lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220708171030.135b12cd@canb.auug.org.au>
Date:   Fri, 8 Jul 2022 17:10:30 +1000
From:   Stephen Rothwell <sfr@...b.auug.org.au>
To:     Theodore Ts'o <tytso@....edu>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     Borislav Petkov <bp@...e.de>, Jonathan McDowell <noodles@...com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: linux-next: manual merge of the random tree with the tip tree

Hi all,

Today's linux-next merge of the random tree got conflicts in:

  arch/x86/include/uapi/asm/bootparam.h
  arch/x86/kernel/kexec-bzimage64.c
  arch/x86/kernel/setup.c

between commit:

  b69a2afd5afc ("x86/kexec: Carry forward IMA measurement log on kexec")

from the tip tree and commit:

  c337d5c7ec9b ("x86/setup: Use rng seeds from setup_data")

from the random tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc arch/x86/include/uapi/asm/bootparam.h
index ca0796ac4403,a60676b8d1d4..000000000000
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
@@@ -11,7 -11,7 +11,8 @@@
  #define SETUP_APPLE_PROPERTIES		5
  #define SETUP_JAILHOUSE			6
  #define SETUP_CC_BLOB			7
 -#define SETUP_RNG_SEED			8
 +#define SETUP_IMA			8
++#define SETUP_RNG_SEED			9
  
  #define SETUP_INDIRECT			(1<<31)
  
diff --cc arch/x86/kernel/kexec-bzimage64.c
index c63974e94272,13b2c55ebbf0..000000000000
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@@ -217,7 -212,8 +239,8 @@@ static in
  setup_boot_parameters(struct kimage *image, struct boot_params *params,
  		      unsigned long params_load_addr,
  		      unsigned int efi_map_offset, unsigned int efi_map_sz,
- 		      unsigned int setup_data_offset)
 -		      unsigned int efi_setup_data_offset,
++		      unsigned int setup_data_offset,
+ 		      unsigned int rng_seed_setup_data_offset)
  {
  	unsigned int nr_e820_entries;
  	unsigned long long mem_k, start, end;
@@@ -435,12 -427,10 +461,14 @@@ static void *bzImage64_load(struct kima
  	params_cmdline_sz = ALIGN(params_cmdline_sz, 16);
  	kbuf.bufsz = params_cmdline_sz + ALIGN(efi_map_sz, 16) +
  				sizeof(struct setup_data) +
- 				sizeof(struct efi_setup_data);
+ 				sizeof(struct efi_setup_data) +
+ 				sizeof(struct setup_data) +
+ 				RNG_SEED_LENGTH;
  
 +	if (IS_ENABLED(CONFIG_IMA_KEXEC))
 +		kbuf.bufsz += sizeof(struct setup_data) +
 +			      sizeof(struct ima_setup_data);
 +
  	params = kzalloc(kbuf.bufsz, GFP_KERNEL);
  	if (!params)
  		return ERR_PTR(-ENOMEM);
diff --cc arch/x86/kernel/setup.c
index 53f863f28b4c,409de5308a8c..000000000000
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@@ -415,9 -356,15 +416,18 @@@ static void __init parse_setup_data(voi
  		case SETUP_EFI:
  			parse_efi_setup(pa_data, data_len);
  			break;
 +		case SETUP_IMA:
 +			add_early_ima_buffer(pa_data);
 +			break;
+ 		case SETUP_RNG_SEED:
+ 			data = early_memremap(pa_data, data_len);
+ 			add_bootloader_randomness(data->data, data->len);
+ 			/* Zero seed for forward secrecy. */
+ 			memzero_explicit(data->data, data->len);
+ 			/* Zero length in case we find ourselves back here by accident. */
+ 			memzero_explicit(&data->len, sizeof(data->len));
+ 			early_memunmap(data, data_len);
+ 			break;
  		default:
  			break;
  		}

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ