lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZrzY8Kk-1PwZlezI@arm.com>
Date: Wed, 14 Aug 2024 17:18:56 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Samuel Holland <samuel.holland@...ive.com>
Cc: linux-arm-kernel@...ts.infradead.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andrey Konovalov <andreyknvl@...il.com>,
	Ard Biesheuvel <ardb@...nel.org>,
	Douglas Anderson <dianders@...omium.org>,
	Frederic Weisbecker <frederic@...nel.org>,
	James Morse <james.morse@....com>,
	Jonathan Cameron <Jonathan.Cameron@...wei.com>,
	Mark Rutland <mark.rutland@....com>,
	Puranjay Mohan <puranjay@...nel.org>,
	"Russell King (Oracle)" <rmk+kernel@...linux.org.uk>,
	Ryo Takakura <takakura@...inux.co.jp>,
	Shaoqin Huang <shahuang@...hat.com>,
	Stephen Boyd <swboyd@...omium.org>,
	Thomas Gleixner <tglx@...utronix.de>, Will Deacon <will@...nel.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: Fix KASAN random tag seed initialization

On Wed, Aug 14, 2024 at 02:09:53AM -0700, Samuel Holland wrote:
> Currently, kasan_init_sw_tags() is called before setup_per_cpu_areas(),
> so per_cpu(prng_state, cpu) accesses the same address regardless of the
> value of "cpu", and the same seed value gets copied to the percpu area
> for every CPU. Fix this by moving the call to smp_prepare_boot_cpu(),
> which is the first architecture hook after setup_per_cpu_areas().

Even with the fix, given the lower resolution of get_cycles(), there's a
good chance that we still have the same seed on all CPUs. If we want
separate seeds, a better bet would be to initialise each CPU separately
via the secondary_start_kernel() path. I'll let the KASAN people comment
on whether that's important.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ