| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190527043336.112854-3-hsinyi@chromium.org>
Date: Mon, 27 May 2019 12:33:36 +0800
From: Hsin-Yi Wang <hsinyi@...omium.org>
To: linux-arm-kernel@...ts.infradead.org
Cc: Rob Herring <robh+dt@...nel.org>, devicetree@...r.kernel.org,
linux-kernel@...r.kernel.org,
Frank Rowand <frowand.list@...il.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Mike Rapoport <rppt@...ux.ibm.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Miles Chen <miles.chen@...iatek.com>,
Hsin-Yi Wang <hsinyi@...omium.org>,
James Morse <james.morse@....com>,
Andrew Murray <andrew.murray@....com>,
Mark Rutland <mark.rutland@....com>,
Jun Yao <yaojun8558363@...il.com>, Yu Zhao <yuzhao@...gle.com>,
Robin Murphy <robin.murphy@....com>,
Laura Abbott <labbott@...hat.com>,
Stephen Boyd <swboyd@...omium.org>,
Kees Cook <keescook@...omium.org>,
Nicolas Boichat <drinkcat@...omium.org>
Subject: [PATCH v5 3/3] arm64: kexec_file: add rng-seed support
Adding "rng-seed" to dtb. It's fine to add this property if original
fdt doesn't contain it. Since original seed will be wiped after
read, so use a default size 128 bytes here.
Signed-off-by: Hsin-Yi Wang <hsinyi@...omium.org>
---
arch/arm64/kernel/machine_kexec_file.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 58871333737a..d40fde72a023 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -27,6 +27,8 @@
#define FDT_PROP_INITRD_END "linux,initrd-end"
#define FDT_PROP_BOOTARGS "bootargs"
#define FDT_PROP_KASLR_SEED "kaslr-seed"
+#define FDT_PROP_RNG_SEED "rng-seed"
+#define RNG_SEED_SIZE 128
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
@@ -102,6 +104,23 @@ static int setup_dtb(struct kimage *image,
FDT_PROP_KASLR_SEED);
}
+ /* add rng-seed */
+ if (rng_is_initialized()) {
+ void *rng_seed = kmalloc(RNG_SEED_SIZE, GFP_ATOMIC);
+ get_random_bytes(rng_seed, RNG_SEED_SIZE);
+
+ ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
+ RNG_SEED_SIZE);
+ kfree(rng_seed);
+
+ if (ret)
+ goto out;
+
+ } else {
+ pr_notice("RNG is not initialised: omitting \"%s\" property\n",
+ FDT_PROP_RNG_SEED);
+ }
+
out:
if (ret)
return (ret == -FDT_ERR_NOSPACE) ? -ENOMEM : -EINVAL;
@@ -110,7 +129,8 @@ static int setup_dtb(struct kimage *image,
}
/*
- * More space needed so that we can add initrd, bootargs and kaslr-seed.
+ * More space needed so that we can add initrd, bootargs, kaslr-seed, and
+ * rng-seed.
*/
#define DTB_EXTRA_SPACE 0x1000
--
2.20.1
Powered by blists - more mailing lists