new file mode 100644

@@ -0,0 +1,127 @@

+From c3e6a24425bc9986da0d0a5a8c92e0b9ed7f18fa Mon Sep 17 00:00:00 2001

+From: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu>

+Date: Thu, 28 Jun 2018 08:51:18 -0700

+Subject: [PATCH] hwrng: rdrand - Add RNG driver based on x86 rdrand

+ instruction

+

+Add a Hardware Random Number Generator driver, which uses the

+'rdrand' instruction available on modern Intel and AMD CPUs.

+

+This can be used to feed the kernel's entropy pool on

+entropy-starved virtual machines.

+

+Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

+---

+ drivers/char/hw_random/Kconfig      | 14 +++++++++

+ drivers/char/hw_random/Makefile     |  1 +

+ drivers/char/hw_random/rdrand-rng.c | 61 +++++++++++++++++++++++++++++++++++++

+ 3 files changed, 76 insertions(+)

+ create mode 100644 drivers/char/hw_random/rdrand-rng.c

+

+diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig

+index dbf2271..b4e558d 100644

+--- a/drivers/char/hw_random/Kconfig

+@@ -62,6 +62,20 @@ config HW_RANDOM_AMD

+ 

+ 	  If unsure, say Y.

+ 

++config HW_RANDOM_RDRAND

++	tristate "x86 rdrand Random Number Generator support"

++	depends on (X86_32 || X86_64) && ARCH_RANDOM

++	default HW_RANDOM

++	---help---

++	  This driver provides kernel-side support for a Random Number

++	  Generator that uses the 'rdrand' instruction on modern Intel

++	  and AMD CPUs.

++

++	  To compile this driver as a module, choose M here: the

++	  module will be called rdrand-rng.

++

++	  If unsure, say N.

++

+ config HW_RANDOM_ATMEL

+ 	tristate "Atmel Random Number Generator support"

+ 	depends on ARCH_AT91 && HAVE_CLK && OF

+diff --git a/drivers/char/hw_random/Makefile b/drivers/char/hw_random/Makefile

+index 5ad3976..c186ddb 100644

+--- a/drivers/char/hw_random/Makefile

+@@ -7,6 +7,7 @@ rng-core-y := core.o

+ obj-$(CONFIG_HW_RANDOM_TIMERIOMEM) += timeriomem-rng.o

+ obj-$(CONFIG_HW_RANDOM_INTEL) += intel-rng.o

+ obj-$(CONFIG_HW_RANDOM_AMD) += amd-rng.o

++obj-$(CONFIG_HW_RANDOM_RDRAND) += rdrand-rng.o

+ obj-$(CONFIG_HW_RANDOM_ATMEL) += atmel-rng.o

+ obj-$(CONFIG_HW_RANDOM_BCM63XX)	+= bcm63xx-rng.o

+ obj-$(CONFIG_HW_RANDOM_GEODE) += geode-rng.o

+diff --git a/drivers/char/hw_random/rdrand-rng.c b/drivers/char/hw_random/rdrand-rng.c

+new file mode 100644

+index 0000000..e1cf7f3

+--- /dev/null

+@@ -0,0 +1,61 @@

++// SPDX-License-Identifier: GPL-2.0

++/*

++ * RNG driver that uses the 'rdrand' instruction (found on modern

++ * Intel and AMD CPUs).

++ *

++ * Author: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

++ *

++ */

++

++#include <linux/hw_random.h>

++#include <linux/kernel.h>

++#include <linux/module.h>

++#include <asm/archrandom.h>

++

++#define PFX	KBUILD_MODNAME ": "

++

++static int rdrand_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait)

++{

++	unsigned long *data = buf;

++	size_t read = 0;

++

++	while (read < max) {

++		arch_get_random_long(data);

++		data++;

++		read += sizeof(unsigned long);

++	}

++

++	return read;

++}

++

++static struct hwrng rdrand_rng = {

++	.name		= KBUILD_MODNAME,

++	.quality	= 1000,

++	.read		= rdrand_rng_read,

++};

++

++static int __init mod_init(void)

++{

++	int err = -ENODEV;

++

++	if (!arch_has_random())

++		return err; /* rdrand not available. */

++

++	err = hwrng_register(&rdrand_rng);

++	if (err)

++		pr_err(PFX "RNG registration failed (%d)\n", err);

++

++	return err;

++}

++

++static void __exit mod_exit(void)

++{

++	hwrng_unregister(&rdrand_rng);

++}

++

++module_init(mod_init);

++module_exit(mod_exit);

++

++MODULE_AUTHOR("Srivatsa S. Bhat <srivatsa@csail.mit.edu>");

++MODULE_DESCRIPTION("H/W RNG driver for x86 CPUs that support rdrand");

++MODULE_LICENSE("GPL");

+-- 

+2.7.4

+

@@ -2298,6 +2298,7 @@ CONFIG_HW_RANDOM=m

 CONFIG_HW_RANDOM_TIMERIOMEM=m

 CONFIG_HW_RANDOM_INTEL=m

 CONFIG_HW_RANDOM_AMD=m

+CONFIG_HW_RANDOM_RDRAND=m

 CONFIG_HW_RANDOM_VIA=m

 CONFIG_HW_RANDOM_VIRTIO=m

 CONFIG_HW_RANDOM_TPM=m

@@ -1788,7 +1788,12 @@ CONFIG_SERIAL_CORE_CONSOLE=y

 # CONFIG_SERIAL_FSL_LPUART is not set

 # CONFIG_TTY_PRINTK is not set

 # CONFIG_IPMI_HANDLER is not set

-# CONFIG_HW_RANDOM is not set

+CONFIG_HW_RANDOM=m

+# CONFIG_HW_RANDOM_TIMERIOMEM is not set

+# CONFIG_HW_RANDOM_INTEL is not set

+# CONFIG_HW_RANDOM_AMD is not set

+CONFIG_HW_RANDOM_RDRAND=m

+# CONFIG_HW_RANDOM_VIA is not set

 # CONFIG_NVRAM is not set

 # CONFIG_R3964 is not set

 # CONFIG_APPLICOM is not set

@@ -2322,6 +2327,7 @@ CONFIG_USB_STORAGE=m

 # CONFIG_USB_EZUSB_FX2 is not set

 # CONFIG_USB_HSIC_USB3503 is not set

 # CONFIG_USB_LINK_LAYER_TEST is not set

+# CONFIG_USB_CHAOSKEY is not set

 #

 # USB Physical Layer drivers

@@ -2,7 +2,7 @@

 Summary:       Kernel

 Name:          linux-esx

 Version:       4.4.138

-Release:       1%{?dist}

+Release:       2%{?dist}

 License:       GPLv2

 URL:           http://www.kernel.org/

 Group:         System Environment/Kernel

@@ -46,6 +46,8 @@ Patch30:       0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch

 Patch31:       0001-ocfs2-subsystem.su_mutex-is-required-while-accessing.patch

 # Fix for CVE-2017-18241

 Patch33:       0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch

+Patch34:       0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

+

 # For Spectre

 Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch

@@ -234,6 +236,7 @@ The Linux package contains the Linux kernel doc files

 %patch30 -p1

 %patch31 -p1

 %patch33 -p1

+%patch34 -p1

 %patch52 -p1

 %patch55 -p1

@@ -439,6 +442,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Thu Jun 28 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.138-2

+-   Add rdrand-based RNG driver to enhance kernel entropy.

 *   Mon Jun 25 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.138-1

 -   Update to version 4.4.138

 *   Thu Jun 14 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.137-2

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux

 Version:    	4.4.138

-Release:        1%{?kat_build:.%kat_build}%{?dist}

+Release:        2%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

@@ -46,6 +46,7 @@ Patch23:        0001-ocfs2-subsystem.su_mutex-is-required-while-accessing.patch

 # Fix for CVE-2017-18241

 Patch25:        0001-f2fs-fix-a-panic-caused-by-NULL-flush_cmd_control.patch

 Patch26:        Implement-the-f-xattrat-family-of-functions.patch

+Patch27:        0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

 # For Spectre

 Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch

@@ -266,6 +267,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch23 -p1

 %patch25 -p1

 %patch26 -p1

+%patch27 -p1

 %patch52 -p1

 %patch55 -p1

@@ -539,6 +541,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/perf-core

 %changelog

+*   Thu Jun 28 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.138-2

+-   Add rdrand-based RNG driver to enhance kernel entropy.

 *   Mon Jun 25 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.138-1

 -   Update to version 4.4.138

 *   Thu Jun 14 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.137-2

new file mode 100644

@@ -0,0 +1,2 @@

+# Automatically load the following kernel modules on every boot.

+rdrand-rng

@@ -1,7 +1,7 @@

 Summary:          Systemd-228

 Name:             systemd

 Version:          228

-Release:          45%{?dist}

+Release:          46%{?dist}

 License:          LGPLv2+ and GPLv2+ and MIT

 URL:              http://www.freedesktop.org/wiki/Software/systemd/

 Group:            System Environment/Security

@@ -12,6 +12,7 @@ Source0:          %{name}-%{version}.tar.gz

 Source1:          99-vmware-hotplug.rules

 Source2:          50-security-hardening.conf

 Source3:          filesystem.conf

+Source4:          10-rdrand-rng.conf

 #patch for ostree

 Patch0:           systemd-228-mount.patch

 Patch1:           01-enoX-uses-instance-number-for-vmware-hv.patch

@@ -170,6 +171,7 @@ find %{buildroot}%{_libdir} -name '*.la' -delete

 install -Dm 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/udev/rules.d

 install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysctl.d

 install -m 0644 %{SOURCE3} %{buildroot}/usr/lib/tmpfiles.d/

+install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/modules-load.d

 rm %{buildroot}/lib/systemd/system/default.target

 ln -sfv multi-user.target %{buildroot}/lib/systemd/system/default.target

 install -vdm 755 %{buildroot}/%{_sysconfdir}/systemd/network

@@ -221,6 +223,7 @@ rm -rf %{buildroot}/*

 %config(noreplace) %{_sysconfdir}/systemd/timesyncd.conf

 %config(noreplace) %{_sysconfdir}/systemd/bootchart.conf

 %config(noreplace) %{_sysconfdir}/pam.d/systemd-user

+%config(noreplace) %{_sysconfdir}/modules-load.d/10-rdrand-rng.conf

 %dir %{_sysconfdir}/systemd/network

 %config(noreplace) %{_sysconfdir}/systemd/network/99-dhcp-en.network

 %dir %{_sysconfdir}/udev

@@ -246,7 +249,8 @@ rm -rf %{buildroot}/*

 %changelog

-%changelog

+*    Thu Jun 28 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 228-46

+-    Automatically load rdrand-rng kernel module on every boot.

 *    Thu Mar 15 2018 Xiaolin Li <xiaolinl@vmware.com>  228-45

 -    Fix CVE-2017-18078.

 *    Wed Nov 29 2017 Anish Swaminathan <anishs@vmware.com> 228-44