lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Aug 2022 01:24:28 +0200 From: "Jason A. Donenfeld" <Jason@...c4.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org Subject: [GIT PULL] random number generator updates for 6.0-rc1 Hi Linus, Please pull the following random number generator updates for 6.0-rc1. Though there's been a decent amount of RNG-related development during this last cycle, not all of it is coming through this tree, as this cycle saw a shift toward tackling early boot time seeding issues, which took place in other trees as well. Here's a summary of the various patches: - The CONFIG_ARCH_RANDOM .config option and the "nordrand" boot option have been removed, as they overlapped with the more widely supported and more sensible options, CONFIG_RANDOM_TRUST_CPU and "random.trust_cpu". This change allowed simplifying a bit of arch code. There will be a trivial whitespace merge conflict here with the powerpc tree, fixed up by Stephen in next some time ago. - x86's RDRAND boot time test has been made a bit more robust, with RDRAND disabled if it's clearly producing bogus results. This would be a tip.git commit, technically, but I took it through random.git to avoid a large merge conflict. - The RNG has long since mixed in a timestamp very early in boot, on the premise that a computer that does the same things, but does so starting at different points in wall time, could be made to still produce a different RNG state. Unfortunately, the clock isn't set early in boot on all systems, so now we mix in that timestamp when the time is actually set. - User Mode Linux now uses the host OS's getrandom() syscall to generate a bootloader RNG seed and later on treats getrandom() as the platform's RDRAND-like faculty. - The arch_get_random_{seed_,}_long() family of functions is now arch_get_random_{seed_,}_longs(), which enables certain platforms, such as s390, to exploit considerable performance advantages from requesting multiple CPU random numbers at once, while at the same time compiling down to the same code as before on platforms like x86. There will be another simple merge conflict here, also fixed up by Stephen in next some time ago. - A small cleanup changing a cmpxchg() into a try_cmpxchg(), from Uros. - A comment spelling fix. - Not in this pull: on x86 and m68k, there is now a mechanism for bootloaders, hypervisors, and kexec to pass a random seed to the kernel for initializing the RNG. These platform-specific mechanisms aren't actually in this pull, but will come via the x86 tree and the m68k tree, but they are worth mentioning nonetheless. Device tree-based architectures have had this capability since 2019, via the little-used "rng-seed" parameter in the FDT, and EFI has its own similar thing since 2016, but platforms with neither FDT nor EFI were left out. These changes correspond with related work in QEMU, slated for release in 7.1, as well as in kexec-tools, which add support for these bootloader RNG seed mechanisms, both the new ones for x86 and m68k, as well as finally making use of the "rng-seed" FDT parameter on missing applicable platforms. Taken together, these represent a small step toward eliminating the boot time entropy issue, at least from the kernel's perspective, by providing a means of passing the responsibility up the chain a level. Hypervisors and kexec are obviously in an excellent position to provide this, which is why I've added it there first. But also, this opens up opportunities for bootloaders to safely manage seed files, much like has been done on the BSDs and various other operating systems for a long time. And some arm64 firmware is already providing this through the "rng-seed" FDT parameter. - Not in this pull: s390 and ppc had a bit of trouble providing CPU random numbers early enough in boot to be useful for seeding the RNG. Various fixes for these were taken through the respective arch trees, some during 5.19 with a few more left for 5.20. Thanks, Jason The following changes since commit 829d680e82a961c5370d9636130b43009ac36eb8: random: cap jitter samples per bit to factor of HZ (2022-07-16 10:42:12 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git tags/random-6.0-rc1-for-linus for you to fetch changes up to 7f637be4d46029bd7700c9f244945a42dbd976fa: random: correct spelling of "overwrites" (2022-07-30 01:13:02 +0200) ---------------------------------------------------------------- Random number generator updates for Linux 6.0-rc1. ---------------------------------------------------------------- Jason A. Donenfeld (6): random: remove CONFIG_ARCH_RANDOM x86/rdrand: Remove "nordrand" flag in favor of "random.trust_cpu" timekeeping: contribute wall clock to rng on time change um: seed rng using host OS rng random: handle archrandom with multiple longs random: correct spelling of "overwrites" Uros Bizjak (1): random: use try_cmpxchg in _credit_init_bits Documentation/admin-guide/kernel-parameters.txt | 5 - arch/arm/include/asm/archrandom.h | 2 + arch/arm64/Kconfig | 8 -- arch/arm64/include/asm/archrandom.h | 112 +++++++++------------ arch/arm64/kernel/cpufeature.c | 2 - arch/arm64/kernel/kaslr.c | 2 +- arch/powerpc/Kconfig | 3 - arch/powerpc/include/asm/archrandom.h | 33 ++---- arch/powerpc/include/asm/machdep.h | 2 - arch/powerpc/kvm/book3s_hv.c | 2 +- arch/powerpc/platforms/microwatt/Kconfig | 1 - arch/powerpc/platforms/powernv/Kconfig | 1 - arch/powerpc/platforms/pseries/Kconfig | 1 - arch/s390/Kconfig | 15 --- arch/s390/configs/zfcpdump_defconfig | 1 - arch/s390/crypto/Makefile | 2 +- arch/s390/include/asm/archrandom.h | 32 ++---- arch/s390/kernel/setup.c | 2 - arch/um/include/asm/archrandom.h | 25 +++++ arch/um/include/shared/os.h | 7 ++ arch/um/kernel/um_arch.c | 8 ++ arch/um/os-Linux/util.c | 6 ++ arch/x86/Kconfig | 9 -- arch/x86/include/asm/archrandom.h | 55 ++-------- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/rdrand.c | 59 ++++------- arch/x86/kernel/espfix_64.c | 2 +- drivers/char/Kconfig | 1 - drivers/char/hw_random/s390-trng.c | 9 -- drivers/char/random.c | 51 ++++++---- include/asm-generic/Kbuild | 1 + include/asm-generic/archrandom.h | 15 +++ include/linux/random.h | 21 ++-- kernel/time/timekeeping.c | 7 +- .../testing/selftests/wireguard/qemu/kernel.config | 1 - 35 files changed, 205 insertions(+), 300 deletions(-) create mode 100644 arch/um/include/asm/archrandom.h create mode 100644 include/asm-generic/archrandom.h
Powered by blists - more mailing lists