| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1525217620-4107-4-git-send-email-me@tobin.cc>
Date: Wed, 2 May 2018 09:33:40 +1000
From: "Tobin C. Harding" <me@...in.cc>
To: linux-kernel@...r.kernel.org
Cc: "Tobin C. Harding" <me@...in.cc>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Randy Dunlap <rdunlap@...radead.org>,
Steven Rostedt <rostedt@...dmis.org>,
Kees Cook <keescook@...omium.org>,
Anna-Maria Gleixner <anna-maria@...utronix.de>,
Andrew Morton <akpm@...ux-foundation.org>,
"Theodore Ts'o" <tytso@....edu>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Arnd Bergmann <arnd@...db.de>
Subject: [PATCH 3/3] vsprintf: Add use-early-random-bytes cmd line option
Currently if an attempt is made to print a pointer before there is
enough entropy then '(____ptrval____)' is printed. This makes debugging
early stage stack traces difficult. We can relax the requirement for
cryptographically secure hashing when debugging while still maintaining
pointer hashing behaviour.
Add a command line option 'use-early-random-bytes'. When enabled get
key material from the hw RNG if available.
This option should NOT be enabled on production kernels.
Suggested-by: Kees Cook <keescook@...omium.org>
Signed-off-by: Tobin C. Harding <me@...in.cc>
---
lib/vsprintf.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 47 insertions(+), 3 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index b82f0c6c2aec..7b9cf6bb9fd2 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -1654,12 +1654,39 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,
return widen_string(buf, buf - buf_start, end, spec);
}
+/*
+ * Command line option use_early_random_bytes allows debugging early in
+ * the boot sequence, if enabled we attempt to use the hw RNG to get
+ * ptr_key material. Do NOT use on production kernels.
+ */
+static int use_early_random_bytes;
+EXPORT_SYMBOL(use_early_random_bytes);
+
+/*
+ * Process kernel command-line parameter at boot time.
+ * use_early_random_bytes=0 or use_early_random_bytes=1
+ */
+static int __init use_early_random_bytes_enable(char *str)
+{
+ long option;
+ int ret;
+
+ ret = !!kstrtol(str, 10, &option);
+ if (ret == 0 && option != 0)
+ use_early_random_bytes = 1;
+
+ pr_info("use_early_random_bytes: %s\n",
+ use_early_random_bytes ? "enabled" : "disabled");
+
+ return 1;
+}
+__setup("use-early-random-bytes=", use_early_random_bytes_enable);
+
static bool have_filled_random_ptr_key __read_mostly;
static siphash_key_t ptr_key __read_mostly;
-static void fill_random_ptr_key(struct random_ready_callback *unused)
+static void ptr_key_ready(void)
{
- get_random_bytes(&ptr_key, sizeof(ptr_key));
/*
* have_filled_random_ptr_key==true is dependent on get_random_bytes().
* ptr_to_id() needs to see have_filled_random_ptr_key==true
@@ -1669,13 +1696,30 @@ static void fill_random_ptr_key(struct random_ready_callback *unused)
WRITE_ONCE(have_filled_random_ptr_key, true);
}
+static void fill_random_ptr_key(struct random_ready_callback *unused)
+{
+ get_random_bytes(&ptr_key, sizeof(ptr_key));
+ ptr_key_ready();
+}
+
static struct random_ready_callback random_ready = {
.func = fill_random_ptr_key
};
static int __init initialize_ptr_random(void)
{
- int ret = add_random_ready_callback(&random_ready);
+ int ret;
+
+ if (use_early_random_bytes) {
+ int nbytes = sizeof(ptr_key);
+
+ if (get_random_bytes_arch(&ptr_key, nbytes) == nbytes) {
+ ptr_key_ready();
+ return 0;
+ }
+ }
+
+ ret = add_random_ready_callback(&random_ready);
if (!ret) {
return 0;
--
2.7.4
Powered by blists - more mailing lists