| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jun 2019 10:42:51 +0100
From: Mark Rutland <mark.rutland@....com>
To: Hsin-Yi Wang <hsinyi@...omium.org>
Cc: linux-arm-kernel@...ts.infradead.org,
Rob Herring <robh+dt@...nel.org>, devicetree@...r.kernel.org,
linux-kernel@...r.kernel.org,
Frank Rowand <frowand.list@...il.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Mike Rapoport <rppt@...ux.ibm.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Miles Chen <miles.chen@...iatek.com>,
James Morse <james.morse@....com>,
Andrew Murray <andrew.murray@....com>,
Jun Yao <yaojun8558363@...il.com>, Yu Zhao <yuzhao@...gle.com>,
Robin Murphy <robin.murphy@....com>,
Laura Abbott <labbott@...hat.com>,
Stephen Boyd <swboyd@...omium.org>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH v6 3/3] arm64: kexec_file: add rng-seed support
On Wed, Jun 12, 2019 at 12:33:02PM +0800, Hsin-Yi Wang wrote:
> Adding "rng-seed" to dtb. It's fine to add this property if original
> fdt doesn't contain it. Since original seed will be wiped after
> read, so use a default size 128 bytes here.
Why is 128 bytes the default value?
I didn't see an update to Documentation/devicetree/bindings/chosen.txt,
so it's not clear to me precisely what we expect.
>
> Signed-off-by: Hsin-Yi Wang <hsinyi@...omium.org>
> Reviewed-by: Stephen Boyd <swboyd@...omium.org>
> ---
> change log v5->v6:
> * no change
> ---
> arch/arm64/kernel/machine_kexec_file.c | 22 +++++++++++++++++++++-
> 1 file changed, 21 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
> index 58871333737a..d40fde72a023 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -27,6 +27,8 @@
> #define FDT_PROP_INITRD_END "linux,initrd-end"
> #define FDT_PROP_BOOTARGS "bootargs"
> #define FDT_PROP_KASLR_SEED "kaslr-seed"
> +#define FDT_PROP_RNG_SEED "rng-seed"
> +#define RNG_SEED_SIZE 128
>
> const struct kexec_file_ops * const kexec_file_loaders[] = {
> &kexec_image_ops,
> @@ -102,6 +104,23 @@ static int setup_dtb(struct kimage *image,
> FDT_PROP_KASLR_SEED);
> }
>
> + /* add rng-seed */
> + if (rng_is_initialized()) {
> + void *rng_seed = kmalloc(RNG_SEED_SIZE, GFP_ATOMIC);
For 128 bytes, it would be better to use a buffer on the stack. That
avoids the possibility of the allocation failing.
> + get_random_bytes(rng_seed, RNG_SEED_SIZE);
> +
> + ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
> + RNG_SEED_SIZE);
> + kfree(rng_seed);
> +
> + if (ret)
> + goto out;
If the RNG wasn't initialised, we'd carry on with a warning. Why do we
follow a different policy here?
Thanks,
Mark.
> +
> + } else {
> + pr_notice("RNG is not initialised: omitting \"%s\" property\n",
> + FDT_PROP_RNG_SEED);
> + }
> +
> out:
> if (ret)
> return (ret == -FDT_ERR_NOSPACE) ? -ENOMEM : -EINVAL;
> @@ -110,7 +129,8 @@ static int setup_dtb(struct kimage *image,
> }
>
> /*
> - * More space needed so that we can add initrd, bootargs and kaslr-seed.
> + * More space needed so that we can add initrd, bootargs, kaslr-seed, and
> + * rng-seed.
> */
> #define DTB_EXTRA_SPACE 0x1000
>
> --
> 2.20.1
>
Powered by blists - more mailing lists