Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp688401pxf; Thu, 1 Apr 2021 10:57:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJysK5Go9KMByI3Uiu33gJB7u03vCzM6uqwKhi2Jxaeu5Nag/I3Th1WRPbCPMn/foIxcQLvM X-Received: by 2002:a92:d68e:: with SMTP id p14mr7422205iln.0.1617299858842; Thu, 01 Apr 2021 10:57:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617299858; cv=none; d=google.com; s=arc-20160816; b=pYOE+fNGQa4Q3U3M8fFoMUuq2xjQ/BjKaAcbQAxDIser0XS32PyXZYYTycukTt6lLO U9QYW6EmprnX66C6M1yQtS4lyCZHrS6NExnwKJdcKKFy2aZZ5b8v0y9aKI09ZAW6ObsU sBV0+ezh3yrQTUJzKiYaGf4d4XnSrCMYO22IzVG/OCu0+QEfdMi1nYPLkKQdDx3G1aAK AgP+2sWwGFUcNQ3ZaBDP2ohtpwEUHvitUy8LalXmDbi6lWUpm5h11LxctYS+AGpWb8Fj HipphGqcvW5f6d9OfAQxF4nQbmtaa/bZsqVZIakEmXbVgI83o9asQ/QedL3nYBGYlSAQ vrlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=Hoy9JWbZpNKKgJwwAmTLHFplX2rUrxGqNdm9v8L9dMU=; b=ojLlUwJMF4NOtf1Udb7J9IVLgBQmEstOqXCFr8/GjoGKtMzSH4Z9/hhcVQ5UIVoXdy I+AL10J3uTmfSEbbHOblMv43aMrDEcA0Wm1PGSHeWzI8MFoNLcbBvBG6OM5WkXV4C5OU jvQoYpVrJZpmObVMguaJ9EkHu/Sy6DLPwKZNrKKZLKE3H7CxSsactX6jnYQPEiNaTv6J oLd8/68O5ou/wBXUIUTR3Z4rkzVLU+kumvk/iBykjNsO+nLxzVuEijtwe5Xwc0GHNemf W+eylSfCsOXZRg7V8mhXTYXVWhGHunMcnj3FWM2om4tiT5XHw5C2WRmgqGjiriz4gDjq +7nA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d12si5121664ilq.44.2021.04.01.10.57.25; Thu, 01 Apr 2021 10:57:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235200AbhDAR5U (ORCPT + 99 others); Thu, 1 Apr 2021 13:57:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236502AbhDARyj (ORCPT ); Thu, 1 Apr 2021 13:54:39 -0400 Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CF11C02FEAC; Thu, 1 Apr 2021 09:20:10 -0700 (PDT) Received: by mail-oi1-x232.google.com with SMTP id k25so2313666oic.4; Thu, 01 Apr 2021 09:20:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Hoy9JWbZpNKKgJwwAmTLHFplX2rUrxGqNdm9v8L9dMU=; b=j7/QkXhOpGVwzChbSZ94wE8RHL2qth7PoVtFxL9ypQ7Vb4OtJEQ1qVfN4jQdIBxToB m6lH/8CiEitgkAtDGLyHGbRGF0fEEBnPAOband/GhQSBE0gfA9zKIqvzRu6PwOdyMU+e fxhXQoauxr8naE+uZ2rxkne3vV6faJCtU70NYGjB3BPzkuih+X4qQz3M4FZYmxUX0AyK nF4prV0jkQGEu7a61eu57DXJn8qIsPf5ZGkA3rWrJ/cYw+dcuPs78sBtXALAYKzxw6gd 7scwNxYKLJ24HXOonS6RAaSZo9C0NkoWKbDXj40YTyFlBdrzs/3O5sytibKbZ5INduQe bs8Q== X-Gm-Message-State: AOAM530w6bpgKVrlctRqrinAk3YimROJYkJnvtku35h3BHAB6YOzAlmn 71rcB/9JtVIlPTS+b1sL+uc54Jjl923+W+HKCuM= X-Received: by 2002:aca:5fc3:: with SMTP id t186mr6329836oib.69.1617294008998; Thu, 01 Apr 2021 09:20:08 -0700 (PDT) MIME-Version: 1.0 References: <20210401122458.12663-1-crecklin@redhat.com> <20210401122458.12663-2-crecklin@redhat.com> In-Reply-To: From: "Rafael J. Wysocki" Date: Thu, 1 Apr 2021 18:19:57 +0200 Message-ID: Subject: Re: [PATCH 1/1] use crc32 instead of md5 for hibernation e820 integrity check To: Ard Biesheuvel Cc: "Rafael J. Wysocki" , Chris von Recklinghausen , Simo Sorce , Dexuan Cui , Linux PM , Linux Crypto Mailing List , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Apr 1, 2021 at 3:59 PM Ard Biesheuvel wrote: > > On Thu, 1 Apr 2021 at 15:34, Rafael J. Wysocki wrote: > > > > On Thu, Apr 1, 2021 at 2:25 PM Chris von Recklinghausen > > wrote: > > > > > > Suspend fails on a system in fips mode because md5 is used for the e820 > > > integrity check and is not available. Use crc32 instead. > > > > > > Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map > > > by md5 digest") > > > Signed-off-by: Chris von Recklinghausen > > > --- > > > arch/x86/power/hibernate.c | 31 +++++++++++++++++-------------- > > > 1 file changed, 17 insertions(+), 14 deletions(-) > > > > > > diff --git a/arch/x86/power/hibernate.c b/arch/x86/power/hibernate.c > > > index cd3914fc9f3d..6a3f4e32e49c 100644 > > > --- a/arch/x86/power/hibernate.c > > > +++ b/arch/x86/power/hibernate.c > > > @@ -55,31 +55,31 @@ int pfn_is_nosave(unsigned long pfn) > > > } > > > > > > > > > -#define MD5_DIGEST_SIZE 16 > > > +#define CRC32_DIGEST_SIZE 16 > > > > > > struct restore_data_record { > > > unsigned long jump_address; > > > unsigned long jump_address_phys; > > > unsigned long cr3; > > > unsigned long magic; > > > - u8 e820_digest[MD5_DIGEST_SIZE]; > > > + u8 e820_digest[CRC32_DIGEST_SIZE]; > > > }; > > > > No. > > > > CRC32 was used here before and it was deemed insufficient. > > > > Why? The git commit log does not have an explanation of this. IIRC there was an example of a memory map that would produce the same CRC32 value as the original or something like that. But that said this code is all about failing more gracefully, so I guess it isn't a big deal if the failure is more graceful in fewer cases ...