From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755370AbeD3VXM (ORCPT ); Mon, 30 Apr 2018 17:23:12 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:46435 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755266AbeD3VXK (ORCPT ); Mon, 30 Apr 2018 17:23:10 -0400 X-ME-Sender: Date: Tue, 1 May 2018 07:23:05 +1000 From: "Tobin C. Harding" To: Kees Cook Cc: Linus Torvalds , "Ted Ts'o" , Steven Rostedt , Anna-Maria Gleixner , Linux Kernel Mailing List , "Jason A. Donenfeld" Subject: Re: Hashed pointer issues Message-ID: <20180430212305.GD22100@eros> References: <20180430124135.0cce92e3@gandalf.local.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: Mutt 1.5.24 (2015-08-30) User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 30, 2018 at 12:16:45PM -0700, Kees Cook wrote: > On Mon, Apr 30, 2018 at 12:00 PM, Linus Torvalds > wrote: > > On Mon, Apr 30, 2018 at 11:38 AM Kees Cook wrote: > > > >> Something like this? (Untested.) > > > > Looks workable. > > > >> + /* If we have hw RNG, start hashing immediately. */ > >> + if (arch_has_random()) { > >> + get_random_bytes_arch(&ptr_key, sizeof(ptr_key)); > >> + ptr_key_ready(); > >> + return 0; > >> + } > > > > Small tweak: you should check the return value of get_random_bytes_arch(), > > because in theory it can fail. > > > > Sadly, that's not actually how get_random_bytes_arch() really works - it > > falls back on "get_random_bytes()" on failure instead, which is explicitly > > against the whole point here. > > I just noticed: there are _no_ users of get_random_bytes_arch() ... > didn't we once use it to feed entropy to the CRNG? > > > So I think it would need some tweaking, with a new function entirely > > (get_random_bytes_arch() with a failure return for "cannot fill buffer"). > > > > But that would be just a few more lines, because we could make the existing > > get_random_bytes_arch() just use the failure-case thing. > > > > So add a "get_hw_random_bytes()" that does that same loop in > > get_random_bytes_arch(), but returns the number of bytes it filled in. > > > > Then get_random_bytes_arch() turns into > > > > got = get_hw_random_bytes(p, nbytes); > > if (got < nbytes) > > get_random_bytes(p+got, nbytes-got); > > > > and the initialize_ptr_random() use would be something like > > > > if (get_hw_random_bytes(&ptr_key, sizeof(ptr_key)) == sizeof(ptr_key)) { > > ptr_key_ready(); > > return 0; > > } > > > > Hmm? > > > > Maybe we could call the "get_hw_random_bytes()" something like > > "get_early_random_bytes()" and the "use HW for it" is purely an > > implementation detail? > > Yeah, and if we add __must_check, I think this should be fine. Ted, > any thoughts on this? > > Tobin, is this something you've got time to implement and test? Sure thing, thanks for the opportunity. Tobin