lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 11 Jul 2014 10:42:15 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Ingo Tuchscherer <ingo.tuchscherer@...ibm.com>
Cc:	Torsten Duwe <duwe@...e.de>, linux-kernel@...r.kernel.org,
	geralds@...ux.vnet.ibm.com, heicars2@...ux.vnet.ibm.com,
	mschwid2@...ux.vnet.ibm.com, Matt Mackall <mpm@...enic.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Harald Freudenberger <FREUDE@...ibm.com>
Subject: Re: [Patch v5.1 03/03]: hwrng: khwrngd derating per device

On Fri, Jul 11, 2014 at 03:43:24PM +0200, Ingo Tuchscherer wrote:
> At this point in time the zcrypt hw device is not registered completely in
> the internal zcrypt device list (ap_device_list). The crypto card itself is
> initialized and ready to receive and service requests, but the tasklet that
> retrieve the card response is not able to find the device because it's not
> yet in the list. Finally the response would not be received and the thread
> is still waiting for completion, hence the probing/registering procedure
> for all the other crypto devices is blocked. No further devices could be
> scanned, initialized and registered.
> Therefore I would not recommend to trigger a hw device request before the
> device register process has completed.

Is there any chance that you could change the zcrypt driver so that it
doesn't call hwrng_register() until and the tasklet that can receive
the request has been fully registered?  It sounds like that should
just be a matter of reordering a few lines of code, no?

> Anyway, when the kernel thread (hwrng_fillfn) starts, it take care about
> the initial call to the zcrypt rng device to be triggered. Therefore I
> don't see any reason to manually call rng_get_data() during the
> registration or did I missed something?

The basic idea was described in the commit that added this:

commit d9e79726193346569af7953369a638ee2275ade5
Author: Kees Cook <keescook@...omium.org>
Date:   Mon Mar 3 15:51:48 2014 -0800

    hwrng: add randomness to system from rng sources
    
    When bringing a new RNG source online, it seems like it would make sense
    to use some of its bytes to make the system entropy pool more random,
    as done with all sorts of other devices that contain per-device or
    per-boot differences.
    
    Signed-off-by: Kees Cook <keescook@...omium.org>
    Reviewed-by: Jason Cooper <jason@...edaemon.net>
    Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>

Cheers,

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ