_list); 543 544 init_completion(&rng->cleanup_done); 545 complete(&rng->cleanup_done); 546 init_completion(&rng->dying); 547 548 if (!current_rng || 549 (!cur_rng_set_by_user && rng->quality > current_rng->quality)) { 550 /* 551 * Set new rng as current as the new rng source 552 * provides better entropy quality and was not 553 * chosen by userspace. 554 */ 555 err = set_current_rng(rng); 556 if (err) 557 goto out_unlock; 558 } 559 mutex_unlock(&rng_mutex); 560 return 0; 561 out_unlock: 562 mutex_unlock(&rng_mutex); 563 out: 564 return err; 565 } 566 EXPORT_SYMBOL_GPL(hwrng_register); 567 568 void hwrng_unregister(struct hwrng *rng) 569 { 570 struct hwrng *new_rng; 571 int err; 572 573 mutex_lock(&rng_mutex); 574 575 list_del(&rng->list); 576 complete_all(&rng->dying); 577 if (current_rng == rng) { 578 err = enable_best_rng(); 579 if (err) { 580 drop_current_rng(); 581 cur_rng_set_by_user = 0; 582 } 583 } 584 585 new_rng = get_current_rng_nolock(); 586 if (list_empty(&rng_list)) { 587 mutex_unlock(&rng_mutex); 588 if (hwrng_fill) 589 kthread_stop(hwrng_fill); 590 } else 591 mutex_unlock(&rng_mutex); 592 593 if (new_rng) 594 put_rng(new_rng); 595 596 wait_for_completion(&rng->cleanup_done); 597 } 598 EXPORT_SYMBOL_GPL(hwrng_unregister); 599 600 static void devm_hwrng_release(struct device *dev, void *res) 601 { 602 hwrng_unregister(*(struct hwrng **)res); 603 } 604 605 static int devm_hwrng_match(struct device *dev, void *res, void *data) 606 { 607 struct hwrng **r = res; 608 609 if (WARN_ON(!r || !*r)) 610 return 0; 611 612 return *r == data; 613 } 614 615 int devm_hwrng_register(struct device *dev, struct hwrng *rng) 616 { 617 struct hwrng **ptr; 618 int error; 619 620 ptr = devres_alloc(devm_hwrng_release, sizeof(*ptr), GFP_KERNEL); 621 if (!ptr) 622 return -ENOMEM; 623 624 error = hwrng_register(rng); 625 if (error) { 626 devres_free(ptr); 627 return error; 628 } 629 630 *ptr = rng; 631 devres_add(dev, ptr); 632 return 0; 633 } 634 EXPORT_SYMBOL_GPL(devm_hwrng_register); 635 636 void devm_hwrng_unregister(struct device *dev, struct hwrng *rng) 637 { 638 devres_release(dev, devm_hwrng_release, devm_hwrng_match, rng); 639 } 640 EXPORT_SYMBOL_GPL(devm_hwrng_unregister); 641 642 long hwrng_msleep(struct hwrng *rng, unsigned int msecs) 643 { 644 unsigned long timeout = msecs_to_jiffies(msecs) + 1; 645 646 return wait_for_completion_interruptible_timeout(&rng->dying, timeout); 647 } 648 EXPORT_SYMBOL_GPL(hwrng_msleep); 649 650 long hwrng_yield(struct hwrng *rng) 651 { 652 return wait_for_completion_interruptible_timeout(&rng->dying, 1); 653 } 654 EXPORT_SYMBOL_GPL(hwrng_yield); 655 656 static int __init hwrng_modinit(void) 657 { 658 int ret; 659 660 /* kmalloc makes this safe for virt_to_page() in virtio_rng.c */ 661 rng_buffer = kmalloc(rng_buffer_size(), GFP_KERNEL); 662 if (!rng_buffer) 663 return -ENOMEM; 664 665 rng_fillbuf = kmalloc(rng_buffer_size(), GFP_KERNEL); 666 if (!rng_fillbuf) { 667 kfree(rng_buffer); 668 return -ENOMEM; 669 } 670 671 ret = register_miscdev(); 672 if (ret) { 673 kfree(rng_fillbuf); 674 kfree(rng_buffer); 675 } 676 677 return ret; 678 } 679 680 static void __exit hwrng_modexit(void) 681 { 682 mutex_lock(&rng_mutex); 683 BUG_ON(current_rng); 684 kfree(rng_buffer); 685 kfree(rng_fillbuf); 686 mutex_unlock(&rng_mutex); 687 688 unregister_miscdev(); 689 } 690 691 fs_initcall(hwrng_modinit); /* depends on misc_register() */ 692 module_exit(hwrng_modexit); 693 694 MODULE_DESCRIPTION("H/W Random Number Generator (RNG) driver"); 695 MODULE_LICENSE("GPL"); 696