Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v2 00/10] Improvements for random.h/archrandom.h
@ 2019-11-06 14:12 Richard Henderson
  2019-11-06 14:12 ` [PATCH v2 01/10] x86: Remove arch_has_random, arch_has_random_seed Richard Henderson
                   ` (10 more replies)
  0 siblings, 11 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:12 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

During patch review for an addition of archrandom.h for arm64, it was
suggeted that the arch_random_get_* functions should be marked __must_check.
Which does sound like a good idea, since the by-reference integer output
may be uninitialized when the boolean result is false.

In addition, it turns out that arch_has_random() and arch_has_random_seed()
are not used, and not easy to support for arm64.  Rather than cobble
something together that would not be testable, remove the interfaces
against some future accidental use.

In addition, I noticed a few other minor inconsistencies between the
different architectures, e.g. powerpc isn't using bool.

Change since v1:
  * Remove arch_has_random, arch_has_random_seed.


r~


Richard Henderson (10):
  x86: Remove arch_has_random, arch_has_random_seed
  powerpc: Remove arch_has_random, arch_has_random_seed
  s390: Remove arch_has_random, arch_has_random_seed
  linux/random.h: Remove arch_has_random, arch_has_random_seed
  linux/random.h: Use false with bool
  linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  x86: Mark archrandom.h functions __must_check
  powerpc: Use bool in archrandom.h
  powerpc: Mark archrandom.h functions __must_check
  s390x: Mark archrandom.h functions __must_check

 arch/powerpc/include/asm/archrandom.h | 27 +++++++++-----------------
 arch/s390/include/asm/archrandom.h    | 20 ++++---------------
 arch/x86/include/asm/archrandom.h     | 28 ++++++++++++---------------
 include/linux/random.h                | 24 ++++++++---------------
 4 files changed, 33 insertions(+), 66 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 01/10] x86: Remove arch_has_random, arch_has_random_seed
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
@ 2019-11-06 14:12 ` Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 02/10] powerpc: " Richard Henderson
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:12 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

Use the expansion of these macros directly in arch_get_random_*.

These symbols are currently part of the generic archrandom.h
interface, but are currently unused and can be removed.

Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/x86/include/asm/archrandom.h | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h
index af45e1452f09..feb59461046c 100644
--- a/arch/x86/include/asm/archrandom.h
+++ b/arch/x86/include/asm/archrandom.h
@@ -73,10 +73,6 @@ static inline bool rdseed_int(unsigned int *v)
 	return ok;
 }
 
-/* Conditional execution based on CPU type */
-#define arch_has_random()	static_cpu_has(X86_FEATURE_RDRAND)
-#define arch_has_random_seed()	static_cpu_has(X86_FEATURE_RDSEED)
-
 /*
  * These are the generic interfaces; they must not be declared if the
  * stubs in <linux/random.h> are to be invoked,
@@ -86,22 +82,22 @@ static inline bool rdseed_int(unsigned int *v)
 
 static inline bool arch_get_random_long(unsigned long *v)
 {
-	return arch_has_random() ? rdrand_long(v) : false;
+	return static_cpu_has(X86_FEATURE_RDRAND) ? rdrand_long(v) : false;
 }
 
 static inline bool arch_get_random_int(unsigned int *v)
 {
-	return arch_has_random() ? rdrand_int(v) : false;
+	return static_cpu_has(X86_FEATURE_RDRAND) ? rdrand_int(v) : false;
 }
 
 static inline bool arch_get_random_seed_long(unsigned long *v)
 {
-	return arch_has_random_seed() ? rdseed_long(v) : false;
+	return static_cpu_has(X86_FEATURE_RDSEED) ? rdseed_long(v) : false;
 }
 
 static inline bool arch_get_random_seed_int(unsigned int *v)
 {
-	return arch_has_random_seed() ? rdseed_int(v) : false;
+	return static_cpu_has(X86_FEATURE_RDSEED) ? rdseed_int(v) : false;
 }
 
 extern void x86_init_rdrand(struct cpuinfo_x86 *c);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 02/10] powerpc: Remove arch_has_random, arch_has_random_seed
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
  2019-11-06 14:12 ` [PATCH v2 01/10] x86: Remove arch_has_random, arch_has_random_seed Richard Henderson
@ 2019-11-06 14:13 ` " Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 03/10] s390: " Richard Henderson
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

These symbols are currently part of the generic archrandom.h
interface, but are currently unused and can be removed.

Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/powerpc/include/asm/archrandom.h | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/arch/powerpc/include/asm/archrandom.h b/arch/powerpc/include/asm/archrandom.h
index 9c63b596e6ce..c2ed3b4681f5 100644
--- a/arch/powerpc/include/asm/archrandom.h
+++ b/arch/powerpc/include/asm/archrandom.h
@@ -34,16 +34,6 @@ static inline int arch_get_random_seed_int(unsigned int *v)
 
 	return rc;
 }
-
-static inline int arch_has_random(void)
-{
-	return 0;
-}
-
-static inline int arch_has_random_seed(void)
-{
-	return !!ppc_md.get_random_seed;
-}
 #endif /* CONFIG_ARCH_RANDOM */
 
 #ifdef CONFIG_PPC_POWERNV
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 03/10] s390: Remove arch_has_random, arch_has_random_seed
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
  2019-11-06 14:12 ` [PATCH v2 01/10] x86: Remove arch_has_random, arch_has_random_seed Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 02/10] powerpc: " Richard Henderson
@ 2019-11-06 14:13 ` " Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 04/10] linux/random.h: " Richard Henderson
                   ` (7 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

These symbols are currently part of the generic archrandom.h
interface, but are currently unused and can be removed.

Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/s390/include/asm/archrandom.h | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/arch/s390/include/asm/archrandom.h b/arch/s390/include/asm/archrandom.h
index c67b82dfa558..9a6835137a16 100644
--- a/arch/s390/include/asm/archrandom.h
+++ b/arch/s390/include/asm/archrandom.h
@@ -21,18 +21,6 @@ extern atomic64_t s390_arch_random_counter;
 
 bool s390_arch_random_generate(u8 *buf, unsigned int nbytes);
 
-static inline bool arch_has_random(void)
-{
-	return false;
-}
-
-static inline bool arch_has_random_seed(void)
-{
-	if (static_branch_likely(&s390_arch_random_available))
-		return true;
-	return false;
-}
-
 static inline bool arch_get_random_long(unsigned long *v)
 {
 	return false;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 04/10] linux/random.h: Remove arch_has_random, arch_has_random_seed
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (2 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 03/10] s390: " Richard Henderson
@ 2019-11-06 14:13 ` " Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 05/10] linux/random.h: Use false with bool Richard Henderson
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

The arm64 version of archrandom.h will need to be able to test for
support and read the random number without preemption, so a separate
query predicate is not practical.

Since this part of the generic interface is unused, remove it.

Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 include/linux/random.h | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/include/linux/random.h b/include/linux/random.h
index f189c927fdea..7fd0360908d2 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -175,10 +175,6 @@ static inline bool arch_get_random_int(unsigned int *v)
 {
 	return 0;
 }
-static inline bool arch_has_random(void)
-{
-	return 0;
-}
 static inline bool arch_get_random_seed_long(unsigned long *v)
 {
 	return 0;
@@ -187,10 +183,6 @@ static inline bool arch_get_random_seed_int(unsigned int *v)
 {
 	return 0;
 }
-static inline bool arch_has_random_seed(void)
-{
-	return 0;
-}
 #endif
 
 /* Pseudo random number generator from numerical recipes. */
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 05/10] linux/random.h: Use false with bool
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (3 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 04/10] linux/random.h: " Richard Henderson
@ 2019-11-06 14:13 ` Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 06/10] linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check Richard Henderson
                   ` (5 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

Keep the generic fallback versions in sync with the other architecture
specific implementations and use the proper name for false.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 include/linux/random.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/linux/random.h b/include/linux/random.h
index 7fd0360908d2..ea0e2f5f1ec5 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -169,19 +169,19 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed)
 #else
 static inline bool arch_get_random_long(unsigned long *v)
 {
-	return 0;
+	return false;
 }
 static inline bool arch_get_random_int(unsigned int *v)
 {
-	return 0;
+	return false;
 }
 static inline bool arch_get_random_seed_long(unsigned long *v)
 {
-	return 0;
+	return false;
 }
 static inline bool arch_get_random_seed_int(unsigned int *v)
 {
-	return 0;
+	return false;
 }
 #endif
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 06/10] linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (4 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 05/10] linux/random.h: Use false with bool Richard Henderson
@ 2019-11-06 14:13 ` Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 07/10] x86: Mark archrandom.h " Richard Henderson
                   ` (4 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

We must not use the pointer output without validating the
success of the random read.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 include/linux/random.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/linux/random.h b/include/linux/random.h
index ea0e2f5f1ec5..d319f9a1e429 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -167,19 +167,19 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed)
 #ifdef CONFIG_ARCH_RANDOM
 # include <asm/archrandom.h>
 #else
-static inline bool arch_get_random_long(unsigned long *v)
+static inline bool __must_check arch_get_random_long(unsigned long *v)
 {
 	return false;
 }
-static inline bool arch_get_random_int(unsigned int *v)
+static inline bool __must_check arch_get_random_int(unsigned int *v)
 {
 	return false;
 }
-static inline bool arch_get_random_seed_long(unsigned long *v)
+static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
 {
 	return false;
 }
-static inline bool arch_get_random_seed_int(unsigned int *v)
+static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
 {
 	return false;
 }
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 07/10] x86: Mark archrandom.h functions __must_check
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (5 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 06/10] linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check Richard Henderson
@ 2019-11-06 14:13 ` " Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 08/10] powerpc: Use bool in archrandom.h Richard Henderson
                   ` (3 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

We must not use the pointer output without validating the
success of the random read.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/x86/include/asm/archrandom.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h
index feb59461046c..7a4bb1bd4bdb 100644
--- a/arch/x86/include/asm/archrandom.h
+++ b/arch/x86/include/asm/archrandom.h
@@ -27,7 +27,7 @@
 
 /* Unconditional execution of RDRAND and RDSEED */
 
-static inline bool rdrand_long(unsigned long *v)
+static inline bool __must_check rdrand_long(unsigned long *v)
 {
 	bool ok;
 	unsigned int retry = RDRAND_RETRY_LOOPS;
@@ -41,7 +41,7 @@ static inline bool rdrand_long(unsigned long *v)
 	return false;
 }
 
-static inline bool rdrand_int(unsigned int *v)
+static inline bool __must_check rdrand_int(unsigned int *v)
 {
 	bool ok;
 	unsigned int retry = RDRAND_RETRY_LOOPS;
@@ -55,7 +55,7 @@ static inline bool rdrand_int(unsigned int *v)
 	return false;
 }
 
-static inline bool rdseed_long(unsigned long *v)
+static inline bool __must_check rdseed_long(unsigned long *v)
 {
 	bool ok;
 	asm volatile(RDSEED_LONG
@@ -64,7 +64,7 @@ static inline bool rdseed_long(unsigned long *v)
 	return ok;
 }
 
-static inline bool rdseed_int(unsigned int *v)
+static inline bool __must_check rdseed_int(unsigned int *v)
 {
 	bool ok;
 	asm volatile(RDSEED_INT
@@ -80,22 +80,22 @@ static inline bool rdseed_int(unsigned int *v)
  */
 #ifdef CONFIG_ARCH_RANDOM
 
-static inline bool arch_get_random_long(unsigned long *v)
+static inline bool __must_check arch_get_random_long(unsigned long *v)
 {
 	return static_cpu_has(X86_FEATURE_RDRAND) ? rdrand_long(v) : false;
 }
 
-static inline bool arch_get_random_int(unsigned int *v)
+static inline bool __must_check arch_get_random_int(unsigned int *v)
 {
 	return static_cpu_has(X86_FEATURE_RDRAND) ? rdrand_int(v) : false;
 }
 
-static inline bool arch_get_random_seed_long(unsigned long *v)
+static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
 {
 	return static_cpu_has(X86_FEATURE_RDSEED) ? rdseed_long(v) : false;
 }
 
-static inline bool arch_get_random_seed_int(unsigned int *v)
+static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
 {
 	return static_cpu_has(X86_FEATURE_RDSEED) ? rdseed_int(v) : false;
 }
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 08/10] powerpc: Use bool in archrandom.h
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (6 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 07/10] x86: Mark archrandom.h " Richard Henderson
@ 2019-11-06 14:13 ` Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 09/10] powerpc: Mark archrandom.h functions __must_check Richard Henderson
                   ` (2 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

The generic interface uses bool not int; match that.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/powerpc/include/asm/archrandom.h | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/include/asm/archrandom.h b/arch/powerpc/include/asm/archrandom.h
index c2ed3b4681f5..7766812e2355 100644
--- a/arch/powerpc/include/asm/archrandom.h
+++ b/arch/powerpc/include/asm/archrandom.h
@@ -6,27 +6,28 @@
 
 #include <asm/machdep.h>
 
-static inline int arch_get_random_long(unsigned long *v)
+static inline bool arch_get_random_long(unsigned long *v)
 {
-	return 0;
+	return false;
 }
 
-static inline int arch_get_random_int(unsigned int *v)
+static inline bool arch_get_random_int(unsigned int *v)
 {
-	return 0;
+	return false;
 }
 
-static inline int arch_get_random_seed_long(unsigned long *v)
+static inline bool arch_get_random_seed_long(unsigned long *v)
 {
 	if (ppc_md.get_random_seed)
 		return ppc_md.get_random_seed(v);
 
-	return 0;
+	return false;
 }
-static inline int arch_get_random_seed_int(unsigned int *v)
+
+static inline bool arch_get_random_seed_int(unsigned int *v)
 {
 	unsigned long val;
-	int rc;
+	bool rc;
 
 	rc = arch_get_random_long(&val);
 	if (rc)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 09/10] powerpc: Mark archrandom.h functions __must_check
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (7 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 08/10] powerpc: Use bool in archrandom.h Richard Henderson
@ 2019-11-06 14:13 ` Richard Henderson
  2019-11-06 14:13 ` [PATCH v2 10/10] s390x: " Richard Henderson
  2019-11-11 17:20 ` [PATCH v2 00/10] Improvements for random.h/archrandom.h Borislav Petkov
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

We must not use the pointer output without validating the
success of the random read.

Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/powerpc/include/asm/archrandom.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/powerpc/include/asm/archrandom.h b/arch/powerpc/include/asm/archrandom.h
index 7766812e2355..60b8ad798743 100644
--- a/arch/powerpc/include/asm/archrandom.h
+++ b/arch/powerpc/include/asm/archrandom.h
@@ -6,17 +6,17 @@
 
 #include <asm/machdep.h>
 
-static inline bool arch_get_random_long(unsigned long *v)
+static inline bool __must_check arch_get_random_long(unsigned long *v)
 {
 	return false;
 }
 
-static inline bool arch_get_random_int(unsigned int *v)
+static inline bool __must_check arch_get_random_int(unsigned int *v)
 {
 	return false;
 }
 
-static inline bool arch_get_random_seed_long(unsigned long *v)
+static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
 {
 	if (ppc_md.get_random_seed)
 		return ppc_md.get_random_seed(v);
@@ -24,7 +24,7 @@ static inline bool arch_get_random_seed_long(unsigned long *v)
 	return false;
 }
 
-static inline bool arch_get_random_seed_int(unsigned int *v)
+static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
 {
 	unsigned long val;
 	bool rc;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 10/10] s390x: Mark archrandom.h functions __must_check
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (8 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 09/10] powerpc: Mark archrandom.h functions __must_check Richard Henderson
@ 2019-11-06 14:13 ` " Richard Henderson
  2019-11-11 17:20 ` [PATCH v2 00/10] Improvements for random.h/archrandom.h Borislav Petkov
  10 siblings, 0 replies; 12+ messages in thread
From: Richard Henderson @ 2019-11-06 14:13 UTC (permalink / raw)
  To: linux-crypto
  Cc: herbert, linux-arch, x86, linuxppc-dev, linux-s390, linux-arm-kernel

We must not use the pointer output without validating the
success of the random read.

Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 arch/s390/include/asm/archrandom.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/s390/include/asm/archrandom.h b/arch/s390/include/asm/archrandom.h
index 9a6835137a16..de61ce562052 100644
--- a/arch/s390/include/asm/archrandom.h
+++ b/arch/s390/include/asm/archrandom.h
@@ -21,17 +21,17 @@ extern atomic64_t s390_arch_random_counter;
 
 bool s390_arch_random_generate(u8 *buf, unsigned int nbytes);
 
-static inline bool arch_get_random_long(unsigned long *v)
+static inline bool __must_check arch_get_random_long(unsigned long *v)
 {
 	return false;
 }
 
-static inline bool arch_get_random_int(unsigned int *v)
+static inline bool __must_check arch_get_random_int(unsigned int *v)
 {
 	return false;
 }
 
-static inline bool arch_get_random_seed_long(unsigned long *v)
+static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
 {
 	if (static_branch_likely(&s390_arch_random_available)) {
 		return s390_arch_random_generate((u8 *)v, sizeof(*v));
@@ -39,7 +39,7 @@ static inline bool arch_get_random_seed_long(unsigned long *v)
 	return false;
 }
 
-static inline bool arch_get_random_seed_int(unsigned int *v)
+static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
 {
 	if (static_branch_likely(&s390_arch_random_available)) {
 		return s390_arch_random_generate((u8 *)v, sizeof(*v));
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v2 00/10] Improvements for random.h/archrandom.h
  2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
                   ` (9 preceding siblings ...)
  2019-11-06 14:13 ` [PATCH v2 10/10] s390x: " Richard Henderson
@ 2019-11-11 17:20 ` Borislav Petkov
  10 siblings, 0 replies; 12+ messages in thread
From: Borislav Petkov @ 2019-11-11 17:20 UTC (permalink / raw)
  To: Richard Henderson
  Cc: linux-crypto, herbert, linux-arch, x86, linuxppc-dev, linux-s390,
	linux-arm-kernel

On Wed, Nov 06, 2019 at 03:12:58PM +0100, Richard Henderson wrote:
> During patch review for an addition of archrandom.h for arm64, it was
> suggeted that the arch_random_get_* functions should be marked __must_check.
> Which does sound like a good idea, since the by-reference integer output
> may be uninitialized when the boolean result is false.
> 
> In addition, it turns out that arch_has_random() and arch_has_random_seed()
> are not used, and not easy to support for arm64.  Rather than cobble
> something together that would not be testable, remove the interfaces
> against some future accidental use.
> 
> In addition, I noticed a few other minor inconsistencies between the
> different architectures, e.g. powerpc isn't using bool.
> 
> Change since v1:
>   * Remove arch_has_random, arch_has_random_seed.
> 
> 
> r~
> 
> 
> Richard Henderson (10):
>   x86: Remove arch_has_random, arch_has_random_seed
>   powerpc: Remove arch_has_random, arch_has_random_seed
>   s390: Remove arch_has_random, arch_has_random_seed
>   linux/random.h: Remove arch_has_random, arch_has_random_seed
>   linux/random.h: Use false with bool
>   linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
>   x86: Mark archrandom.h functions __must_check
>   powerpc: Use bool in archrandom.h
>   powerpc: Mark archrandom.h functions __must_check
>   s390x: Mark archrandom.h functions __must_check
> 
>  arch/powerpc/include/asm/archrandom.h | 27 +++++++++-----------------
>  arch/s390/include/asm/archrandom.h    | 20 ++++---------------
>  arch/x86/include/asm/archrandom.h     | 28 ++++++++++++---------------
>  include/linux/random.h                | 24 ++++++++---------------
>  4 files changed, 33 insertions(+), 66 deletions(-)
> 
> -- 

They look good to me.

Is anyone going to take them or should I though the tip tree?

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, back to index

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-06 14:12 [PATCH v2 00/10] Improvements for random.h/archrandom.h Richard Henderson
2019-11-06 14:12 ` [PATCH v2 01/10] x86: Remove arch_has_random, arch_has_random_seed Richard Henderson
2019-11-06 14:13 ` [PATCH v2 02/10] powerpc: " Richard Henderson
2019-11-06 14:13 ` [PATCH v2 03/10] s390: " Richard Henderson
2019-11-06 14:13 ` [PATCH v2 04/10] linux/random.h: " Richard Henderson
2019-11-06 14:13 ` [PATCH v2 05/10] linux/random.h: Use false with bool Richard Henderson
2019-11-06 14:13 ` [PATCH v2 06/10] linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check Richard Henderson
2019-11-06 14:13 ` [PATCH v2 07/10] x86: Mark archrandom.h " Richard Henderson
2019-11-06 14:13 ` [PATCH v2 08/10] powerpc: Use bool in archrandom.h Richard Henderson
2019-11-06 14:13 ` [PATCH v2 09/10] powerpc: Mark archrandom.h functions __must_check Richard Henderson
2019-11-06 14:13 ` [PATCH v2 10/10] s390x: " Richard Henderson
2019-11-11 17:20 ` [PATCH v2 00/10] Improvements for random.h/archrandom.h Borislav Petkov

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git