| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <201908290921.1F0FCC9E5@keescook>
Date: Thu, 29 Aug 2019 09:22:28 -0700
From: Kees Cook <keescook@...omium.org>
To: Hsin-Yi Wang <hsinyi@...omium.org>
Cc: Stephen Boyd <swboyd@...omium.org>,
"Theodore Y . Ts'o" <tytso@....edu>,
"moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE"
<linux-arm-kernel@...ts.infradead.org>,
Russell King <linux@...linux.org.uk>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H . Peter Anvin" <hpa@...or.com>,
"Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>,
Kate Stewart <kstewart@...uxfoundation.org>,
"David S . Miller" <davem@...emloft.net>,
Viresh Kumar <viresh.kumar@...aro.org>,
Marek Szyprowski <m.szyprowski@...sung.com>,
Arnd Bergmann <arnd@...db.de>, Marc Zyngier <maz@...nel.org>,
Julien Thierry <julien.thierry.kdev@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Wei Li <liwei391@...wei.com>,
Anders Roxell <anders.roxell@...aro.org>,
Rob Herring <robh@...nel.org>,
Aaro Koskinen <aaro.koskinen@...ia.com>,
Daniel Thompson <daniel.thompson@...aro.org>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Rik van Riel <riel@...riel.com>,
Waiman Long <longman@...hat.com>,
Marcelo Tosatti <mtosatti@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Armijn Hemel <armijn@...ldur.nl>,
Grzegorz Halat <ghalat@...hat.com>,
Len Brown <len.brown@...el.com>,
Shaokun Zhang <zhangshaokun@...ilicon.com>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Guenter Roeck <groeck@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Yury Norov <ynorov@...vell.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Jiri Kosina <jkosina@...e.cz>,
Mukesh Ojha <mojha@...eaurora.org>,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v9 2/3] fdt: add support for rng-seed
On Thu, Aug 29, 2019 at 06:03:57PM +0800, Hsin-Yi Wang wrote:
> On Thu, Aug 29, 2019 at 1:36 AM Kees Cook <keescook@...omium.org> wrote:
> >
> > Can this please be a boot param (with the default controlled by the
> > CONFIG)? See how CONFIG_RANDOM_TRUST_CPU is wired up...
> >
> > -Kees
> >
>
> Currently rng-seed read and added in setup_arch() -->
> setup_machine_fdt().. -> early_init_dt_scan_chosen(), which is earlier
> than parse_early_param() that initializes early_param.
>
> If we want to set it as a boot param, add_bootloader_randomness() can
> only be called after parse_early_param(). The seed can't be directly
> added to pool after it's read in. We need to store into global
> variable and load it later.
> If this seems okay then I'll add a patch for this. Thanks
This seems like a good idea to me.
>
> --- a/drivers/of/fdt.c
> +++ b/drivers/of/fdt.c
> @@ -1096,13 +1096,15 @@ static const char *config_cmdline = CONFIG_CMDLINE;
>
> +const void* rng_seed;
> +int rng_seed_len;
These should be __initdata, yes?
> +
> int __init early_init_dt_scan_chosen(unsigned long node, const char *uname,
> int depth,
> void *data)
> {
> int l = 0;
> const char *p = NULL;
> char *cmdline = data;
> - const void *rng_seed;
>
> pr_debug("search \"chosen\", depth: %d, uname: %s\n", depth, uname);
>
> @@ -1137,10 +1139,8 @@ int __init early_init_dt_scan_chosen(unsigned
> long node, const char *uname,
>
> pr_debug("Command line is: %s\n", (char*)data);
>
> - rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l);
> - if (rng_seed && l > 0) {
> - add_bootloader_randomness(rng_seed, l); //
> Originally it's added to entropy pool here
> -
> + rng_seed = of_get_flat_dt_prop(node, "rng-seed", &rng_seed_len);
> + if (rng_seed && rng_seed_len > 0) {
> /* try to clear seed so it won't be found. */
>
> diff --git a/include/linux/random.h b/include/linux/random.h
> index 831a002a1882..946840bba7c1 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -31,6 +31,15 @@ static inline void add_latent_entropy(void)
> static inline void add_latent_entropy(void) {}
> #endif
>
> +extern const void* rng_seed;
> +extern int rng_seed_len;
> +
> +static inline void add_bootloader_entropy(void)
> +{
> + if (rng_seed && rng_seed_len > 0)
> + add_bootloader_randomness(rng_seed, rng_seed_len);
> +}
And this should be __init
> +
> extern void add_input_randomness(unsigned int type, unsigned int code,
> unsigned int value) __latent_entropy;
> extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
> diff --git a/init/main.c b/init/main.c
> index 71847af32e4e..f74a8c7b34af 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -645,6 +645,7 @@ asmlinkage __visible void __init start_kernel(void)
> * - adding command line entropy
> */
> rand_initialize();
> + add_bootloader_entropy();
> add_latent_entropy();
> add_device_randomness(command_line, strlen(command_line));
> boot_init_stack_canary();
But yeah, looks reasonable to me.
--
Kees Cook
Powered by blists - more mailing lists