| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jul 2022 17:10:30 +1000
From: Stephen Rothwell <sfr@...b.auug.org.au>
To: Theodore Ts'o <tytso@....edu>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>
Cc: Borislav Petkov <bp@...e.de>, Jonathan McDowell <noodles@...com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: linux-next: manual merge of the random tree with the tip tree
Hi all,
Today's linux-next merge of the random tree got conflicts in:
arch/x86/include/uapi/asm/bootparam.h
arch/x86/kernel/kexec-bzimage64.c
arch/x86/kernel/setup.c
between commit:
b69a2afd5afc ("x86/kexec: Carry forward IMA measurement log on kexec")
from the tip tree and commit:
c337d5c7ec9b ("x86/setup: Use rng seeds from setup_data")
from the random tree.
I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc arch/x86/include/uapi/asm/bootparam.h
index ca0796ac4403,a60676b8d1d4..000000000000
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@@ -11,7 -11,7 +11,8 @@@
#define SETUP_APPLE_PROPERTIES 5
#define SETUP_JAILHOUSE 6
#define SETUP_CC_BLOB 7
-#define SETUP_RNG_SEED 8
+#define SETUP_IMA 8
++#define SETUP_RNG_SEED 9
#define SETUP_INDIRECT (1<<31)
diff --cc arch/x86/kernel/kexec-bzimage64.c
index c63974e94272,13b2c55ebbf0..000000000000
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@@ -217,7 -212,8 +239,8 @@@ static in
setup_boot_parameters(struct kimage *image, struct boot_params *params,
unsigned long params_load_addr,
unsigned int efi_map_offset, unsigned int efi_map_sz,
- unsigned int setup_data_offset)
- unsigned int efi_setup_data_offset,
++ unsigned int setup_data_offset,
+ unsigned int rng_seed_setup_data_offset)
{
unsigned int nr_e820_entries;
unsigned long long mem_k, start, end;
@@@ -435,12 -427,10 +461,14 @@@ static void *bzImage64_load(struct kima
params_cmdline_sz = ALIGN(params_cmdline_sz, 16);
kbuf.bufsz = params_cmdline_sz + ALIGN(efi_map_sz, 16) +
sizeof(struct setup_data) +
- sizeof(struct efi_setup_data);
+ sizeof(struct efi_setup_data) +
+ sizeof(struct setup_data) +
+ RNG_SEED_LENGTH;
+ if (IS_ENABLED(CONFIG_IMA_KEXEC))
+ kbuf.bufsz += sizeof(struct setup_data) +
+ sizeof(struct ima_setup_data);
+
params = kzalloc(kbuf.bufsz, GFP_KERNEL);
if (!params)
return ERR_PTR(-ENOMEM);
diff --cc arch/x86/kernel/setup.c
index 53f863f28b4c,409de5308a8c..000000000000
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@@ -415,9 -356,15 +416,18 @@@ static void __init parse_setup_data(voi
case SETUP_EFI:
parse_efi_setup(pa_data, data_len);
break;
+ case SETUP_IMA:
+ add_early_ima_buffer(pa_data);
+ break;
+ case SETUP_RNG_SEED:
+ data = early_memremap(pa_data, data_len);
+ add_bootloader_randomness(data->data, data->len);
+ /* Zero seed for forward secrecy. */
+ memzero_explicit(data->data, data->len);
+ /* Zero length in case we find ourselves back here by accident. */
+ memzero_explicit(&data->len, sizeof(data->len));
+ early_memunmap(data, data_len);
+ break;
default:
break;
}
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists