| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 May 2019 11:34:18 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
Thomas Gleixner <tglx@...utronix.de>,
Daniel Lezcano <daniel.lezcano@...aro.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: crypto: run initcalls for generic implementations earlier
On Tue, May 21, 2019 at 06:39:00PM +0200, Geert Uytterhoeven wrote:
> Hi Eric,
>
> On Tue, May 7, 2019 at 5:26 AM Linux Kernel Mailing List
> <linux-kernel@...r.kernel.org> wrote:
> > Commit: c4741b23059794bd99beef0f700103b0d983b3fd
> > Parent: 40153b10d91c9e25f912344ba6ce1f0874400659
> > Refname: refs/heads/master
> > Web: https://git.kernel.org/torvalds/c/c4741b23059794bd99beef0f700103b0d983b3fd
> > Author: Eric Biggers <ebiggers@...gle.com>
> > AuthorDate: Thu Apr 11 21:57:42 2019 -0700
> > Committer: Herbert Xu <herbert@...dor.apana.org.au>
> > CommitDate: Thu Apr 18 22:15:03 2019 +0800
> >
> > crypto: run initcalls for generic implementations earlier
> >
> > Use subsys_initcall for registration of all templates and generic
> > algorithm implementations, rather than module_init. Then change
> > cryptomgr to use arch_initcall, to place it before the subsys_initcalls.
> >
> > This is needed so that when both a generic and optimized implementation
> > of an algorithm are built into the kernel (not loadable modules), the
> > generic implementation is registered before the optimized one.
> > Otherwise, the self-tests for the optimized implementation are unable to
> > allocate the generic implementation for the new comparison fuzz tests.
> >
> > Note that on arm, a side effect of this change is that self-tests for
> > generic implementations may run before the unaligned access handler has
> > been installed. So, unaligned accesses will crash the kernel. This is
> > arguably a good thing as it makes it easier to detect that type of bug.
> >
> > Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> > Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
>
> > --- a/crypto/jitterentropy-kcapi.c
> > +++ b/crypto/jitterentropy-kcapi.c
> > @@ -198,7 +198,7 @@ static void __exit jent_mod_exit(void)
> > crypto_unregister_rng(&jent_alg);
> > }
> >
> > -module_init(jent_mod_init);
> > +subsys_initcall(jent_mod_init);
> > module_exit(jent_mod_exit);
> >
> > MODULE_LICENSE("Dual BSD/GPL");
>
> This change causes jitterentropy to fail on Renesas SoCs based on
> single-core Cortex A9 with:
>
> jitterentropy: Initialization failed with host not compliant with
> requirements: 2
>
> This happens because jitterentropy is now initialized before the main
> clocksource is activated, i.e. before
>
> clocksource: Switched to clocksource ostm timer (on RZ/A1)
> clocksource: Switched to clocksource fff80000.timer (on R-Mobile A1)
>
> is printed.
> RZ/A1 and R-Mobile A1 SoCs rely on the OSTM resp. TMU timers.
>
> The issue does not happen on SoCs with Cortex A15 cores (with ARM
> architectured timer) or Cortex A9 multicore (with ARM global timer).
>
> Gr{oetje,eeting}s,
>
> Geert
>
Thanks for the bug report. It seems there was no point for my patch to change
jitterentropy_rng, since it's not a generic crypto algorithm that has multiple
implementations, nor is it testable by the crypto self-tests. So I'll send a
patch that changes it back to module_init().
- Eric
Powered by blists - more mailing lists