hwrng: core - treat default_quality as a maximum and default to 1024

Most hw_random devices return entropy which is assumed to be of full
quality, but driver authors don't bother setting the quality knob. Some
hw_random devices return less than full quality entropy, and then driver
authors set the quality knob. Therefore, the entropy crediting should be
opt-out rather than opt-in per-driver, to reflect the actual reality on
the ground.

For example, the two Raspberry Pi RNG drivers produce full entropy
randomness, and both EDK2 and U-Boot's drivers for these treat them as
such. The result is that EFI then uses these numbers and passes the to
Linux, and Linux credits them as boot, thereby initializing the RNG.
Yet, in Linux, the quality knob was never set to anything, and so on the
chance that Linux is booted without EFI, nothing is ever credited.
That's annoying.

The same pattern appears to repeat itself throughout various drivers. In
fact, very very few drivers have bothered setting quality=1024.

Looking at the git history of existing drivers and corresponding mailing
list discussion, this conclusion tracks. There's been a decent amount of
discussion about drivers that set quality < 1024 -- somebody read and
interepreted a datasheet, or made some back of the envelope calculation
somehow. But there's been very little, if any, discussion about most
drivers where the quality is just set to 1024 or unset (or set to 1000
when the authors misunderstood the API and assumed it was base-10 rather
than base-2); in both cases the intent was fairly clear of, "this is a
hardware random device; it's fine."

So let's invert this logic. A hw_random struct's quality knob now
controls the maximum quality a driver can produce, or 0 to specify 1024.
Then, the module-wide switch called "default_quality" is changed to
represent the maximum quality of any driver. By default it's 1024, and
the quality of any particular driver is then given by:

min(default_quality, rng->quality ?: 1024);

This way, the user can still turn this off for weird reasons (and we can
replace whatever driver-specific disabling hacks existed in the past),
yet we get proper crediting for relevant RNGs.

Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

USB: chaoskey: fix error case of a timeout

In case of a timeout or if a signal aborts a read
communication with the device needs to be ended
lest we overwrite an active URB the next time we
do IO to the device, as the URB may still be active.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191107142856.16774-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: chaoskey: fix use-after-free on release

The driver was accessing its struct usb_interface in its release()
callback without holding a reference. This would lead to a
use-after-free whenever the device was disconnected while the character
device was still open.

Fixes: 66e3e591891d ("usb: Add driver for Altus Metrum ChaosKey device (v2)")
Cc: stable <stable@vger.kernel.org> # 4.1
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009153848.8664-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: chaoskey: Use kasprintf() over strcpy()/strcat()

Instead of kmalloc() with manually calculated values followed by
multiple strcpy()/strcat() calls, just fold it all into a single
kasprintf() call.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: misc: chaoskey: Use true and false for boolean values

Assign true or false to boolean variables instead of an integer value.

This issue was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: misc: Remove redundant license text

Now that the SPDX tag is in all USB files, that identifies the license
in a specific and legally-defined manner. So the extra GPL text wording
can be removed as it is no longer needed at all.

This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text. And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.

No copyright headers or other non-license-description text was removed.

Cc: Keith Packard <keithp@keithp.com>
Cc: Juergen Stuber <starblue@users.sourceforge.net>
Cc: Cesar Miquel <miquel@df.uba.ar>
Cc: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: add SPDX identifiers to all remaining files in drivers/usb/

It's good to have SPDX identifiers in all files to make it easier to
audit the kernel tree for correct licenses.

Update the drivers/usb/ and include/linux/usb* files with the correct
SPDX license identifier based on the license text in the file itself.
The SPDX identifier is a legally binding shorthand, which can be used
instead of the full boiler plate text.

This work is based on a script and data from Thomas Gleixner, Philippe
Ombredanne, and Kate Stewart.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: misc: remove unneeded MODULE_VERSION() usage

MODULE_VERSION is useless for in-kernel drivers, so just remove all
usage of it in the USB misc drivers. Along with this, some
DRIVER_VERSION macros were removed as they are also pointless.

Cc: Keith Packard <keithp@keithp.com>
Cc: Juergen Stuber <starblue@users.sourceforge.net>
Cc: Cesar Miquel <miquel@df.uba.ar>
Acked-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: chaoskey: fix Alea quirk on big-endian hosts

Add missing endianness conversion when applying the Alea timeout quirk.

Found using sparse:

warning: restricted __le16 degrades to integer

Fixes: e4a886e811cd ("hwrng: chaoskey - Fix URB warning due to timeout on Alea")
Cc: stable <stable@vger.kernel.org> # 4.8
Cc: Bob Ham <bob.ham@collabora.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Keith Packard <keithp@keithp.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: chaoskey: refactor endpoint retrieval

Use the new endpoint helpers to lookup the required bulk-in endpoint.

Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

hwrng: chaoskey - drop workaround for old hwrng core limitation

The hwrng core used to mask 'quality' with 1023; that has been removed
in commit 506bf0c0464ace57169aadcf02ae397999c57bdd ("hwrng: core - allow
perfect entropy from hardware devices"), so we can now just set quality
to 1024.

Signed-off-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

hwrng: chaoskey - Fix URB warning due to timeout on Alea

The first read on an Alea takes about 1.8 seconds, more than the
timeout value waiting for the read. As a consequence, later URB reuse
causes the warning given below. To avoid this, we increase the wait
time for the first read on the Alea.

[ 78.293247] WARNING: CPU: 3 PID: 1892 at drivers/usb/core/urb.c:338 usb_submit_urb+0x2b4/0x580 [usbcore]
[ 78.293250] URB ffff8802135be3c0 submitted while active
[ 78.293252] Modules linked in: chaoskey(+) rng_core rfcomm binfmt_misc bnep cfg80211 nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc bridge stp llc tun snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic iTCO_wdt iTCO_vendor_support nls_utf8 nls_cp437 vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel efi_pstore kvm irqbypass pcspkr btusb btrtl btbcm btintel uvcvideo joydev bluetooth videobuf2_vmalloc videobuf2_memops efivars videobuf2_v4l2 serio_raw i2c_i801 videobuf2_core videodev cdc_mbim media lpc_ich shpchp mfd_core cdc_ncm usbnet mii cdc_wdm cdc_acm evdev snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core i915 snd_pcm snd_timer i2c_algo_bit drm_kms_helper wmi thinkpad_acpi drm nvram mei_me mei snd soundcore rfkill ac battery i2c_core
[ 78.293335] video button tpm_tis tpm fuse parport_pc ppdev lp parport autofs4 ext4 crc16 jbd2 mbcache algif_skcipher af_alg hid_generic usbhid hid dm_crypt dm_mod sg sr_mod cdrom sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel jitterentropy_rng sha256_generic hmac drbg aesni_intel xhci_pci aes_x86_64 ahci glue_helper xhci_hcd ehci_pci lrw libahci gf128mul ablk_helper cryptd libata sdhci_pci psmouse sdhci scsi_mod ehci_hcd mmc_core usbcore usb_common thermal
[ 78.293402] CPU: 3 PID: 1892 Comm: hwrng Not tainted 4.7.0-rc1-linux-14+ #16
[ 78.293405] Hardware name: LENOVO 232577G/232577G, BIOS G2ET92WW (2.52 ) 02/22/2013
[ 78.293408] 0000000000000000 ffffffff812dfa0f ffff8801fa5b3d68 0000000000000000
[ 78.293413] ffffffff81072224 ffff8802135be3c0 ffff8801fa5b3db8 ffff880212e44210
[ 78.293418] 0000000000000040 ffff880209fb32c0 ffff880212e44200 ffffffff8107228f
[ 78.293422] Call Trace:
[ 78.293432] [<ffffffff812dfa0f>] ? dump_stack+0x5c/0x7d
[ 78.293437] [<ffffffff81072224>] ? __warn+0xc4/0xe0
[ 78.293441] [<ffffffff8107228f>] ? warn_slowpath_fmt+0x4f/0x60
[ 78.293451] [<ffffffff810a46a2>] ? enqueue_task_fair+0xcd2/0x1260
[ 78.293463] [<ffffffffa001ec54>] ? usb_submit_urb+0x2b4/0x580 [usbcore]
[ 78.293474] [<ffffffff8140c2e5>] ? __pm_runtime_resume+0x55/0x70
[ 78.293484] [<ffffffffa0825212>] ? _chaoskey_fill+0x132/0x250 [chaoskey]
[ 78.293485] usbcore: registered new interface driver chaoskey
[ 78.293493] [<ffffffff810aed50>] ? wait_woken+0x90/0x90
[ 78.293500] [<ffffffffa06448c0>] ? devm_hwrng_register+0x80/0x80 [rng_core]
[ 78.293505] [<ffffffffa0825907>] ? chaoskey_rng_read+0x127/0x140 [chaoskey]
[ 78.293511] [<ffffffffa06448c0>] ? devm_hwrng_register+0x80/0x80 [rng_core]
[ 78.293515] [<ffffffffa064492e>] ? hwrng_fillfn+0x6e/0x120 [rng_core]
[ 78.293520] [<ffffffff8108fb5f>] ? kthread+0xcf/0xf0
[ 78.293529] [<ffffffff81596d5f>] ? ret_from_fork+0x1f/0x40
[ 78.293535] [<ffffffff8108fa90>] ? kthread_park+0x50/0x50

Signed-off-by: Bob Ham <bob.ham@collabora.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

hwrng: chaoskey - Add support for Araneus Alea I USB RNG

Adds support for the Araneus Alea I USB hardware Random Number
Generator which is interfaced with in exactly the same way as the
Altus Metrum ChaosKey. We just add the appropriate device ID and
modify the config help text.

Signed-off-by: Bob Ham <bob.ham@collabora.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

usb/misc/chaoskey: introduce an URB for asynchronous reads

To allow for and clean handling of signals an URB is introduced.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb/misc/chaoskey: Cleanup probe failure paths

Shares the cleanup code between all probe failure paths, instead of
having per-failure cleanup at each point in the function.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: chaoskey read offset bug

Rng reads in chaoskey driver could return the same data under
the certain conditions.

Signed-off-by: Alexander Inyukhin <shurick@sectorb.msk.ru>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb: Fix warnings in chaoskey driver

> drivers/usb/misc/chaoskey.c: In function 'chaoskey_read':
> >> drivers/usb/misc/chaoskey.c:412:3: error: implicit declaration of function 'copy_to_user'
> >> [-Werror=implicit-function-declaration]
> remain = copy_to_user(buffer, dev->buf + dev->used, this_time);

I was unable to reproduce this locally, but added an explicit

#include <linux/uaccess.h>

which should ensure the definition on all architectures.

> sparse warnings: (new ones prefixed by >>)
>
> >> drivers/usb/misc/chaoskey.c:117:30: sparse: incorrect type in assignment (different base types)
> drivers/usb/misc/chaoskey.c:117:30: expected int [signed] size
> drivers/usb/misc/chaoskey.c:117:30: got restricted __le16 [usertype] wMaxPacketSize

Switched the code to using the USB descriptor accessor functions.

Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb: Add driver for Altus Metrum ChaosKey device (v2)

This is a hardware random number generator. The driver provides both a
/dev/chaoskeyX entry and hooks the entropy source up to the kernel
hwrng interface. More information about the device can be found at
http://chaoskey.org

The USB ID for ChaosKey was allocated from the OpenMoko USB vendor
space and is visible as 'USBtrng' here:

http://wiki.openmoko.org/wiki/USB_Product_IDs

v2: Respond to review from Oliver Neukum <oneukum@suse.de>

* Delete extensive debug infrastructure and replace it with calls to
dev_dbg.

* Allocate I/O buffer separately from device structure to obey
requirements for non-coherant architectures.

* Initialize mutexes before registering device to ensure that open
cannot be invoked before the device is ready to proceed.

* Return number of bytes read instead of -EINTR when partial read
operation is aborted due to a signal.

* Make sure device mutex is unlocked in read error paths.

* Add MAINTAINERS entry for the driver

Signed-off-by: Keith Packard <keithp@keithp.com>
Cc: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>