Yes, that's right, the kernel doesn't add it to the entropy pool. RDRAND is a cryptographically secure pseudo-random number generator, it doesn't give you direct access to the full entropy of the hardware random number generator (that is planned with the RDSEED instruction, which isn't shipping yet[1]). RDRAND re-seeds a CSPRNG periodically with its hardware RNG, but it's not appropriate to feed directly in as the seed of another CSPRNG like Linux's /dev/random. Intel does provide a suggestion for how to ensure that it gets reseeded, so you can ensure you have seed-grade entropy in their software implementation guide[2]; it involves either calling it 1022 times, or running it 32 times with a 10 μs wait per iteration.
In Linux, there's a user-space deamon, rngd, that's responsible for mixing hardware random number generator entropy into the entropy pool. That's a more appropriate place to put the logic for adding entropy from RDRAND into the entropy pool; you probably don't want to be doing those 1022 iterations or 32 iterations with a sleep in between in the kernel itself.
The kernel just uses it as a parallel CSPRNG along with its own built in one. It runs its own, and RDRAND, and xors the results together. This allows it to get fast, good random numbers (which are important early in the boot sequence, for things like ASLR) even if its own entropy pool does not have very good entropy yet. This makes its random number generation at least as good as the stronger of RDRAND and the kernel's own CSPRNG. It does mean that if RDRAND (or some other processor's similar instruction, once other processors add it; it would be quite valuable on ARM and MIPS as embedded machines tend not to have very good entropy sources) is backdoored, and the kernel entropy pool has insufficient entropy, it may be possible for someone with knowledge of the backdoor to crack it, with a difficulty equal to the amount of entropy that the Linux entropy pool has. However, this is only true if you are using the non-blocking random number source, which tends to be used by things that need fast random numbers but don't need particularly good seed-grade entropy, like ASLR. If you need high-quality entropy, just use /dev/random and it will block until you have enough entropy to satisfy your request.
In Linux, there's a user-space deamon, rngd, that's responsible for mixing hardware random number generator entropy into the entropy pool. That's a more appropriate place to put the logic for adding entropy from RDRAND into the entropy pool; you probably don't want to be doing those 1022 iterations or 32 iterations with a sleep in between in the kernel itself.
The kernel just uses it as a parallel CSPRNG along with its own built in one. It runs its own, and RDRAND, and xors the results together. This allows it to get fast, good random numbers (which are important early in the boot sequence, for things like ASLR) even if its own entropy pool does not have very good entropy yet. This makes its random number generation at least as good as the stronger of RDRAND and the kernel's own CSPRNG. It does mean that if RDRAND (or some other processor's similar instruction, once other processors add it; it would be quite valuable on ARM and MIPS as embedded machines tend not to have very good entropy sources) is backdoored, and the kernel entropy pool has insufficient entropy, it may be possible for someone with knowledge of the backdoor to crack it, with a difficulty equal to the amount of entropy that the Linux entropy pool has. However, this is only true if you are using the non-blocking random number source, which tends to be used by things that need fast random numbers but don't need particularly good seed-grade entropy, like ASLR. If you need high-quality entropy, just use /dev/random and it will block until you have enough entropy to satisfy your request.
[1]: http://software.intel.com/en-us/blogs/2012/11/17/the-differe... [2]: http://software.intel.com/en-us/articles/intel-digital-rando...