random: add GRND_INSECURE to return best-effort non-cryptographic bytes

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Link: https://lore.kernel.org/r/d5473b56cf1fa900ca4bd2b3fc1e5b8874399919.1577088521.git.luto@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 91954c0091a51c7c14f63266447dd0b74f5cebdc..b7e2ad7eafcaf23f4f28ef08f0ce656884401354 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -2194,7 +2194,14 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count,
 {
        int ret;
 
-       if (flags & ~(GRND_NONBLOCK|GRND_RANDOM))
+       if (flags & ~(GRND_NONBLOCK|GRND_RANDOM|GRND_INSECURE))
+               return -EINVAL;
+
+       /*
+        * Requesting insecure and blocking randomness at the same time makes
+        * no sense.
+        */
+       if ((flags & (GRND_INSECURE|GRND_RANDOM)) == (GRND_INSECURE|GRND_RANDOM))
                return -EINVAL;
 
        if (count > INT_MAX)
@@ -2203,7 +2210,7 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count,
        if (flags & GRND_RANDOM)
                return _random_read(flags & GRND_NONBLOCK, buf, count);
 
-       if (!crng_ready()) {
+       if (!(flags & GRND_INSECURE) && !crng_ready()) {
                if (flags & GRND_NONBLOCK)
                        return -EAGAIN;
                ret = wait_for_random_bytes();

diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h
index 26ee91300e3ecbb2d5f8c18db6231343c09944bd..c092d20088d3b4e156fe6be74bd492b3e3055ec3 100644 (file)
--- a/include/uapi/linux/random.h
+++ b/include/uapi/linux/random.h
@@ -49,8 +49,10 @@ struct rand_pool_info {
  *
  * GRND_NONBLOCK       Don't block and return EAGAIN instead
  * GRND_RANDOM         Use the /dev/random pool instead of /dev/urandom
+ * GRND_INSECURE       Return non-cryptographic random bytes
  */
 #define GRND_NONBLOCK  0x0001
 #define GRND_RANDOM    0x0002
+#define GRND_INSECURE  0x0004
 
 #endif /* _UAPI_LINUX_RANDOM_H */