From: George Spelvin <lkml@SDF.ORG>
To: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
lkml@sdf.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Hsin-Yi Wang <hsinyi@chromium.org>
Subject: [PATCH v2] arm64: kexec_file: Avoid temp buffer for RNG seed
Date: Mon, 30 Mar 2020 17:38:01 +0000 [thread overview]
Message-ID: <20200330173801.GA9199@SDF.ORG> (raw)
In-Reply-To: <20200330133701.GA10633@willie-the-truck>
After using get_random_bytes(), you want to wipe the buffer
afterward so the seed remains secret.
In this case, we can eliminate the temporary buffer entirely.
fdt_setprop_placeholder() returns a pointer to the property value
buffer, allowing us to put the random data directly in there without
using a temporary buffer at all. Faster and less stack all in one.
Signed-off-by: George Spelvin <lkml@sdf.org>
Acked-by: Will Deacon <will@kernel.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
---
v2: Typos in commit message fixed.
Thank you, I'd be delighted if you'd apply it to the arm64 tree directly!
I can take it out of my patch series and off my plate.
Now that I'm looking at it some more, I want to change
fdt_setprop_placeholder to return an ERR_PTR.
Must. Stop. Scope. Creep.
arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 7b08bf9499b6b..69e25bb96e3fb 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -106,12 +106,12 @@ static int setup_dtb(struct kimage *image,
/* add rng-seed */
if (rng_is_initialized()) {
- u8 rng_seed[RNG_SEED_SIZE];
- get_random_bytes(rng_seed, RNG_SEED_SIZE);
- ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
- RNG_SEED_SIZE);
+ void *rng_seed;
+ ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED,
+ RNG_SEED_SIZE, &rng_seed);
if (ret)
goto out;
+ get_random_bytes(rng_seed, RNG_SEED_SIZE);
} else {
pr_notice("RNG is not initialised: omitting \"%s\" property\n",
FDT_PROP_RNG_SEED);
--
2.26.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: George Spelvin <lkml@SDF.ORG>
To: Will Deacon <will@kernel.org>
Cc: linux-kernel@vger.kernel.org, Hsin-Yi Wang <hsinyi@chromium.org>,
Catalin Marinas <catalin.marinas@arm.com>,
linux-arm-kernel@lists.infradead.org, lkml@sdf.org
Subject: [PATCH v2] arm64: kexec_file: Avoid temp buffer for RNG seed
Date: Mon, 30 Mar 2020 17:38:01 +0000 [thread overview]
Message-ID: <20200330173801.GA9199@SDF.ORG> (raw)
In-Reply-To: <20200330133701.GA10633@willie-the-truck>
After using get_random_bytes(), you want to wipe the buffer
afterward so the seed remains secret.
In this case, we can eliminate the temporary buffer entirely.
fdt_setprop_placeholder() returns a pointer to the property value
buffer, allowing us to put the random data directly in there without
using a temporary buffer at all. Faster and less stack all in one.
Signed-off-by: George Spelvin <lkml@sdf.org>
Acked-by: Will Deacon <will@kernel.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
---
v2: Typos in commit message fixed.
Thank you, I'd be delighted if you'd apply it to the arm64 tree directly!
I can take it out of my patch series and off my plate.
Now that I'm looking at it some more, I want to change
fdt_setprop_placeholder to return an ERR_PTR.
Must. Stop. Scope. Creep.
arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 7b08bf9499b6b..69e25bb96e3fb 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -106,12 +106,12 @@ static int setup_dtb(struct kimage *image,
/* add rng-seed */
if (rng_is_initialized()) {
- u8 rng_seed[RNG_SEED_SIZE];
- get_random_bytes(rng_seed, RNG_SEED_SIZE);
- ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
- RNG_SEED_SIZE);
+ void *rng_seed;
+ ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED,
+ RNG_SEED_SIZE, &rng_seed);
if (ret)
goto out;
+ get_random_bytes(rng_seed, RNG_SEED_SIZE);
} else {
pr_notice("RNG is not initialised: omitting \"%s\" property\n",
FDT_PROP_RNG_SEED);
--
2.26.0
next prev parent reply other threads:[~2020-03-30 17:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 15:45 [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed George Spelvin
2019-12-10 15:45 ` George Spelvin
2020-03-28 19:04 ` Hsin-Yi Wang
2020-03-28 19:04 ` Hsin-Yi Wang
2020-03-30 11:07 ` Mark Rutland
2020-03-30 11:07 ` Mark Rutland
2020-03-30 13:37 ` Will Deacon
2020-03-30 13:37 ` Will Deacon
2020-03-30 17:38 ` George Spelvin [this message]
2020-03-30 17:38 ` [PATCH v2] arm64: " George Spelvin
2020-04-28 14:49 ` Will Deacon
2020-04-28 14:49 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200330173801.GA9199@SDF.ORG \
--to=lkml@sdf.org \
--cc=catalin.marinas@arm.com \
--cc=hsinyi@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.