lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <SN6PR02MB4157B61CA09C0DAF0BB994E1D4212@SN6PR02MB4157.namprd02.prod.outlook.com>
Date: Wed, 6 Mar 2024 17:43:41 +0000
From: Michael Kelley <mhklinux@...look.com>
To: "wei.liu@...nel.org" <wei.liu@...nel.org>
CC: "haiyangz@...rosoft.com" <haiyangz@...rosoft.com>, "decui@...rosoft.com"
	<decui@...rosoft.com>, "tglx@...utronix.de" <tglx@...utronix.de>,
	"mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de" <bp@...en8.de>,
	"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "hpa@...or.com"
	<hpa@...or.com>, "arnd@...db.de" <arnd@...db.de>, "tytso@....edu"
	<tytso@....edu>, "Jason@...c4.com" <Jason@...c4.com>, "x86@...nel.org"
	<x86@...nel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "linux-hyperv@...r.kernel.org"
	<linux-hyperv@...r.kernel.org>, "linux-arch@...r.kernel.org"
	<linux-arch@...r.kernel.org>, Saurabh Singh Sengar <ssengar@...rosoft.com>,
	Long Li <longli@...rosoft.com>
Subject: RE: [PATCH 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random
 number generator

From: wei.liu@...nel.org @ 2024-03-04  6:57 UTC
> 
> > +void __init ms_hyperv_late_init(void)
> > +{
> > +	struct acpi_table_header *header;
> > +	acpi_status status;
> > +	u8 *randomdata;
> > +	u32 length, i;
> > +
> > +	/*
> > +	 * Seed the Linux random number generator with entropy provided by
> > +	 * the Hyper-V host in ACPI table OEM0.  It would be nice to do this
> > +	 * even earlier in ms_hyperv_init_platform(), but the ACPI subsystem
> > +	 * isn't set up at that point. Skip if booted via EFI as generic EFI
> > +	 * code has already done some seeding using the EFI RNG protocol.
> > +	 */
> > +	if (!IS_ENABLED(CONFIG_ACPI) || efi_enabled(EFI_BOOT))
> > +		return;
> > +
> > +	status = acpi_get_table("OEM0", 0, &header);
> > +	if (ACPI_FAILURE(status) || !header) {
> > +		pr_info("Hyper-V: ACPI table OEM0 not found\n");
> 
> I would like this to be a pr_debug() instead of pr_info(), considering
> using the negative case may cause users to think not having this table
> can be problematic.
> 
> Alternatively, we can remove this message here, and then ...
> 
> > +		return;
> > +	}
> > +
> 
> ... add a pr_debug() here to indicate that the table was found.
> 
> 	pr_info("Hyper-V: Seeding randomness with data from ACPI table OEM0\n");

You wrote the code as "pr_info()" but your comment suggests "pr_debug()".
I'm assuming pr_debug() is better because we don't really need any output
on success or failure. If trying to debug something related to the rng,
even with no explicit output it's relatively easy to tell whether a Gen1 VM
picked up any entropy from the OEM0 table.  When it does, this dmesg
line will appear much earlier than when it does not.

[    0.000000] random: crng init done

I'll spin a v2 with this tweak and your wording comment on the
commit message.

Michael

> 
> Dexuan, Saurabh, Haiyang and Long, can you give an ack or nack to this
> patch and help test it?
> 
> Thanks,
> Wei.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ