lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+fCnZftrStjxy-Wu+Zb5K2o2E_34dQis6qDiQnEQ3O2GTYBDA@mail.gmail.com>
Date: Wed, 14 Aug 2024 19:25:27 +0200
From: Andrey Konovalov <andreyknvl@...il.com>
To: Catalin Marinas <catalin.marinas@....com>
Cc: Samuel Holland <samuel.holland@...ive.com>, linux-arm-kernel@...ts.infradead.org, 
	Andrew Morton <akpm@...ux-foundation.org>, Ard Biesheuvel <ardb@...nel.org>, 
	Douglas Anderson <dianders@...omium.org>, Frederic Weisbecker <frederic@...nel.org>, 
	James Morse <james.morse@....com>, Jonathan Cameron <Jonathan.Cameron@...wei.com>, 
	Mark Rutland <mark.rutland@....com>, Puranjay Mohan <puranjay@...nel.org>, 
	"Russell King (Oracle)" <rmk+kernel@...linux.org.uk>, Ryo Takakura <takakura@...inux.co.jp>, 
	Shaoqin Huang <shahuang@...hat.com>, Stephen Boyd <swboyd@...omium.org>, 
	Thomas Gleixner <tglx@...utronix.de>, Will Deacon <will@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: Fix KASAN random tag seed initialization

On Wed, Aug 14, 2024 at 6:19 PM Catalin Marinas <catalin.marinas@....com> wrote:
>
> On Wed, Aug 14, 2024 at 02:09:53AM -0700, Samuel Holland wrote:
> > Currently, kasan_init_sw_tags() is called before setup_per_cpu_areas(),
> > so per_cpu(prng_state, cpu) accesses the same address regardless of the
> > value of "cpu", and the same seed value gets copied to the percpu area
> > for every CPU. Fix this by moving the call to smp_prepare_boot_cpu(),
> > which is the first architecture hook after setup_per_cpu_areas().
>
> Even with the fix, given the lower resolution of get_cycles(), there's a
> good chance that we still have the same seed on all CPUs. If we want
> separate seeds, a better bet would be to initialise each CPU separately
> via the secondary_start_kernel() path. I'll let the KASAN people comment
> on whether that's important.

I think it's fine if we end up with the same seed: SW_TAGS KASAN is
just a debugging feature, not a mitigation. We just want some kind of
randomness.

Calling kasan_init_sw_tags() after setup_per_cpu_areas() seems
reasonable though.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ