| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <35cdbb04-7b1d-59ae-2ff8-af1d57751113@redhat.com>
Date: Tue, 29 May 2018 12:58:10 -0400
From: Prarit Bhargava <prarit@...hat.com>
To: "Theodore Y. Ts'o" <tytso@....edu>,
Kees Cook <keescook@...omium.org>,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, X86 ML <x86@...nel.org>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Rik van Riel <riel@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Philippe Ombredanne <pombredanne@...b.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Kate Stewart <kstewart@...uxfoundation.org>
Subject: Re: [PATCH] x86, random: Fix get_random_bytes() warning in x86
start_kernel
On 05/29/2018 12:07 PM, Theodore Y. Ts'o wrote:
> On Tue, May 29, 2018 at 11:01:07AM -0400, Prarit Bhargava wrote:
>> Kees, in early boot no pool is available so the stack canary is initialized from
>> the TSC. Later in boot, the stack canary will use the the crng.
>>
>> ie) in early boot only TSC is okay, and late boot (when crng_ready() is true)
>> the pool will be used.
>
> But that means all of the kernel threads (e.g., workqueues, et. al)
> would not be well protected by the stack canary. That
> seems.... rather unfortunate.
Well, as stated the TSC is used as a source of entropy in early boot. It's
always been that way and get_random_bytes() AFAICT has always returned 0. CPUs
added later on via hotplug do use get_random_bytes().
Does anyone cc'd have a better idea on how to get another source of entropy this
early in boot?
P.
>
> - Ted
>
Powered by blists - more mailing lists