Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2666161imi; Mon, 25 Jul 2022 05:03:55 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t1zXEzdxl5EIJhHvdRdQqrcgYf8bsqPqi7KHJXWquYBXsKFES8agyW8kFBMvlWSID4BFOv X-Received: by 2002:a05:6902:150a:b0:670:8765:37c7 with SMTP id q10-20020a056902150a00b00670876537c7mr9319912ybu.164.1658750634905; Mon, 25 Jul 2022 05:03:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658750634; cv=none; d=google.com; s=arc-20160816; b=s1zsyc0235nHw4cI1pQzyi9uq/dT66ju4Iz+plnYgrawzlNm7JuTQ4GoyGUS4y+Wgh H9icpZSQ7yTD//J3Pl5ZrGeraCwNfIh++UCq0DbAwUmihtq6IhReG4Ifd112dTczrG4U pVXzcYPzODMk7/5/1OQmHHiO5T1mydEHDtvynqf2HrhwfswQr1tN4VF8HEoiBvMnnZus qQEMMVzmSNsswYB9/EAtnbObwWGaBP95t2a/DCoZ7dCMhwJGSkkaOL8lnHqKHw5WMD3f U25Vvl2vg02RTDuOm1rbpiDWPQE0f5pnPP0BIIG3iby2IUhW/CbluvlOWBcsvoSJCb7H W2eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4hha2u7Ttf85rlfnP70RRrDiKMZ3achs4iQQcieqiRo=; b=R+UjO+AeLGdcHxYztqeLF2HEKVs2SjTHXdnNjBlhHqq45cGOdJrFJbPyCocXDtn72w WVaOgvKSbpfjoBQ9SQXVApBRsW1yuDEZiH2qGj19FbVGizh7nqn8CWByOYfAZvbAvyYD EHF5DfadqfNeaLgZuhvEqAEU2/mBMRTvOVDUV4jPSay4rbV0J2rvzgd9UVcJ2lV5yIpI radkl9Y3ay/XoxdK/E302ZxotRzk0nD4fxXRLx4tdCCPmNimMTIVow3uY8n8cTW8+FR5 BM6AhtmHd0oSSX7WMbwcS4TeyLUDszTQ+dFIfgW4NNO8hm6f6Co80S/w4j8rvCkqfpn6 2kow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=UKzIoRW7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f7-20020a255107000000b0066ed924a98fsi8177025ybb.626.2022.07.25.05.03.38; Mon, 25 Jul 2022 05:03:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=UKzIoRW7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232202AbiGYLKv (ORCPT + 99 others); Mon, 25 Jul 2022 07:10:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229561AbiGYLKt (ORCPT ); Mon, 25 Jul 2022 07:10:49 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82778B1D5 for ; Mon, 25 Jul 2022 04:10:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F2DFC60F07 for ; Mon, 25 Jul 2022 11:10:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4B750C341C6; Mon, 25 Jul 2022 11:10:46 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="UKzIoRW7" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1658747444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4hha2u7Ttf85rlfnP70RRrDiKMZ3achs4iQQcieqiRo=; b=UKzIoRW7iTYCNZ/fLqml5HAw2XqOA11ikyJa25vfT2zuEa+o7iNaa6pH+QFj7busp8sGbu zEbcoRIkdYGZfAP0kx6ADCT//5f8gh3tFABE2+RAqmlCcBwo7QeXiyMsBg9oye0dViu2HE hj4UBfEW2tVgo8Bgct+rh4ly+J8SrjY= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b22d6502 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Mon, 25 Jul 2022 11:10:43 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" , Borislav Petkov , Heiko Carstens , Catalin Marinas , Mark Rutland , Michael Ellerman , Johannes Berg Subject: [PATCH] random: discourage use of archrandom outside of rng Date: Mon, 25 Jul 2022 13:10:38 +0200 Message-Id: <20220725111038.720624-1-Jason@zx2c4.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Borislav pointed out during the review of "random: handle archrandom with multiple longs" that people might actually use this function, which might not be good because the function has surprising semantics. This of course was also the case before that patch, and indeed RDSEED-like functions across architectures often behave surprisingly, failing often. While random.c has been written specifically to work with that behavior, not much else is well equipped for that. So add a comment suggesting that this is not for general consumption. Fortunately, nobody uses this for general consumption anyway, and people who try quickly find themselves in trouble. But adding this comment out of an abundance of caution was nonetheless suggested, and it at least means there will be easier justification for cleaning up potential misuses of the function later. Cc: Borislav Petkov Cc: Heiko Carstens Cc: Catalin Marinas Cc: Mark Rutland Cc: Michael Ellerman Cc: Johannes Berg Suggested-by: Borislav Petkov Signed-off-by: Jason A. Donenfeld --- arch/arm64/include/asm/archrandom.h | 13 +++++++++++++ arch/powerpc/include/asm/archrandom.h | 8 ++++++++ arch/s390/include/asm/archrandom.h | 8 ++++++++ arch/um/include/asm/archrandom.h | 8 ++++++++ arch/x86/include/asm/archrandom.h | 9 ++++++--- include/asm-generic/archrandom.h | 8 ++++++++ 6 files changed, 51 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/archrandom.h b/arch/arm64/include/asm/archrandom.h index 109e2a4454be..0b5ee0e12a13 100644 --- a/arch/arm64/include/asm/archrandom.h +++ b/arch/arm64/include/asm/archrandom.h @@ -58,6 +58,10 @@ static inline bool __arm64_rndrrs(unsigned long *v) return ok; } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t max_longs) { /* @@ -71,6 +75,10 @@ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t return 0; } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs) { if (!max_longs) @@ -121,6 +129,11 @@ static inline bool __init __early_cpu_has_rndr(void) return (ftr >> ID_AA64ISAR0_EL1_RNDR_SHIFT) & 0xf; } + +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __init __must_check arch_get_random_seed_longs_early(unsigned long *v, size_t max_longs) { diff --git a/arch/powerpc/include/asm/archrandom.h b/arch/powerpc/include/asm/archrandom.h index 0e365c5b2396..7accfe346d49 100644 --- a/arch/powerpc/include/asm/archrandom.h +++ b/arch/powerpc/include/asm/archrandom.h @@ -4,11 +4,19 @@ #include +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t max_longs) { return 0; } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs) { if (max_longs && ppc_md.get_random_seed && ppc_md.get_random_seed(v)) diff --git a/arch/s390/include/asm/archrandom.h b/arch/s390/include/asm/archrandom.h index cf5e000df0a1..ae1efdd6f3a9 100644 --- a/arch/s390/include/asm/archrandom.h +++ b/arch/s390/include/asm/archrandom.h @@ -18,11 +18,19 @@ DECLARE_STATIC_KEY_FALSE(s390_arch_random_available); extern atomic64_t s390_arch_random_counter; +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t max_longs) { return 0; } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs) { if (static_branch_likely(&s390_arch_random_available)) { diff --git a/arch/um/include/asm/archrandom.h b/arch/um/include/asm/archrandom.h index 24e16c979c51..d2b20bb0ed53 100644 --- a/arch/um/include/asm/archrandom.h +++ b/arch/um/include/asm/archrandom.h @@ -7,6 +7,10 @@ /* This is from , but better not to #include that in a global header here. */ ssize_t os_getrandom(void *buf, size_t len, unsigned int flags); +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t max_longs) { ssize_t ret; @@ -17,6 +21,10 @@ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t return ret / sizeof(*v); } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs) { return 0; diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h index 02bae8e0758b..8352948e6412 100644 --- a/arch/x86/include/asm/archrandom.h +++ b/arch/x86/include/asm/archrandom.h @@ -41,15 +41,18 @@ static inline bool __must_check rdseed_long(unsigned long *v) } /* - * These are the generic interfaces; they must not be declared if the - * stubs in are to be invoked. + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. */ - static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t max_longs) { return max_longs && static_cpu_has(X86_FEATURE_RDRAND) && rdrand_long(v) ? 1 : 0; } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs) { return max_longs && static_cpu_has(X86_FEATURE_RDSEED) && rdseed_long(v) ? 1 : 0; diff --git a/include/asm-generic/archrandom.h b/include/asm-generic/archrandom.h index 3cd7f980cfdc..800b41639dd7 100644 --- a/include/asm-generic/archrandom.h +++ b/include/asm-generic/archrandom.h @@ -2,11 +2,19 @@ #ifndef __ASM_GENERIC_ARCHRANDOM_H__ #define __ASM_GENERIC_ARCHRANDOM_H__ +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_longs(unsigned long *v, size_t max_longs) { return 0; } +/* + * This should only be used by drivers/char/random.c. Other drivers *must* + * use get_random_bytes() instead. + */ static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs) { return 0; -- 2.35.1