Re: drivers/char/random.c: more ruminations

[Theodore Ts'o]

On Tue, Jun 10, 2014 at 11:58:06PM -0400, George Spelvin wrote:
> You can forbid underflows, but the code doesn't forbid overflows.
> 
> 1. Assume the entropy count starts at 512 bytes (input pool full)
> 2. Random writer mixes in 20 bytes of entropy into the input pool.
> 2a. Input pool entropy is, however, capped at 512 bytes.
> 3. Random extractor extracts 32 bytes of entropy from the pool.
>    Succeeds because 32 < 512.  Pool is left with 480 bytes of
>    entropy.
> 3a. Random extractor decrements pool entropy estimate to 480 bytes.
>     This is accurate.
> 4. Random writer credits pool with 20 bytes of entropy.
> 5. Input pool entropy is now 480 bytes, estimate is 500 bytes.

Good point, that's a potential problem, although messing up the
accounting betewen 480 and 500 bytes is not nearly as bad as messing
up 0 and 20.

It's not something where if the changes required massive changes, that
I'd necessarily feel the need to backport them to stable.  It's a
certificational weakness, but it's a not disaster.

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/