Re: [PATCH v7 1/3] random: add vgetrandom_alloc() syscall

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Gleixner <tglx@linutronix.de>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	linux-kernel@vger.kernel.org, patches@lists.linux.dev
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	linux-crypto@vger.kernel.org, linux-api@vger.kernel.org,
	x86@kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
	Carlos O'Donell <carlos@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	Arnd Bergmann <arnd@arndb.de>,
	Christian Brauner <brauner@kernel.org>
Subject: Re: [PATCH v7 1/3] random: add vgetrandom_alloc() syscall
Date: Fri, 25 Nov 2022 21:45:31 +0100	[thread overview]
Message-ID: <87bkouyd90.ffs@tglx> (raw)
In-Reply-To: <20221124165536.1631325-2-Jason@zx2c4.com>

On Thu, Nov 24 2022 at 17:55, Jason A. Donenfeld wrote:
> ---
>  MAINTAINERS                             |  1 +
>  arch/x86/Kconfig                        |  1 +
>  arch/x86/entry/syscalls/syscall_64.tbl  |  1 +
>  arch/x86/include/asm/unistd.h           |  1 +
>  drivers/char/random.c                   | 59 +++++++++++++++++++++++++
>  include/uapi/asm-generic/unistd.h       |  7 ++-
>  kernel/sys_ni.c                         |  3 ++
>  lib/vdso/getrandom.h                    | 23 ++++++++++
>  scripts/checksyscalls.sh                |  4 ++
>  tools/include/uapi/asm-generic/unistd.h |  7 ++-
>  10 files changed, 105 insertions(+), 2 deletions(-)
>  create mode 100644 lib/vdso/getrandom.h

I think I asked for this before:

Please split these things properly up. Provide the syscall and then wire
it up.

> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 67745ceab0db..331e21ba961a 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -59,6 +59,7 @@ config X86
>  	#
>  	select ACPI_LEGACY_TABLES_LOOKUP	if ACPI
>  	select ACPI_SYSTEM_POWER_STATES_SUPPORT	if ACPI
> +	select ADVISE_SYSCALLS			if X86_64

Why is this x86_64 specific?

> --- a/arch/x86/include/asm/unistd.h
> +++ b/arch/x86/include/asm/unistd.h
> @@ -27,6 +27,7 @@
>  #  define __ARCH_WANT_COMPAT_SYS_PWRITEV64
>  #  define __ARCH_WANT_COMPAT_SYS_PREADV64V2
>  #  define __ARCH_WANT_COMPAT_SYS_PWRITEV64V2
> +#  define __ARCH_WANT_VGETRANDOM_ALLOC

So instead of this define, why can't you do:

config VGETRADOM_ALLOC
       bool
       select ADVISE_SYSCALLS

and then have

config GENERIC_VDSO_RANDOM_WHATEVER
       bool
       select VGETRANDOM_ALLOC

This gives a clear Kconfig dependency instead of the random
ADVISE_SYSCALLS select.

>--- a/drivers/char/random.c
> +++ b/drivers/char/random.c

> +#include "../../lib/vdso/getrandom.h"

Seriously?

include/vdso/ exists for a reason.

> +#ifdef __ARCH_WANT_VGETRANDOM_ALLOC
> +/*
> + * The vgetrandom() function in userspace requires an opaque state, which this
> + * function provides to userspace, by mapping a certain number of special pages
> + * into the calling process. It takes a hint as to the number of opaque states
> + * desired, and returns the number of opaque states actually allocated, the
> + * size of each one in bytes, and the address of the first state.

As this is a syscall which can be invoked outside of the VDSO, can you
please provide proper kernel-doc which explains the arguments, the
functionality and the return value?

> + */
> +SYSCALL_DEFINE3(vgetrandom_alloc, unsigned int __user *, num,
> +		unsigned int __user *, size_per_each, unsigned int, flags)
> +{
> +	size_t alloc_size, num_states;
> +	unsigned long pages_addr;
> +	unsigned int num_hint;
> +	int ret;
> +
> +	if (flags)
> +		return -EINVAL;
> +
> +	if (get_user(num_hint, num))
> +		return -EFAULT;
> +
> +	num_states = clamp_t(size_t, num_hint, 1, (SIZE_MAX & PAGE_MASK) / sizeof(struct vgetrandom_state));
> +	alloc_size = PAGE_ALIGN(num_states * sizeof(struct vgetrandom_state));
> +
> +	if (put_user(alloc_size / sizeof(struct vgetrandom_state), num) ||
> +	    put_user(sizeof(struct vgetrandom_state), size_per_each))
> +		return -EFAULT;

That's a total of four sizeof(struct vgetrandom_state) usage sites.

       size_t state_size = sizeof(struct vgetrandom_state);

perhaps?

> diff --git a/lib/vdso/getrandom.h b/lib/vdso/getrandom.h
> new file mode 100644
> index 000000000000..c7f727db2aaa
> --- /dev/null
> +++ b/lib/vdso/getrandom.h

Wrong place. See above.

> @@ -0,0 +1,23 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright (C) 2022 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
> + */
> +
> +#ifndef _VDSO_LIB_GETRANDOM_H
> +#define _VDSO_LIB_GETRANDOM_H
> +
> +#include <crypto/chacha.h>
> +
> +struct vgetrandom_state {
> +	union {
> +		struct {
> +			u8 batch[CHACHA_BLOCK_SIZE * 3 / 2];
> +			u32 key[CHACHA_KEY_SIZE / sizeof(u32)];
> +		};
> +		u8 batch_key[CHACHA_BLOCK_SIZE * 2];
> +	};
> +	unsigned long generation;
> +	u8 pos;
> +};

Thanks,

        tglx

next prev parent reply	other threads:[~2022-11-25 20:45 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-24 16:55 [PATCH v7 0/3] implement getrandom() in vDSO Jason A. Donenfeld
2022-11-24 16:55 ` [PATCH v7 1/3] random: add vgetrandom_alloc() syscall Jason A. Donenfeld
2022-11-25 20:45   ` Thomas Gleixner [this message]
2022-11-27 20:18     ` Jason A. Donenfeld
2022-11-28  9:12       ` Thomas Gleixner
2022-11-28 13:54       ` Arnd Bergmann
2022-11-28 17:17         ` Jason A. Donenfeld
2022-11-24 16:55 ` [PATCH v7 2/3] random: introduce generic vDSO getrandom() implementation Jason A. Donenfeld
2022-11-25 22:39   ` Thomas Gleixner
2022-11-27 21:52     ` Jason A. Donenfeld
2022-11-28  9:25       ` Thomas Gleixner
2022-11-24 16:55 ` [PATCH v7 3/3] x86: vdso: Wire up getrandom() vDSO implementation Jason A. Donenfeld
2022-11-25 23:08   ` Thomas Gleixner
2022-11-27 22:07     ` Jason A. Donenfeld
2022-11-27 22:39       ` Samuel Neves
2022-11-28  0:19         ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87bkouyd90.ffs@tglx \
    --to=tglx@linutronix.de \
    --cc=Jason@zx2c4.com \
    --cc=adhemerval.zanella@linaro.org \
    --cc=arnd@arndb.de \
    --cc=brauner@kernel.org \
    --cc=carlos@redhat.com \
    --cc=fweimer@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=patches@lists.linux.dev \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.