Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3473090imm;
        Tue, 29 May 2018 07:51:50 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZq1rQ9O/kbJHNNU7nk6VeqDTPNFxoODFtWTWk9PCzWGVeqbFZAKFGlzIz+aL/uTnZgLYiJz
X-Received: by 2002:a62:8910:: with SMTP id v16-v6mr17370680pfd.13.1527605510191;
        Tue, 29 May 2018 07:51:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527605510; cv=none;
        d=google.com; s=arc-20160816;
        b=obdyhiXhPanz641bhwrvh4wb27ZRhsA21Dv9mo/XrvvVHqGSwyM+1/VjQCRwdCpCO5
         Q2MxosXBGL30br3WfGcLRnxvwjqzoNNE7OTUJ0EIBf35qzoJzE9OU5fdZmPvEbyuzaUr
         iWRAlaLZZkuGD/z0SkUL1a2OyTpGn8HNwKbbqOpRoYwWmMRdrTjH8HyzP4Ws+ZRXOeXQ
         55XhOVjOrGjHRMqrMF9XVKXLqQb+9SXtT3nQw9yW9tlotd7b2jLlV4PbnFYHlP87O9f9
         hJFmVEEGzR8k8+PPZacFdyqYoHvYJ3OczwLAEVonouWdn64X04biYMi1H0gAr12rwLNy
         gOXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=LQAttv5Z00vwqklLQKX4c8eWKL49w3CVf2BZ+4PAl0c=;
        b=hTQMlCM+W2l5E570EQVt6MOhnM+GccKPRUiBE16OiB3ROCC7vCKs6hUq7lJAr1KXek
         sO2Ep1JsRmUr/OaWRHXHOXMgK8UPbij6vhDyTGUc9AwxLTGgqa1UIcO4pvcCJw4N3Pc5
         D+h3eV3zY1JNLOpURxaSpbQkeSfl7lIsoFmGUU0CG2mZIYEqY8WrqTYIzGrLNh5BCZb9
         9nLaAz6fhP4p093nYYu6GYpEKhbAP1DCoKbJHU88WDGiTBEqtatbCOvvTVAI+HDq3XeF
         gbFj5mqAXEnwHqmS3p2qgC0povAolC5pmbXSx7HmMYkqRBiP15Tsnh+Qkp7s2kXAk8/1
         xB/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=jQE4eAPb;
       dkim=fail header.i=@chromium.org header.s=google header.b=G0SjCgFH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u5-v6si32947088pfi.96.2018.05.29.07.51.36;
        Tue, 29 May 2018 07:51:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=jQE4eAPb;
       dkim=fail header.i=@chromium.org header.s=google header.b=G0SjCgFH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S936469AbeE2OtW (ORCPT <rfc822;lxz1983@gmail.com> + 99 others);
        Tue, 29 May 2018 10:49:22 -0400
Received: from mail-vk0-f68.google.com ([209.85.213.68]:32820 "EHLO
        mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S964830AbeE2OtQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 May 2018 10:49:16 -0400
Received: by mail-vk0-f68.google.com with SMTP id 200-v6so6960335vkc.0
        for <linux-kernel@vger.kernel.org>; Tue, 29 May 2018 07:49:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=LQAttv5Z00vwqklLQKX4c8eWKL49w3CVf2BZ+4PAl0c=;
        b=jQE4eAPbZ4sRqqNIj6pxZtZsHz1pq+uTUbUsA6G8PHgyjX0Fvcn2aFn/5rICzx385u
         8x1FrWCKMNJnlEV2ug+ifoYj0n5WVYGmttaetAaA2JkzHNqJBBJDPJAY+TLRwUWiJ50F
         /qOwMoNn11BpEc4Zspe7WwZJgKiY7iFTFOd/DLxow6KOySVQO1xh2GM4FV4ZGPQr34Wt
         q2GfkMhlnKybvfme7ZtIN+rHanRw9VjkpsguN2UrxCbpRbEAPVdRNSjt3gD+Z+2ueRMk
         FHzvlAKhgHvB8+3qdDp/UyK1HTnExTWrpRjLOUuIbsj/io8WRt2PXSEgzaZhT7U4j6n4
         eA5Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=LQAttv5Z00vwqklLQKX4c8eWKL49w3CVf2BZ+4PAl0c=;
        b=G0SjCgFHiUvNTq0cX+yUEwRsZGqLIYcjSprV7Z1wpPng7i/ogjFNbX65788F/yQdkP
         4RpnFsTPj8c1pNQrM8cIdLYk5JPvIADpQntLGRod04pZiEOdIFbWphRKRwEY/c7ITCTq
         u2tRqsnHz9p/DM8B9w3CX660oVEW+lcmIyE5o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=LQAttv5Z00vwqklLQKX4c8eWKL49w3CVf2BZ+4PAl0c=;
        b=MSaYtPEUJeKLiXkU3dAyG+HxFDx5A0B8L6hVZOL92wfeExdo3dpPajDgNAGuv9qgnd
         9NTpGnDZXFEbqu0+2k/BnkQTppoJHdSmmcH/ZsxyVF17E4e4MhCGst1bZdgzOz0dqwUK
         v6r1SCMRyWM7fMKPNHmxe8y5Ltf2rQnnmsnZYhqOxUf8j7d5yCISy0OwogmdkRgRwH/Y
         rIMwTmuuUwP3SYuzHnn+aAvtqll1z0TbBbHgrBVYO/J4M56D4NnKZDCCMZdgJMTzWVMD
         obB0Fjxdp8oBOlorHv2myB82WovOCXhtqIU2sYbDyogYQA3cR8USvfDDQDn6KOeXw5N7
         AYHw==
X-Gm-Message-State: ALKqPweOYIHnF0JMu89efyZq/ax5Kn/QSRVxDtxbSB1YCqEQC03/eD/W
        6ZfPcgnpOh3YWRfydHtEWszTnqJqi4F2DTzRthYCCA==
X-Received: by 2002:a1f:8a12:: with SMTP id m18-v6mr10413977vkd.84.1527605355841;
 Tue, 29 May 2018 07:49:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a1f:bd1:0:0:0:0:0 with HTTP; Tue, 29 May 2018 07:49:14 -0700 (PDT)
In-Reply-To: <20180529123800.19627-1-prarit@redhat.com>
References: <20180529123800.19627-1-prarit@redhat.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Tue, 29 May 2018 07:49:14 -0700
X-Google-Sender-Auth: P2QUCRpMefoVsB2v4mMZL6N8H1o
Message-ID: <CAGXu5jJvJbTZT5=u7TJtLsN-TsuSEfw8h2EwV8w-oefJkADoBg@mail.gmail.com>
Subject: Re: [PATCH] x86, random: Fix get_random_bytes() warning in x86 start_kernel
To:     Prarit Bhargava <prarit@redhat.com>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
        "Theodore Ts'o" <tytso@mit.edu>, Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Rik van Riel <riel@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Philippe Ombredanne <pombredanne@nexb.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Kate Stewart <kstewart@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 29, 2018 at 5:38 AM, Prarit Bhargava <prarit@redhat.com> wrote:
> After 43838a23a05f ("random: fix crng_ready() test") early boot calls
> to get_random_bytes() will warn on each cpu on x86 because the crng
> is not initialized.  For example,
>
> random: get_random_bytes called from start_kernel+0x8e/0x587 with crng_init=0
>
> x86 only uses get_random_bytes() for better randomization of the stack
> canary value so the warning is of no consequence.
>
> Export crng_ready() for x86 and test if the crng is initialized before
> calling get_random_bytes().

NAK. This leaves the stack canary with very little entropy. This needs
to pull from whatever pool is available, not skip it.

-Kees

>
> Signed-off-by: Prarit Bhargava <prarit@redhat.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: x86@kernel.org
> Cc: "Theodore Ts'o" <tytso@mit.edu>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Rik van Riel <riel@redhat.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Philippe Ombredanne <pombredanne@nexb.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Prarit Bhargava <prarit@redhat.com>
> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
> Cc: Kate Stewart <kstewart@linuxfoundation.org>
> ---
>  arch/x86/include/asm/stackprotector.h | 3 ++-
>  drivers/char/random.c                 | 5 ++++-
>  include/linux/random.h                | 1 +
>  3 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
> index 371b3a4af000..4e2223aa34fc 100644
> --- a/arch/x86/include/asm/stackprotector.h
> +++ b/arch/x86/include/asm/stackprotector.h
> @@ -72,7 +72,8 @@ static __always_inline void boot_init_stack_canary(void)
>          * there it already has some randomness on most systems. Later
>          * on during the bootup the random pool has true entropy too.
>          */
> -       get_random_bytes(&canary, sizeof(canary));
> +       if (crng_ready())
> +               get_random_bytes(&canary, sizeof(canary));
>         tsc = rdtsc();
>         canary += tsc + (tsc << 32UL);
>         canary &= CANARY_MASK;
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index cd888d4ee605..003091d104bf 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -428,7 +428,10 @@ struct crng_state primary_crng = {
>   * its value (from 0->1->2).
>   */
>  static int crng_init = 0;
> -#define crng_ready() (likely(crng_init > 1))
> +int crng_ready(void)
> +{
> +       return likely(crng_init > 1);
> +}
>  static int crng_init_cnt = 0;
>  static unsigned long crng_global_init_time = 0;
>  #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
> diff --git a/include/linux/random.h b/include/linux/random.h
> index 2ddf13b4281e..45616513abd9 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -196,4 +196,5 @@ static inline u32 next_pseudo_random32(u32 seed)
>         return seed * 1664525 + 1013904223;
>  }
>
> +extern int crng_ready(void);
>  #endif /* _LINUX_RANDOM_H */
> --
> 2.14.3
>



-- 
Kees Cook
Pixel Security