* [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED
@ 2022-09-23 12:46 Jason A. Donenfeld
2022-09-23 12:53 ` Jason A. Donenfeld
2022-09-23 13:07 ` Geert Uytterhoeven
0 siblings, 2 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2022-09-23 12:46 UTC (permalink / raw)
To: Geert Uytterhoeven, linux-m68k, kexec, Simon Horman; +Cc: Jason A. Donenfeld
In order to pass fresh entropy to kexec'd kernels, use BI_VIRT_RNG_SEED
for passing a seed, with the same semantics that kexec-tools currently
uses for i386's setup_data.
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
Geert - I don't have a toolchain for testing this. Could you verify it
works, if you have a chance? -Jason
kexec/arch/m68k/bootinfo.c | 22 ++++++++++++++++++++++
kexec/arch/m68k/bootinfo.h | 6 ++++++
kexec/arch/m68k/kexec-elf-m68k.c | 1 +
3 files changed, 29 insertions(+)
diff --git a/kexec/arch/m68k/bootinfo.c b/kexec/arch/m68k/bootinfo.c
index 18bf226..74e65a0 100644
--- a/kexec/arch/m68k/bootinfo.c
+++ b/kexec/arch/m68k/bootinfo.c
@@ -135,40 +135,45 @@ void bootinfo_print(void)
size = bi->size;
switch (tag) {
case BI_MACHTYPE:
printf("BI_MACHTYPE: 0x%08x\n", bi->machtype);
break;
case BI_MEMCHUNK:
printf("BI_MEMCHUNK: 0x%08x bytes at 0x%08x\n",
bi->mem_info.size, bi->mem_info.addr);
break;
case BI_RAMDISK:
printf("BI_RAMDISK: 0x%08x bytes at 0x%08x\n",
bi->mem_info.size, bi->mem_info.addr);
break;
case BI_COMMAND_LINE:
printf("BI_COMMAND_LINE: %s\n", bi->string);
break;
+ case BI_VIRT_RNG_SEED:
+ /* These are secret, so never print them to the console */
+ printf("BI_VIRT_RNG_SEED: 0x%08x bytes\n", be16_to_cpu(bi->bytes.len));
+ break;
+
default:
printf("BI tag 0x%04x size %u\n", tag, size);
break;
}
bi = bi_next(bi, size);
}
}
int bootinfo_get_memory_ranges(struct memory_range **range)
{
struct memory_range *ranges;
unsigned int i;
struct bi_rec *bi;
ranges = xmalloc(num_memchunks * sizeof(struct memory_range));
for (i = 0, bi = NULL;
i < num_memchunks && (bi = bi_find(bi, BI_MEMCHUNK)); i++) {
ranges[i].start = bi->mem_info.addr;
ranges[i].end = bi->mem_info.addr + bi->mem_info.size - 1;
ranges[i].type = RANGE_RAM;
@@ -195,40 +200,57 @@ void bootinfo_set_cmdline(const char *cmdline)
memcpy(bi->string, cmdline, size);
}
void bootinfo_set_ramdisk(unsigned long ramdisk_addr,
unsigned long ramdisk_size)
{
struct bi_rec *bi;
/* Remove existing ramdisk records */
bi_remove(BI_RAMDISK);
if (!ramdisk_size)
return;
/* Add new ramdisk record */
bi = bi_add(BI_RAMDISK, sizeof(bi->mem_info));
bi->mem_info.addr = ramdisk_addr;
bi->mem_info.size = ramdisk_size;
}
+void bootinfo_add_rng_seed(void)
+{
+ struct bi_rec *bi;
+ enum { RNG_SEED_LEN = 32 };
+
+ /* Remove existing rng seed records */
+ bi_remove(BI_VIRT_RNG_SEED);
+
+ /* Add new rng seed record */
+ bi = bi_add(BI_VIRT_RNG_SEED, sizeof(bi->bytes) + RNG_SEED_LEN);
+ if (getrandom(bi->bytes.data, RNG_SEED_LEN, GRND_NONBLOCK) != RNG_SEED_LEN) {
+ bi_remove(BI_VIRT_RNG_SEED);
+ return;
+ }
+ bi->bytes.len = cpu_to_be16(RNG_SEED_LEN);
+}
+
/*
* Check the bootinfo version in the kernel image
* All failures are non-fatal, as kexec may be used to load
* non-Linux images
*/
void bootinfo_check_bootversion(const struct kexec_info *info)
{
struct bi_rec *bi;
const struct bootversion *bv;
uint16_t major, minor;
unsigned int i;
bv = info->segment[0].buf;
if (bv->magic != BOOTINFOV_MAGIC) {
printf("WARNING: No bootversion in kernel image\n");
return;
}
diff --git a/kexec/arch/m68k/bootinfo.h b/kexec/arch/m68k/bootinfo.h
index b6f453d..6dff2ad 100644
--- a/kexec/arch/m68k/bootinfo.h
+++ b/kexec/arch/m68k/bootinfo.h
@@ -1,43 +1,49 @@
#include <asm/bootinfo.h>
+#include <asm/bootinfo-virt.h>
#define DEFAULT_BOOTINFO_FILE "/proc/bootinfo"
#define MAX_BOOTINFO_SIZE 1536
/*
* Convenience overlay of several struct bi_record variants
*/
struct bi_rec {
__be16 tag;
__be16 size;
union {
__be32 data[0];
/* shorthands for the types we use */
__be32 machtype;
struct {
__be32 addr;
__be32 size;
} mem_info;
char string[0];
+ struct {
+ __be16 len;
+ u8 data[0];
+ } bytes;
};
};
/*
* We only support the "new" tagged bootinfo (v2)
*/
#define SUPPORTED_BOOTINFO_VERSION 2
extern const char *bootinfo_file;
extern void bootinfo_load(void);
extern void bootinfo_print(void);
extern int bootinfo_get_memory_ranges(struct memory_range **range);
extern void bootinfo_set_cmdline(const char *cmdline);
extern void bootinfo_set_ramdisk(unsigned long ramdisk_addr,
unsigned long ramdisk_size);
+extern void bootinfo_add_rng_seed(void);
extern void bootinfo_check_bootversion(const struct kexec_info *info);
extern void add_bootinfo(struct kexec_info *info, unsigned long addr);
diff --git a/kexec/arch/m68k/kexec-elf-m68k.c b/kexec/arch/m68k/kexec-elf-m68k.c
index 8d00eb9..a2bf7ee 100644
--- a/kexec/arch/m68k/kexec-elf-m68k.c
+++ b/kexec/arch/m68k/kexec-elf-m68k.c
@@ -145,38 +145,39 @@ int elf_m68k_load(int argc, char **argv, const char *buf, off_t len,
bootinfo_addr = segment_end(info, info->nr_segments - 1) + 1;
/* Load ramdisk */
if (ramdisk_file) {
void *ramdisk = slurp_decompress_file(ramdisk_file,
&ramdisk_size);
/* Store ramdisk at top of first memory chunk */
ramdisk_addr = _ALIGN_DOWN(info->memory_range[0].end -
ramdisk_size + 1,
PAGE_SIZE);
if (!buf)
die("Ramdisk load failed\n");
add_buffer(info, ramdisk, ramdisk_size, ramdisk_size,
PAGE_SIZE, ramdisk_addr, info->memory_range[0].end,
1);
}
/* Update and add bootinfo */
bootinfo_set_cmdline(cmdline);
bootinfo_set_ramdisk(ramdisk_addr, ramdisk_size);
+ bootinfo_add_rng_seed();
if (kexec_debug)
bootinfo_print();
add_bootinfo(info, bootinfo_addr);
/*
* Check if the kernel (and bootinfo) exceed 4 MiB, as current kernels
* don't support that.
* As the segments are still unsorted, the bootinfo is located in the
* last segment.
*/
if (segment_end(info, info->nr_segments - 1) >= virt_to_phys(4 MiB - 1))
printf("WARNING: Kernel is larger than 4 MiB\n");
/* Check struct bootversion at start of kernel */
bootinfo_check_bootversion(info);
return 0;
}
--
2.37.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED
2022-09-23 12:46 [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED Jason A. Donenfeld
@ 2022-09-23 12:53 ` Jason A. Donenfeld
2022-09-23 13:07 ` Geert Uytterhoeven
1 sibling, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2022-09-23 12:53 UTC (permalink / raw)
To: Geert Uytterhoeven, linux-m68k, kexec, Simon Horman
On Fri, Sep 23, 2022 at 2:47 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> Geert - I don't have a toolchain for testing this. Could you verify it
> works, if you have a chance? -Jason
>
> kexec/arch/m68k/bootinfo.c | 22 ++++++++++++++++++++++
> kexec/arch/m68k/bootinfo.h | 6 ++++++
> kexec/arch/m68k/kexec-elf-m68k.c | 1 +
> 3 files changed, 29 insertions(+)
>
> diff --git a/kexec/arch/m68k/bootinfo.c b/kexec/arch/m68k/bootinfo.c
> index 18bf226..74e65a0 100644
> --- a/kexec/arch/m68k/bootinfo.c
> +++ b/kexec/arch/m68k/bootinfo.c
I forgot to add `#include <sys/random.h>` I suspect.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED
2022-09-23 12:46 [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED Jason A. Donenfeld
2022-09-23 12:53 ` Jason A. Donenfeld
@ 2022-09-23 13:07 ` Geert Uytterhoeven
2022-09-23 16:37 ` Jason A. Donenfeld
1 sibling, 1 reply; 6+ messages in thread
From: Geert Uytterhoeven @ 2022-09-23 13:07 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: linux-m68k, kexec, Simon Horman, Laurent Vivier
Hi Jason,
On Fri, Sep 23, 2022 at 2:47 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> In order to pass fresh entropy to kexec'd kernels, use BI_VIRT_RNG_SEED
> for passing a seed, with the same semantics that kexec-tools currently
> uses for i386's setup_data.
>
> Cc: Geert Uytterhoeven <geert@linux-m68k.org>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Thanks for your patch!
> --- a/kexec/arch/m68k/bootinfo.c
> +++ b/kexec/arch/m68k/bootinfo.c
> @@ -135,40 +135,45 @@ void bootinfo_print(void)
> size = bi->size;
> switch (tag) {
> case BI_MACHTYPE:
> printf("BI_MACHTYPE: 0x%08x\n", bi->machtype);
> break;
>
> case BI_MEMCHUNK:
> printf("BI_MEMCHUNK: 0x%08x bytes at 0x%08x\n",
> bi->mem_info.size, bi->mem_info.addr);
> break;
>
> case BI_RAMDISK:
> printf("BI_RAMDISK: 0x%08x bytes at 0x%08x\n",
> bi->mem_info.size, bi->mem_info.addr);
> break;
Hmm, lots of context.
>
> case BI_COMMAND_LINE:
> printf("BI_COMMAND_LINE: %s\n", bi->string);
> break;
>
> + case BI_VIRT_RNG_SEED:
This won't work as expected: BI_VIRT_* tags are only valid if the
machine type is MACH_VIRT.
Worse, this will trigger for other platform-specific tags using the same value:
arch/m68k/include/uapi/asm/bootinfo-amiga.h:#define
BI_AMIGA_CHIPSET 0x8006 /* native chipset present (__be32) */
arch/m68k/include/uapi/asm/bootinfo-mac.h:#define BI_MAC_SCCBASE
0x8006 /* Mac SCC base address */
arch/m68k/include/uapi/asm/bootinfo-virt.h:#define
BI_VIRT_RNG_SEED 0x8006
> + /* These are secret, so never print them to the console */
> + printf("BI_VIRT_RNG_SEED: 0x%08x bytes\n", be16_to_cpu(bi->bytes.len));
> + break;
> +
> default:
> printf("BI tag 0x%04x size %u\n", tag, size);
> break;
> }
> bi = bi_next(bi, size);
> }
> }
> }
>
> +void bootinfo_add_rng_seed(void)
> +{
> + struct bi_rec *bi;
> + enum { RNG_SEED_LEN = 32 };
> +
> + /* Remove existing rng seed records */
> + bi_remove(BI_VIRT_RNG_SEED);
> +
> + /* Add new rng seed record */
> + bi = bi_add(BI_VIRT_RNG_SEED, sizeof(bi->bytes) + RNG_SEED_LEN);
Likewise, this will destroy existing BI_AMIGA_CHIPSET and BI_MAC_SCCBASE
tags, breaking Amiga and Mac.
> + if (getrandom(bi->bytes.data, RNG_SEED_LEN, GRND_NONBLOCK) != RNG_SEED_LEN) {
> + bi_remove(BI_VIRT_RNG_SEED);
> + return;
> + }
> + bi->bytes.len = cpu_to_be16(RNG_SEED_LEN);
> +}
> +
>
As random seeds can now be generic, I think it makes sense to introduce
a machine-independent BI_RND_SEED.
In hindsight, we should have done this from the beginning...
> --- a/kexec/arch/m68k/bootinfo.h
> +++ b/kexec/arch/m68k/bootinfo.h
> @@ -1,43 +1,49 @@
> #include <asm/bootinfo.h>
> +#include <asm/bootinfo-virt.h>
>
> #define DEFAULT_BOOTINFO_FILE "/proc/bootinfo"
> #define MAX_BOOTINFO_SIZE 1536
>
>
> /*
> * Convenience overlay of several struct bi_record variants
> */
>
> struct bi_rec {
> __be16 tag;
> __be16 size;
> union {
> __be32 data[0];
> /* shorthands for the types we use */
> __be32 machtype;
> struct {
> __be32 addr;
> __be32 size;
> } mem_info;
> char string[0];
> + struct {
> + __be16 len;
> + u8 data[0];
> + } bytes;
I'd rather call this rng_seed, to avoid confusion between "data"
and "bytes",
> };
> };
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED
2022-09-23 13:07 ` Geert Uytterhoeven
@ 2022-09-23 16:37 ` Jason A. Donenfeld
2022-09-23 16:41 ` [PATCH v2] m68k: pass rng seed via BI_RNG_SEED Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2022-09-23 16:37 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: linux-m68k, kexec, Simon Horman, Laurent Vivier
Hi Geert,
On Fri, Sep 23, 2022 at 3:07 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> This won't work as expected: BI_VIRT_* tags are only valid if the
> machine type is MACH_VIRT.
> Worse, this will trigger for other platform-specific tags using the same value:
> Likewise, this will destroy existing BI_AMIGA_CHIPSET and BI_MAC_SCCBASE
> tags, breaking Amiga and Mac.
> As random seeds can now be generic, I think it makes sense to introduce
> a machine-independent BI_RND_SEED.
> In hindsight, we should have done this from the beginning...
Yes, I agree. I thought that would be rejected, though, which is why I
didn't do that before. I'll send a patch switching over to that.
There's no point in keeping the old one around, I don't think, so I'll
just move everything over to the new.
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2] m68k: pass rng seed via BI_RNG_SEED
2022-09-23 16:37 ` Jason A. Donenfeld
@ 2022-09-23 16:41 ` Jason A. Donenfeld
2022-09-28 23:16 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2022-09-23 16:41 UTC (permalink / raw)
To: Geert Uytterhoeven, linux-m68k, kexec, Simon Horman, Laurent Vivier
Cc: Jason A. Donenfeld
In order to pass fresh entropy to kexec'd kernels, use BI_RNG_SEED
for passing a seed, with the same semantics that kexec-tools currently
uses for i386's setup_data.
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
Geert - this hasn't been compile tested yet and also depends on changes
that haven't yet landed upstream. Posting this preliminarily now. -Jason
kexec/arch/m68k/bootinfo.c | 23 +++++++++++++++++++++++
kexec/arch/m68k/bootinfo.h | 5 +++++
kexec/arch/m68k/kexec-elf-m68k.c | 1 +
3 files changed, 29 insertions(+)
diff --git a/kexec/arch/m68k/bootinfo.c b/kexec/arch/m68k/bootinfo.c
index 18bf226..086a34b 100644
--- a/kexec/arch/m68k/bootinfo.c
+++ b/kexec/arch/m68k/bootinfo.c
@@ -2,6 +2,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/random.h>
#include "../../kexec.h"
@@ -152,6 +153,11 @@ void bootinfo_print(void)
printf("BI_COMMAND_LINE: %s\n", bi->string);
break;
+ case BI_RNG_SEED:
+ /* These are secret, so never print them to the console */
+ printf("BI_RNG_SEED: 0x%08x bytes\n", be16_to_cpu(bi->rng_seed.len));
+ break;
+
default:
printf("BI tag 0x%04x size %u\n", tag, size);
break;
@@ -212,6 +218,23 @@ void bootinfo_set_ramdisk(unsigned long ramdisk_addr,
bi->mem_info.size = ramdisk_size;
}
+void bootinfo_add_rng_seed(void)
+{
+ enum { RNG_SEED_LEN = 32 };
+ struct bi_rec *bi;
+
+ /* Remove existing rng seed records */
+ bi_remove(BI_RNG_SEED);
+
+ /* Add new rng seed record */
+ bi = bi_add(BI_RNG_SEED, sizeof(bi->rng_seed) + RNG_SEED_LEN);
+ if (getrandom(bi->rng_seed.data, RNG_SEED_LEN, GRND_NONBLOCK) != RNG_SEED_LEN) {
+ bi_remove(BI_RNG_SEED);
+ return;
+ }
+ bi->rng_seed.len = cpu_to_be16(RNG_SEED_LEN);
+}
+
/*
* Check the bootinfo version in the kernel image
diff --git a/kexec/arch/m68k/bootinfo.h b/kexec/arch/m68k/bootinfo.h
index b6f453d..90f75ad 100644
--- a/kexec/arch/m68k/bootinfo.h
+++ b/kexec/arch/m68k/bootinfo.h
@@ -20,6 +20,10 @@ struct bi_rec {
__be32 size;
} mem_info;
char string[0];
+ struct {
+ __be16 len;
+ u8 data[0];
+ } rng_seed;
};
};
@@ -39,5 +43,6 @@ extern int bootinfo_get_memory_ranges(struct memory_range **range);
extern void bootinfo_set_cmdline(const char *cmdline);
extern void bootinfo_set_ramdisk(unsigned long ramdisk_addr,
unsigned long ramdisk_size);
+extern void bootinfo_add_rng_seed(void);
extern void bootinfo_check_bootversion(const struct kexec_info *info);
extern void add_bootinfo(struct kexec_info *info, unsigned long addr);
diff --git a/kexec/arch/m68k/kexec-elf-m68k.c b/kexec/arch/m68k/kexec-elf-m68k.c
index 8d00eb9..a2bf7ee 100644
--- a/kexec/arch/m68k/kexec-elf-m68k.c
+++ b/kexec/arch/m68k/kexec-elf-m68k.c
@@ -162,6 +162,7 @@ int elf_m68k_load(int argc, char **argv, const char *buf, off_t len,
/* Update and add bootinfo */
bootinfo_set_cmdline(cmdline);
bootinfo_set_ramdisk(ramdisk_addr, ramdisk_size);
+ bootinfo_add_rng_seed();
if (kexec_debug)
bootinfo_print();
add_bootinfo(info, bootinfo_addr);
--
2.37.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2] m68k: pass rng seed via BI_RNG_SEED
2022-09-23 16:41 ` [PATCH v2] m68k: pass rng seed via BI_RNG_SEED Jason A. Donenfeld
@ 2022-09-28 23:16 ` Jason A. Donenfeld
0 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2022-09-28 23:16 UTC (permalink / raw)
To: Geert Uytterhoeven, linux-m68k, kexec, Simon Horman, Laurent Vivier
On Fri, Sep 23, 2022 at 06:41:52PM +0200, Jason A. Donenfeld wrote:
> In order to pass fresh entropy to kexec'd kernels, use BI_RNG_SEED
> for passing a seed, with the same semantics that kexec-tools currently
> uses for i386's setup_data.
>
> Cc: Geert Uytterhoeven <geert@linux-m68k.org>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> Geert - this hasn't been compile tested yet and also depends on changes
> that haven't yet landed upstream. Posting this preliminarily now. -Jason
With [1] having landed, does this patch here suffice for kexec-tools?
[1] https://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k.git/commit/?id=f1bb20c8be1929743fdb313b4770601afc39c1b7
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-09-28 23:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-23 12:46 [PATCH kexec-tools] m68k: pass rng seed via BI_VIRT_RNG_SEED Jason A. Donenfeld
2022-09-23 12:53 ` Jason A. Donenfeld
2022-09-23 13:07 ` Geert Uytterhoeven
2022-09-23 16:37 ` Jason A. Donenfeld
2022-09-23 16:41 ` [PATCH v2] m68k: pass rng seed via BI_RNG_SEED Jason A. Donenfeld
2022-09-28 23:16 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).