From: Kees Cook <keescook@chromium.org>
To: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Kate Stewart <kstewart@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mukesh Ojha <mojha@codeaurora.org>,
Grzegorz Halat <ghalat@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Guenter Roeck <groeck@chromium.org>,
Will Deacon <will@kernel.org>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Rob Herring <robh@kernel.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
Anders Roxell <anders.roxell@linaro.org>,
Yury Norov <ynorov@marvell.com>, Marc Zyngier <maz@kernel.org>,
Russell King <linux@armlinux.org.uk>,
Aaro Koskinen <aaro.koskinen@nokia.com>,
Ingo Molnar <mingo@redhat.com>,
Viresh Kumar <viresh.kumar@linaro.org>,
Waiman Long <longman@redhat.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
Wei Li <liwei391@huawei.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Len Brown <len.brown@intel.com>, Arnd Bergmann <arnd@arndb.de>,
Rik van Riel <riel@surriel.com>,
Stephen Boyd <swboyd@chromium.org>,
Shaokun Zhang <zhangshaokun@hisilicon.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Borislav Petkov <bp@alien8.de>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
"moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE"
<linux-arm-kernel@lists.infradead.org>,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Marcelo Tosatti <mtosatti@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
Armijn Hemel <armijn@tjaldur.nl>, Jiri Kosina <jkosina@suse.cz>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Andrew Morton <akpm@linux-foundation.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH v9 2/3] fdt: add support for rng-seed
Date: Thu, 29 Aug 2019 09:22:28 -0700 [thread overview]
Message-ID: <201908290921.1F0FCC9E5@keescook> (raw)
In-Reply-To: <CAJMQK-iDoPxbFUH3JUeJ7SehCptZOnjKZiUoFd1PqLjDdGHujA@mail.gmail.com>
On Thu, Aug 29, 2019 at 06:03:57PM +0800, Hsin-Yi Wang wrote:
> On Thu, Aug 29, 2019 at 1:36 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > Can this please be a boot param (with the default controlled by the
> > CONFIG)? See how CONFIG_RANDOM_TRUST_CPU is wired up...
> >
> > -Kees
> >
>
> Currently rng-seed read and added in setup_arch() -->
> setup_machine_fdt().. -> early_init_dt_scan_chosen(), which is earlier
> than parse_early_param() that initializes early_param.
>
> If we want to set it as a boot param, add_bootloader_randomness() can
> only be called after parse_early_param(). The seed can't be directly
> added to pool after it's read in. We need to store into global
> variable and load it later.
> If this seems okay then I'll add a patch for this. Thanks
This seems like a good idea to me.
>
> --- a/drivers/of/fdt.c
> +++ b/drivers/of/fdt.c
> @@ -1096,13 +1096,15 @@ static const char *config_cmdline = CONFIG_CMDLINE;
>
> +const void* rng_seed;
> +int rng_seed_len;
These should be __initdata, yes?
> +
> int __init early_init_dt_scan_chosen(unsigned long node, const char *uname,
> int depth,
> void *data)
> {
> int l = 0;
> const char *p = NULL;
> char *cmdline = data;
> - const void *rng_seed;
>
> pr_debug("search \"chosen\", depth: %d, uname: %s\n", depth, uname);
>
> @@ -1137,10 +1139,8 @@ int __init early_init_dt_scan_chosen(unsigned
> long node, const char *uname,
>
> pr_debug("Command line is: %s\n", (char*)data);
>
> - rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l);
> - if (rng_seed && l > 0) {
> - add_bootloader_randomness(rng_seed, l); //
> Originally it's added to entropy pool here
> -
> + rng_seed = of_get_flat_dt_prop(node, "rng-seed", &rng_seed_len);
> + if (rng_seed && rng_seed_len > 0) {
> /* try to clear seed so it won't be found. */
>
> diff --git a/include/linux/random.h b/include/linux/random.h
> index 831a002a1882..946840bba7c1 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -31,6 +31,15 @@ static inline void add_latent_entropy(void)
> static inline void add_latent_entropy(void) {}
> #endif
>
> +extern const void* rng_seed;
> +extern int rng_seed_len;
> +
> +static inline void add_bootloader_entropy(void)
> +{
> + if (rng_seed && rng_seed_len > 0)
> + add_bootloader_randomness(rng_seed, rng_seed_len);
> +}
And this should be __init
> +
> extern void add_input_randomness(unsigned int type, unsigned int code,
> unsigned int value) __latent_entropy;
> extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
> diff --git a/init/main.c b/init/main.c
> index 71847af32e4e..f74a8c7b34af 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -645,6 +645,7 @@ asmlinkage __visible void __init start_kernel(void)
> * - adding command line entropy
> */
> rand_initialize();
> + add_bootloader_entropy();
> add_latent_entropy();
> add_device_randomness(command_line, strlen(command_line));
> boot_init_stack_canary();
But yeah, looks reasonable to me.
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Stephen Boyd <swboyd@chromium.org>,
"Theodore Y . Ts'o" <tytso@mit.edu>,
"moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE"
<linux-arm-kernel@lists.infradead.org>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H . Peter Anvin" <hpa@zytor.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
"David S . Miller" <davem@davemloft.net>,
Viresh Kumar <viresh.kumar@linaro.org>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Arnd Bergmann <arnd@arndb.de>, Marc Zyngier <maz@kernel.org>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Wei Li <liwei391@huawei.com>,
Anders Roxell <anders.roxell@linaro.org>,
Rob Herring <robh@kernel.org>,
Aaro Koskinen <aaro.koskinen@nokia.com>,
Daniel Thompson <daniel.thompson@linaro.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
Rik van Riel <riel@surriel.com>, Waiman Long <longman@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Armijn Hemel <armijn@tjaldur.nl>,
Grzegorz Halat <ghalat@redhat.com>,
Len Brown <len.brown@intel.com>,
Shaokun Zhang <zhangshaokun@hisilicon.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Guenter Roeck <groeck@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Yury Norov <ynorov@marvell.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Jiri Kosina <jkosina@suse.cz>, Mukesh Ojha <mojha@codeaurora.org>,
lkml <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v9 2/3] fdt: add support for rng-seed
Date: Thu, 29 Aug 2019 09:22:28 -0700 [thread overview]
Message-ID: <201908290921.1F0FCC9E5@keescook> (raw)
In-Reply-To: <CAJMQK-iDoPxbFUH3JUeJ7SehCptZOnjKZiUoFd1PqLjDdGHujA@mail.gmail.com>
On Thu, Aug 29, 2019 at 06:03:57PM +0800, Hsin-Yi Wang wrote:
> On Thu, Aug 29, 2019 at 1:36 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > Can this please be a boot param (with the default controlled by the
> > CONFIG)? See how CONFIG_RANDOM_TRUST_CPU is wired up...
> >
> > -Kees
> >
>
> Currently rng-seed read and added in setup_arch() -->
> setup_machine_fdt().. -> early_init_dt_scan_chosen(), which is earlier
> than parse_early_param() that initializes early_param.
>
> If we want to set it as a boot param, add_bootloader_randomness() can
> only be called after parse_early_param(). The seed can't be directly
> added to pool after it's read in. We need to store into global
> variable and load it later.
> If this seems okay then I'll add a patch for this. Thanks
This seems like a good idea to me.
>
> --- a/drivers/of/fdt.c
> +++ b/drivers/of/fdt.c
> @@ -1096,13 +1096,15 @@ static const char *config_cmdline = CONFIG_CMDLINE;
>
> +const void* rng_seed;
> +int rng_seed_len;
These should be __initdata, yes?
> +
> int __init early_init_dt_scan_chosen(unsigned long node, const char *uname,
> int depth,
> void *data)
> {
> int l = 0;
> const char *p = NULL;
> char *cmdline = data;
> - const void *rng_seed;
>
> pr_debug("search \"chosen\", depth: %d, uname: %s\n", depth, uname);
>
> @@ -1137,10 +1139,8 @@ int __init early_init_dt_scan_chosen(unsigned
> long node, const char *uname,
>
> pr_debug("Command line is: %s\n", (char*)data);
>
> - rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l);
> - if (rng_seed && l > 0) {
> - add_bootloader_randomness(rng_seed, l); //
> Originally it's added to entropy pool here
> -
> + rng_seed = of_get_flat_dt_prop(node, "rng-seed", &rng_seed_len);
> + if (rng_seed && rng_seed_len > 0) {
> /* try to clear seed so it won't be found. */
>
> diff --git a/include/linux/random.h b/include/linux/random.h
> index 831a002a1882..946840bba7c1 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -31,6 +31,15 @@ static inline void add_latent_entropy(void)
> static inline void add_latent_entropy(void) {}
> #endif
>
> +extern const void* rng_seed;
> +extern int rng_seed_len;
> +
> +static inline void add_bootloader_entropy(void)
> +{
> + if (rng_seed && rng_seed_len > 0)
> + add_bootloader_randomness(rng_seed, rng_seed_len);
> +}
And this should be __init
> +
> extern void add_input_randomness(unsigned int type, unsigned int code,
> unsigned int value) __latent_entropy;
> extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
> diff --git a/init/main.c b/init/main.c
> index 71847af32e4e..f74a8c7b34af 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -645,6 +645,7 @@ asmlinkage __visible void __init start_kernel(void)
> * - adding command line entropy
> */
> rand_initialize();
> + add_bootloader_entropy();
> add_latent_entropy();
> add_device_randomness(command_line, strlen(command_line));
> boot_init_stack_canary();
But yeah, looks reasonable to me.
--
Kees Cook
next prev parent reply other threads:[~2019-08-29 16:22 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-22 7:15 [PATCH v9 0/3] add support for rng-seed Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
2019-08-22 7:15 ` [PATCH v9 1/3] arm64: map FDT as RW for early_init_dt_scan() Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
2019-08-22 7:15 ` [PATCH v9 2/3] fdt: add support for rng-seed Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
2019-08-22 16:03 ` Theodore Y. Ts'o
2019-08-22 16:03 ` Theodore Y. Ts'o
2019-08-22 17:39 ` Stephen Boyd
2019-08-22 17:39 ` Stephen Boyd
2019-08-24 19:04 ` Kees Cook
2019-08-24 19:04 ` Kees Cook
2019-08-29 10:03 ` Hsin-Yi Wang
2019-08-29 10:03 ` Hsin-Yi Wang
2019-08-29 15:45 ` Theodore Y. Ts'o
2019-08-29 15:45 ` Theodore Y. Ts'o
2019-08-29 16:25 ` Kees Cook
2019-08-29 16:22 ` Kees Cook [this message]
2019-08-29 16:22 ` Kees Cook
2019-08-22 7:15 ` [PATCH v9 3/3] arm64: kexec_file: add rng-seed support Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201908290921.1F0FCC9E5@keescook \
--to=keescook@chromium.org \
--cc=aaro.koskinen@nokia.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=anders.roxell@linaro.org \
--cc=armijn@tjaldur.nl \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=daniel.thompson@linaro.org \
--cc=davem@davemloft.net \
--cc=ghalat@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=hpa@zytor.com \
--cc=hsinyi@chromium.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kstewart@linuxfoundation.org \
--cc=len.brown@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=liwei391@huawei.com \
--cc=longman@redhat.com \
--cc=m.szyprowski@samsung.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mojha@codeaurora.org \
--cc=mtosatti@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=riel@surriel.com \
--cc=robh@kernel.org \
--cc=rppt@linux.vnet.ibm.com \
--cc=swboyd@chromium.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=tytso@mit.edu \
--cc=viresh.kumar@linaro.org \
--cc=will@kernel.org \
--cc=ynorov@marvell.com \
--cc=zhangshaokun@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.