Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp433231imw; Wed, 13 Jul 2022 00:48:14 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sEci49uP34PLy6HrBZWbp/Ftr84o0QaDybqOaFE7BQp8fiuaTALp4OlLGRUFni7PMTBjGo X-Received: by 2002:a63:545c:0:b0:415:d680:30c0 with SMTP id e28-20020a63545c000000b00415d68030c0mr1858626pgm.184.1657698494403; Wed, 13 Jul 2022 00:48:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657698494; cv=none; d=google.com; s=arc-20160816; b=zWEg2EbVvtjYwePWGWU22U6qODYhlWafMErn4mV+alAyFX8M9mEqpCZ56u0RB45Y9q mqre/W+gJos1Eud2ztRHlaGjLpo2YTqi1DbgaJ+Dqks9xQ7OYj4Ytqb7Qmzt4fgBRjRm jbQFYNp3/CpylcM/K9YbJc0HHAeX6wezzsX5jBGeAQvCFqwYaxG5twoouRcJnLQYtEY+ TW7ZaB6Wd+aEV6am8qWFQR8RFDzufMVkICMQwsJFyShlvOZwuvCrDNF8KJH0bmVIV/WD tcPVuaXCCph4G1tSTQRTBeRfOfm1tpzG9Ayx0Q1r1BXt/iNJRX1mQwwXHMaF6yVkVT0x r4Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=G7gao0eQcJBVleSVsruxzD2YSyfZ86vdlSsXlnXSLF8=; b=W+xyEa4oh10NrRTl0e11x+NO/D3CxP6swSt4KjCwK973fYZekU1whdLWlz4NmO2EN1 +EUSwdbyKcVY7uNM2rFMYRiHyMikywfKzlqzWeZXRIHbBbGKQL5pGV634ShAsb7Z19m1 ubZcPJKS/r0Yqws2QFw0i8EPY29nHnN2Fwe6CHW+6eUP/pfnckQrW2v6e0kOW40sSPKS i8FoMX1Oxfkau2dHOCaNe165mkmy2Hz1HJehad6VI6qKyydDubuUBnG900N4ZnN7uLG1 WXkJMjUA1ugQUty2zCW4l9ETH2/e33/3UwUvmcWbv+YwDNwEcIAedCBEszsY/myPAll8 UjOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y7-20020a62b507000000b005061eb330a1si14245646pfe.351.2022.07.13.00.48.02; Wed, 13 Jul 2022 00:48:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234380AbiGMHa5 (ORCPT + 99 others); Wed, 13 Jul 2022 03:30:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57514 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234676AbiGMHaw (ORCPT ); Wed, 13 Jul 2022 03:30:52 -0400 X-Greylist: delayed 1423 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 13 Jul 2022 00:30:49 PDT Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A964E4749 for ; Wed, 13 Jul 2022 00:30:49 -0700 (PDT) Received: from [192.168.18.6] (helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oBWSZ-0001yh-IW; Wed, 13 Jul 2022 07:07:03 +0000 Received: from madding.kot-begemot.co.uk ([192.168.3.98]) by jain.kot-begemot.co.uk with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1oBWSS-003Myb-Hs; Wed, 13 Jul 2022 08:06:57 +0100 Message-ID: <0cef6aca-6e94-bc77-75a2-c017e6f87f7b@kot-begemot.co.uk> Date: Wed, 13 Jul 2022 08:06:52 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 Subject: Re: [PATCH] um: seed rng using host OS rng Content-Language: en-US To: "Jason A. Donenfeld" , linux-um@lists.infradead.org, linux-kernel@vger.kernel.org, johannes@sipsolutions.net Cc: stable@vger.kernel.org References: <20220712232738.77737-1-Jason@zx2c4.com> From: Anton Ivanov In-Reply-To: <20220712232738.77737-1-Jason@zx2c4.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.0 X-Spam-Score: -1.0 X-Clacks-Overhead: GNU Terry Pratchett X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13/07/2022 00:27, Jason A. Donenfeld wrote: > UML generally does not provide access to special CPU instructions like > RDRAND, and execution tends to be rather deterministic, with no real > hardware interrupts, making good randomness really very hard, if not > all together impossible. Not only is this a security eyebrow raiser, but > it's also quite annoying when trying to do various pieces of UML-based > automation that takes a long time to boot, if ever. > > Fix this by trivially calling getrandom() in the host and using that > seed as "bootloader randomness", which initializes the rng immediately > at UML boot. > > The old behavior can be restored the same way as on any other arch, by > way of CONFIG_TRUST_BOOTLOADER_RANDOMNESS=n or > random.trust_bootloader=0. So seen from that perspective, this just > makes UML act like other archs, which is positive in its own right. > > Cc: stable@vger.kernel.org > Cc: Johannes Berg > Signed-off-by: Jason A. Donenfeld > --- > arch/um/include/shared/os.h | 7 +++++++ > arch/um/kernel/um_arch.c | 8 ++++++++ > arch/um/os-Linux/util.c | 6 ++++++ > 3 files changed, 21 insertions(+) > > diff --git a/arch/um/include/shared/os.h b/arch/um/include/shared/os.h > index fafde1d5416e..79644dd88d58 100644 > --- a/arch/um/include/shared/os.h > +++ b/arch/um/include/shared/os.h > @@ -11,6 +11,12 @@ > #include > #include > #include > +/* This is to get size_t */ > +#ifndef __UM_HOST__ > +#include > +#else > +#include > +#endif > > #define CATCH_EINTR(expr) while ((errno = 0, ((expr) < 0)) && (errno == EINTR)) > > @@ -243,6 +249,7 @@ extern void stack_protections(unsigned long address); > extern int raw(int fd); > extern void setup_machinename(char *machine_out); > extern void setup_hostinfo(char *buf, int len); > +extern ssize_t os_getrandom(void *buf, size_t len, unsigned int flags); > extern void os_dump_core(void) __attribute__ ((noreturn)); > extern void um_early_printk(const char *s, unsigned int n); > extern void os_fix_helper_signals(void); > diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c > index 0760e24f2eba..74f3efd96bd4 100644 > --- a/arch/um/kernel/um_arch.c > +++ b/arch/um/kernel/um_arch.c > @@ -16,6 +16,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -406,6 +407,8 @@ int __init __weak read_initrd(void) > > void __init setup_arch(char **cmdline_p) > { > + u8 rng_seed[32]; > + > stack_protections((unsigned long) &init_thread_info); > setup_physmem(uml_physmem, uml_reserved, physmem_size, highmem); > mem_total_pages(physmem_size, iomem_size, highmem); > @@ -416,6 +419,11 @@ void __init setup_arch(char **cmdline_p) > strlcpy(boot_command_line, command_line, COMMAND_LINE_SIZE); > *cmdline_p = command_line; > setup_hostinfo(host_info, sizeof host_info); > + > + if (os_getrandom(rng_seed, sizeof(rng_seed), 0) == sizeof(rng_seed)) { > + add_bootloader_randomness(rng_seed, sizeof(rng_seed)); > + memzero_explicit(rng_seed, sizeof(rng_seed)); > + } > } > > void __init check_bugs(void) > diff --git a/arch/um/os-Linux/util.c b/arch/um/os-Linux/util.c > index 41297ec404bf..fc0f2a9dee5a 100644 > --- a/arch/um/os-Linux/util.c > +++ b/arch/um/os-Linux/util.c > @@ -14,6 +14,7 @@ > #include > #include > #include > +#include > #include > #include > > @@ -96,6 +97,11 @@ static inline void __attribute__ ((noreturn)) uml_abort(void) > exit(127); > } > > +ssize_t os_getrandom(void *buf, size_t len, unsigned int flags) > +{ > + return getrandom(buf, len, flags); > +} > + > /* > * UML helper threads must not handle SIGWINCH/INT/TERM > */ Acked-By: Anton Ivanov -- Anton R. Ivanov https://www.kot-begemot.co.uk/