lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190521183417.GA121164@gmail.com>
Date:   Tue, 21 May 2019 11:34:18 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Herbert Xu <herbert@...dor.apana.org.au>,
        Thomas Gleixner <tglx@...utronix.de>,
        Daniel Lezcano <daniel.lezcano@...aro.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Re: crypto: run initcalls for generic implementations earlier

On Tue, May 21, 2019 at 06:39:00PM +0200, Geert Uytterhoeven wrote:
> Hi Eric,
> 
> On Tue, May 7, 2019 at 5:26 AM Linux Kernel Mailing List
> <linux-kernel@...r.kernel.org> wrote:
> > Commit:     c4741b23059794bd99beef0f700103b0d983b3fd
> > Parent:     40153b10d91c9e25f912344ba6ce1f0874400659
> > Refname:    refs/heads/master
> > Web:        https://git.kernel.org/torvalds/c/c4741b23059794bd99beef0f700103b0d983b3fd
> > Author:     Eric Biggers <ebiggers@...gle.com>
> > AuthorDate: Thu Apr 11 21:57:42 2019 -0700
> > Committer:  Herbert Xu <herbert@...dor.apana.org.au>
> > CommitDate: Thu Apr 18 22:15:03 2019 +0800
> >
> >     crypto: run initcalls for generic implementations earlier
> >
> >     Use subsys_initcall for registration of all templates and generic
> >     algorithm implementations, rather than module_init.  Then change
> >     cryptomgr to use arch_initcall, to place it before the subsys_initcalls.
> >
> >     This is needed so that when both a generic and optimized implementation
> >     of an algorithm are built into the kernel (not loadable modules), the
> >     generic implementation is registered before the optimized one.
> >     Otherwise, the self-tests for the optimized implementation are unable to
> >     allocate the generic implementation for the new comparison fuzz tests.
> >
> >     Note that on arm, a side effect of this change is that self-tests for
> >     generic implementations may run before the unaligned access handler has
> >     been installed.  So, unaligned accesses will crash the kernel.  This is
> >     arguably a good thing as it makes it easier to detect that type of bug.
> >
> >     Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> >     Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
> 
> > --- a/crypto/jitterentropy-kcapi.c
> > +++ b/crypto/jitterentropy-kcapi.c
> > @@ -198,7 +198,7 @@ static void __exit jent_mod_exit(void)
> >         crypto_unregister_rng(&jent_alg);
> >  }
> >
> > -module_init(jent_mod_init);
> > +subsys_initcall(jent_mod_init);
> >  module_exit(jent_mod_exit);
> >
> >  MODULE_LICENSE("Dual BSD/GPL");
> 
> This change causes jitterentropy to fail on Renesas SoCs based on
> single-core Cortex A9 with:
> 
>     jitterentropy: Initialization failed with host not compliant with
> requirements: 2
> 
> This happens because jitterentropy is now initialized before the main
> clocksource is activated, i.e. before
> 
>     clocksource: Switched to clocksource ostm timer (on RZ/A1)
>     clocksource: Switched to clocksource fff80000.timer (on R-Mobile A1)
> 
> is printed.
> RZ/A1 and R-Mobile A1 SoCs rely on the OSTM resp. TMU timers.
> 
> The issue does not happen on SoCs with Cortex A15 cores (with ARM
> architectured timer) or Cortex A9 multicore (with ARM global timer).
> 
> Gr{oetje,eeting}s,
> 
>                         Geert
> 

Thanks for the bug report.  It seems there was no point for my patch to change
jitterentropy_rng, since it's not a generic crypto algorithm that has multiple
implementations, nor is it testable by the crypto self-tests.  So I'll send a
patch that changes it back to module_init().

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ