1
/*
2
 * hw_random/core.c: HWRNG core API
3
 *
4
 * Copyright 2006 Michael Buesch <[email protected]>
5
 * Copyright 2005 (c) MontaVista Software, Inc.
6
 *
7
 * Please read Documentation/admin-guide/hw_random.rst for details on use.
8
 *
9
 * This software may be used and distributed according to the terms
10
 * of the GNU General Public License, incorporated herein by reference.
11
 */
12

13
#include <linux/delay.h>
14
#include <linux/device.h>
15
#include <linux/err.h>
16
#include <linux/fs.h>
17
#include <linux/hw_random.h>
18
#include <linux/kernel.h>
19
#include <linux/kthread.h>
20
#include <linux/miscdevice.h>
21
#include <linux/module.h>
22
#include <linux/random.h>
23
#include <linux/sched.h>
24
#include <linux/sched/signal.h>
25
#include <linux/slab.h>
26
#include <linux/string.h>
27
#include <linux/uaccess.h>
28

29
#define RNG_MODULE_NAME		"hw_random"
30

31
#define RNG_BUFFER_SIZE (SMP_CACHE_BYTES < 32 ? 32 : SMP_CACHE_BYTES)
32

33
static struct hwrng *current_rng;
34
/* the current rng has been explicitly chosen by user via sysfs */
35
static int cur_rng_set_by_user;
36
static struct task_struct *hwrng_fill;
37
/* list of registered rngs */
38
static LIST_HEAD(rng_list);
39
/* Protects rng_list and current_rng */
40
static DEFINE_MUTEX(rng_mutex);
41
/* Protects rng read functions, data_avail, rng_buffer and rng_fillbuf */
42
static DEFINE_MUTEX(reading_mutex);
43
static int data_avail;
44
static u8 *rng_buffer, *rng_fillbuf;
45
static unsigned short current_quality;
46
static unsigned short default_quality = 1024; /* default to maximum */
47

48
module_param(current_quality, ushort, 0644);
49
MODULE_PARM_DESC(current_quality,
50
		 "current hwrng entropy estimation per 1024 bits of input -- obsolete, use rng_quality instead");
51
module_param(default_quality, ushort, 0644);
52
MODULE_PARM_DESC(default_quality,
53
		 "default maximum entropy content of hwrng per 1024 bits of input");
54

55
static void drop_current_rng(void);
56
static int hwrng_init(struct hwrng *rng);
57
static int hwrng_fillfn(void *unused);
58

59
static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size,
60
			       int wait);
61

62
static size_t rng_buffer_size(void)
63
{
64
	return RNG_BUFFER_SIZE;
65
}
66

67
static inline void cleanup_rng(struct kref *kref)
68
{
69
	struct hwrng *rng = container_of(kref, struct hwrng, ref);
70

71
	if (rng->cleanup)
72
		rng->cleanup(rng);
73

74
	complete(&rng->cleanup_done);
75
}
76

77
static int set_current_rng(struct hwrng *rng)
78
{
79
	int err;
80

81
	BUG_ON(!mutex_is_locked(&rng_mutex));
82

83
	err = hwrng_init(rng);
84
	if (err)
85
		return err;
86

87
	drop_current_rng();
88
	current_rng = rng;
89

90
	/* if necessary, start hwrng thread */
91
	if (!hwrng_fill) {
92
		hwrng_fill = kthread_run(hwrng_fillfn, NULL, "hwrng");
93
		if (IS_ERR(hwrng_fill)) {
94
			pr_err("hwrng_fill thread creation failed\n");
95
			hwrng_fill = NULL;
96
		}
97
	}
98

99
	return 0;
100
}
101

102
static void drop_current_rng(void)
103
{
104
	BUG_ON(!mutex_is_locked(&rng_mutex));
105
	if (!current_rng)
106
		return;
107

108
	/* decrease last reference for triggering the cleanup */
109
	kref_put(&current_rng->ref, cleanup_rng);
110
	current_rng = NULL;
111
}
112

113
/* Returns ERR_PTR(), NULL or refcounted hwrng */
114
static struct hwrng *get_current_rng_nolock(void)
115
{
116
	if (current_rng)
117
		kref_get(&current_rng->ref);
118

119
	return current_rng;
120
}
121

122
static struct hwrng *get_current_rng(void)
123
{
124
	struct hwrng *rng;
125

126
	if (mutex_lock_interruptible(&rng_mutex))
127
		return ERR_PTR(-ERESTARTSYS);
128

129
	rng = get_current_rng_nolock();
130

131
	mutex_unlock(&rng_mutex);
132
	return rng;
133
}
134

135
static void put_rng(struct hwrng *rng)
136
{
137
	/*
138
	 * Hold rng_mutex here so we serialize in case they set_current_rng
139
	 * on rng again immediately.
140
	 */
141
	mutex_lock(&rng_mutex);
142
	if (rng)
143
		kref_put(&rng->ref, cleanup_rng);
144
	mutex_unlock(&rng_mutex);
145
}
146

147
static int hwrng_init(struct hwrng *rng)
148
{
149
	if (kref_get_unless_zero(&rng->ref))
150
		goto skip_init;
151

152
	if (rng->init) {
153
		int ret;
154

155
		ret =  rng->init(rng);
156
		if (ret)
157
			return ret;
158
	}
159

160
	kref_init(&rng->ref);
161
	reinit_completion(&rng->cleanup_done);
162

163
skip_init:
164
	current_quality = rng->quality; /* obsolete */
165

166
	return 0;
167
}
168

169
static int rng_dev_open(struct inode *inode, struct file *filp)
170
{
171
	/* enforce read-only access to this chrdev */
172
	if ((filp->f_mode & FMODE_READ) == 0)
173
		return -EINVAL;
174
	if (filp->f_mode & FMODE_WRITE)
175
		return -EINVAL;
176
	return 0;
177
}
178

179
static inline int rng_get_data(struct hwrng *rng, u8 *buffer, size_t size,
180
			int wait) {
181
	int present;
182

183
	BUG_ON(!mutex_is_locked(&reading_mutex));
184
	if (rng->read) {
185
		int err;
186

187
		err = rng->read(rng, buffer, size, wait);
188
		if (WARN_ON_ONCE(err > 0 && err > size))
189
			err = size;
190

191
		return err;
192
	}
193

194
	if (rng->data_present)
195
		present = rng->data_present(rng, wait);
196
	else
197
		present = 1;
198

199
	if (present)
200
		return rng->data_read(rng, (u32 *)buffer);
201

202
	return 0;
203
}
204

205
static ssize_t rng_dev_read(struct file *filp, char __user *buf,
206
			    size_t size, loff_t *offp)
207
{
208
	u8 buffer[RNG_BUFFER_SIZE];
209
	ssize_t ret = 0;
210
	int err = 0;
211
	int bytes_read, len;
212
	struct hwrng *rng;
213

214
	while (size) {
215
		rng = get_current_rng();
216
		if (IS_ERR(rng)) {
217
			err = PTR_ERR(rng);
218
			goto out;
219
		}
220
		if (!rng) {
221
			err = -ENODEV;
222
			goto out;
223
		}
224

225
		if (mutex_lock_interruptible(&reading_mutex)) {
226
			err = -ERESTARTSYS;
227
			goto out_put;
228
		}
229
		if (!data_avail) {
230
			bytes_read = rng_get_data(rng, rng_buffer,
231
				rng_buffer_size(),
232
				!(filp->f_flags & O_NONBLOCK));
233
			if (bytes_read < 0) {
234
				err = bytes_read;
235
				goto out_unlock_reading;
236
			} else if (bytes_read == 0 &&
237
				   (filp->f_flags & O_NONBLOCK)) {
238
				err = -EAGAIN;
239
				goto out_unlock_reading;
240
			}
241

242
			data_avail = bytes_read;
243
		}
244

245
		len = data_avail;
246
		if (len) {
247
			if (len > size)
248
				len = size;
249

250
			data_avail -= len;
251

252
			memcpy(buffer, rng_buffer + data_avail, len);
253
		}
254
		mutex_unlock(&reading_mutex);
255
		put_rng(rng);
256

257
		if (len) {
258
			if (copy_to_user(buf + ret, buffer, len)) {
259
				err = -EFAULT;
260
				goto out;
261
			}
262

263
			size -= len;
264
			ret += len;
265
		}
266

267

268
		if (need_resched())
269
			schedule_timeout_interruptible(1);
270

271
		if (signal_pending(current)) {
272
			err = -ERESTARTSYS;
273
			goto out;
274
		}
275
	}
276
out:
277
	memzero_explicit(buffer, sizeof(buffer));
278
	return ret ? : err;
279

280
out_unlock_reading:
281
	mutex_unlock(&reading_mutex);
282
out_put:
283
	put_rng(rng);
284
	goto out;
285
}
286

287
static const struct file_operations rng_chrdev_ops = {
288
	.owner		= THIS_MODULE,
289
	.open		= rng_dev_open,
290
	.read		= rng_dev_read,
291
	.llseek		= noop_llseek,
292
};
293

294
static const struct attribute_group *rng_dev_groups[];
295

296
static struct miscdevice rng_miscdev = {
297
	.minor		= HWRNG_MINOR,
298
	.name		= RNG_MODULE_NAME,
299
	.nodename	= "hwrng",
300
	.fops		= &rng_chrdev_ops,
301
	.groups		= rng_dev_groups,
302
};
303

304
static int enable_best_rng(void)
305
{
306
	struct hwrng *rng, *new_rng = NULL;
307
	int ret = -ENODEV;
308

309
	BUG_ON(!mutex_is_locked(&rng_mutex));
310

311
	/* no rng to use? */
312
	if (list_empty(&rng_list)) {
313
		drop_current_rng();
314
		cur_rng_set_by_user = 0;
315
		return 0;
316
	}
317

318
	/* use the rng which offers the best quality */
319
	list_for_each_entry(rng, &rng_list, list) {
320
		if (!new_rng || rng->quality > new_rng->quality)
321
			new_rng = rng;
322
	}
323

324
	ret = ((new_rng == current_rng) ? 0 : set_current_rng(new_rng));
325
	if (!ret)
326
		cur_rng_set_by_user = 0;
327

328
	return ret;
329
}
330

331
static ssize_t rng_current_store(struct device *dev,
332
				 struct device_attribute *attr,
333
				 const char *buf, size_t len)
334
{
335
	int err;
336
	struct hwrng *rng, *new_rng;
337

338
	err = mutex_lock_interruptible(&rng_mutex);
339
	if (err)
340
		return -ERESTARTSYS;
341

342
	if (sysfs_streq(buf, "")) {
343
		err = enable_best_rng();
344
	} else if (sysfs_streq(buf, "none")) {
345
		cur_rng_set_by_user = 1;
346
		drop_current_rng();
347
	} else {
348
		list_for_each_entry(rng, &rng_list, list) {
349
			if (sysfs_streq(rng->name, buf)) {
350
				err = set_current_rng(rng);
351
				if (!err)
352
					cur_rng_set_by_user = 1;
353
				break;
354
			}
355
		}
356
	}
357
	new_rng = get_current_rng_nolock();
358
	mutex_unlock(&rng_mutex);
359

360
	if (new_rng)
361
		put_rng(new_rng);
362

363
	return err ? : len;
364
}
365

366
static ssize_t rng_current_show(struct device *dev,
367
				struct device_attribute *attr,
368
				char *buf)
369
{
370
	ssize_t ret;
371
	struct hwrng *rng;
372

373
	rng = get_current_rng();
374
	if (IS_ERR(rng))
375
		return PTR_ERR(rng);
376

377
	ret = sysfs_emit(buf, "%s\n", rng ? rng->name : "none");
378
	put_rng(rng);
379

380
	return ret;
381
}
382

383
static ssize_t rng_available_show(struct device *dev,
384
				  struct device_attribute *attr,
385
				  char *buf)
386
{
387
	int err;
388
	struct hwrng *rng;
389

390
	err = mutex_lock_interruptible(&rng_mutex);
391
	if (err)
392
		return -ERESTARTSYS;
393
	buf[0] = '\0';
394
	list_for_each_entry(rng, &rng_list, list) {
395
		strlcat(buf, rng->name, PAGE_SIZE);
396
		strlcat(buf, " ", PAGE_SIZE);
397
	}
398
	strlcat(buf, "none\n", PAGE_SIZE);
399
	mutex_unlock(&rng_mutex);
400

401
	return strlen(buf);
402
}
403

404
static ssize_t rng_selected_show(struct device *dev,
405
				 struct device_attribute *attr,
406
				 char *buf)
407
{
408
	return sysfs_emit(buf, "%d\n", cur_rng_set_by_user);
409
}
410

411
static ssize_t rng_quality_show(struct device *dev,
412
				struct device_attribute *attr,
413
				char *buf)
414
{
415
	ssize_t ret;
416
	struct hwrng *rng;
417

418
	rng = get_current_rng();
419
	if (IS_ERR(rng))
420
		return PTR_ERR(rng);
421

422
	if (!rng) /* no need to put_rng */
423
		return -ENODEV;
424

425
	ret = sysfs_emit(buf, "%hu\n", rng->quality);
426
	put_rng(rng);
427

428
	return ret;
429
}
430

431
static ssize_t rng_quality_store(struct device *dev,
432
				 struct device_attribute *attr,
433
				 const char *buf, size_t len)
434
{
435
	u16 quality;
436
	int ret = -EINVAL;
437

438
	if (len < 2)
439
		return -EINVAL;
440

441
	ret = mutex_lock_interruptible(&rng_mutex);
442
	if (ret)
443
		return -ERESTARTSYS;
444

445
	ret = kstrtou16(buf, 0, &quality);
446
	if (ret || quality > 1024) {
447
		ret = -EINVAL;
448
		goto out;
449
	}
450

451
	if (!current_rng) {
452
		ret = -ENODEV;
453
		goto out;
454
	}
455

456
	current_rng->quality = quality;
457
	current_quality = quality; /* obsolete */
458

459
	/* the best available RNG may have changed */
460
	ret = enable_best_rng();
461

462
out:
463
	mutex_unlock(&rng_mutex);
464
	return ret ? ret : len;
465
}
466

467
static DEVICE_ATTR_RW(rng_current);
468
static DEVICE_ATTR_RO(rng_available);
469
static DEVICE_ATTR_RO(rng_selected);
470
static DEVICE_ATTR_RW(rng_quality);
471

472
static struct attribute *rng_dev_attrs[] = {
473
	&dev_attr_rng_current.attr,
474
	&dev_attr_rng_available.attr,
475
	&dev_attr_rng_selected.attr,
476
	&dev_attr_rng_quality.attr,
477
	NULL
478
};
479

480
ATTRIBUTE_GROUPS(rng_dev);
481

482
static int hwrng_fillfn(void *unused)
483
{
484
	size_t entropy, entropy_credit = 0; /* in 1/1024 of a bit */
485
	long rc;
486

487
	while (!kthread_should_stop()) {
488
		unsigned short quality;
489
		struct hwrng *rng;
490

491
		rng = get_current_rng();
492
		if (IS_ERR(rng) || !rng)
493
			break;
494
		mutex_lock(&reading_mutex);
495
		rc = rng_get_data(rng, rng_fillbuf,
496
				  rng_buffer_size(), 1);
497
		if (current_quality != rng->quality)
498
			rng->quality = current_quality; /* obsolete */
499
		quality = rng->quality;
500
		mutex_unlock(&reading_mutex);
501

502
		if (rc <= 0)
503
			hwrng_msleep(rng, 10000);
504

505
		put_rng(rng);
506

507
		if (rc <= 0)
508
			continue;
509

510
		/* If we cannot credit at least one bit of entropy,
511
		 * keep track of the remainder for the next iteration
512
		 */
513
		entropy = rc * quality * 8 + entropy_credit;
514
		if ((entropy >> 10) == 0)
515
			entropy_credit = entropy;
516

517
		/* Outside lock, sure, but y'know: randomness. */
518
		add_hwgenerator_randomness((void *)rng_fillbuf, rc,
519
					   entropy >> 10, true);
520
	}
521
	hwrng_fill = NULL;
522
	return 0;
523
}
524

525
int hwrng_register(struct hwrng *rng)
526
{
527
	int err = -EINVAL;
528
	struct hwrng *tmp;
529

530
	if (!rng->name || (!rng->data_read && !rng->read))
531
		goto out;
532

533
	mutex_lock(&rng_mutex);
534

535
	/* Must not register two RNGs with the same name. */
536
	err = -EEXIST;
537
	list_for_each_entry(tmp, &rng_list, list) {
538
		if (strcmp(tmp->name, rng->name) == 0)
539
			goto out_unlock;
540
	}
541
	list_add_tail(&rng->list, &rng_list);
542

543
	init_completion(&rng->cleanup_done);
544
	complete(&rng->cleanup_done);
545
	init_completion(&rng->dying);
546

547
	/* Adjust quality field to always have a proper value */
548
	rng->quality = min3(default_quality, 1024, rng->quality ?: 1024);
549

550
	if (!cur_rng_set_by_user &&
551
	    (!current_rng || rng->quality > current_rng->quality)) {
552
		/*
553
		 * Set new rng as current as the new rng source
554
		 * provides better entropy quality and was not
555
		 * chosen by userspace.
556
		 */
557
		err = set_current_rng(rng);
558
		if (err)
559
			goto out_unlock;
560
	}
561
	mutex_unlock(&rng_mutex);
562
	return 0;
563
out_unlock:
564
	mutex_unlock(&rng_mutex);
565
out:
566
	return err;
567
}
568
EXPORT_SYMBOL_GPL(hwrng_register);
569

570
void hwrng_unregister(struct hwrng *rng)
571
{
572
	struct hwrng *new_rng;
573
	int err;
574

575
	mutex_lock(&rng_mutex);
576

577
	list_del(&rng->list);
578
	complete_all(&rng->dying);
579
	if (current_rng == rng) {
580
		err = enable_best_rng();
581
		if (err) {
582
			drop_current_rng();
583
			cur_rng_set_by_user = 0;
584
		}
585
	}
586

587
	new_rng = get_current_rng_nolock();
588
	if (list_empty(&rng_list)) {
589
		mutex_unlock(&rng_mutex);
590
		if (hwrng_fill)
591
			kthread_stop(hwrng_fill);
592
	} else
593
		mutex_unlock(&rng_mutex);
594

595
	if (new_rng)
596
		put_rng(new_rng);
597

598
	wait_for_completion(&rng->cleanup_done);
599
}
600
EXPORT_SYMBOL_GPL(hwrng_unregister);
601

602
static void devm_hwrng_release(struct device *dev, void *res)
603
{
604
	hwrng_unregister(*(struct hwrng **)res);
605
}
606

607
static int devm_hwrng_match(struct device *dev, void *res, void *data)
608
{
609
	struct hwrng **r = res;
610

611
	if (WARN_ON(!r || !*r))
612
		return 0;
613

614
	return *r == data;
615
}
616

617
int devm_hwrng_register(struct device *dev, struct hwrng *rng)
618
{
619
	struct hwrng **ptr;
620
	int error;
621

622
	ptr = devres_alloc(devm_hwrng_release, sizeof(*ptr), GFP_KERNEL);
623
	if (!ptr)
624
		return -ENOMEM;
625

626
	error = hwrng_register(rng);
627
	if (error) {
628
		devres_free(ptr);
629
		return error;
630
	}
631

632
	*ptr = rng;
633
	devres_add(dev, ptr);
634
	return 0;
635
}
636
EXPORT_SYMBOL_GPL(devm_hwrng_register);
637

638
void devm_hwrng_unregister(struct device *dev, struct hwrng *rng)
639
{
640
	devres_release(dev, devm_hwrng_release, devm_hwrng_match, rng);
641
}
642
EXPORT_SYMBOL_GPL(devm_hwrng_unregister);
643

644
long hwrng_msleep(struct hwrng *rng, unsigned int msecs)
645
{
646
	unsigned long timeout = msecs_to_jiffies(msecs) + 1;
647

648
	return wait_for_completion_interruptible_timeout(&rng->dying, timeout);
649
}
650
EXPORT_SYMBOL_GPL(hwrng_msleep);
651

652
long hwrng_yield(struct hwrng *rng)
653
{
654
	return wait_for_completion_interruptible_timeout(&rng->dying, 1);
655
}
656
EXPORT_SYMBOL_GPL(hwrng_yield);
657

658
static int __init hwrng_modinit(void)
659
{
660
	int ret;
661

662
	/* kmalloc makes this safe for virt_to_page() in virtio_rng.c */
663
	rng_buffer = kmalloc(rng_buffer_size(), GFP_KERNEL);
664
	if (!rng_buffer)
665
		return -ENOMEM;
666

667
	rng_fillbuf = kmalloc(rng_buffer_size(), GFP_KERNEL);
668
	if (!rng_fillbuf) {
669
		kfree(rng_buffer);
670
		return -ENOMEM;
671
	}
672

673
	ret = misc_register(&rng_miscdev);
674
	if (ret) {
675
		kfree(rng_fillbuf);
676
		kfree(rng_buffer);
677
	}
678

679
	return ret;
680
}
681

682
static void __exit hwrng_modexit(void)
683
{
684
	mutex_lock(&rng_mutex);
685
	BUG_ON(current_rng);
686
	kfree(rng_buffer);
687
	kfree(rng_fillbuf);
688
	mutex_unlock(&rng_mutex);
689

690
	misc_deregister(&rng_miscdev);
691
}
692

693
fs_initcall(hwrng_modinit); /* depends on misc_register() */
694
module_exit(hwrng_modexit);
695

696
MODULE_DESCRIPTION("H/W Random Number Generator (RNG) driver");
697
MODULE_LICENSE("GPL");
698

699