* [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed
@ 2019-12-10 15:45 George Spelvin
2020-03-28 19:04 ` Hsin-Yi Wang
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: George Spelvin @ 2019-12-10 15:45 UTC (permalink / raw)
To: linux-kernel, lkml
Cc: Hsin-Yi Wang, Catalin Marinas, Will Deacon, linux-arm-kernel
After using get_random_bytes(), you want to wipe the buffer
afterward so the seed remains secret.
In this case, we can eliminate the temporary buffer entirely.
fdt_setprop_placeholder returns a pointer to the property value
buffer, allowing us to put the random data directy in there without
using a temporary buffer at all. Faster and less stack all in one.
Signed-off-by: George Spelvin <lkml@sdf.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
---
arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 7b08bf9499b6b..69e25bb96e3fb 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -106,12 +106,12 @@ static int setup_dtb(struct kimage *image,
/* add rng-seed */
if (rng_is_initialized()) {
- u8 rng_seed[RNG_SEED_SIZE];
- get_random_bytes(rng_seed, RNG_SEED_SIZE);
- ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
- RNG_SEED_SIZE);
+ void *rng_seed;
+ ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED,
+ RNG_SEED_SIZE, &rng_seed);
if (ret)
goto out;
+ get_random_bytes(rng_seed, RNG_SEED_SIZE);
} else {
pr_notice("RNG is not initialised: omitting \"%s\" property\n",
FDT_PROP_RNG_SEED);
--
2.26.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed
2019-12-10 15:45 [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed George Spelvin
@ 2020-03-28 19:04 ` Hsin-Yi Wang
2020-03-30 11:07 ` Mark Rutland
2020-03-30 13:37 ` Will Deacon
2 siblings, 0 replies; 6+ messages in thread
From: Hsin-Yi Wang @ 2020-03-28 19:04 UTC (permalink / raw)
To: George Spelvin
Cc: lkml, Catalin Marinas, Will Deacon,
moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE
On Sun, Mar 29, 2020 at 12:43 AM George Spelvin <lkml@sdf.org> wrote:
>
> After using get_random_bytes(), you want to wipe the buffer
> afterward so the seed remains secret.
>
> In this case, we can eliminate the temporary buffer entirely.
> fdt_setprop_placeholder returns a pointer to the property value
> buffer, allowing us to put the random data directy in there without
> using a temporary buffer at all. Faster and less stack all in one.
>
> Signed-off-by: George Spelvin <lkml@sdf.org>
> Cc: Hsin-Yi Wang <hsinyi@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Cc: linux-arm-kernel@lists.infradead.org
Acked-by: Hsin-Yi Wang <hsinyi@chromium.org>
> ---
> arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
> index 7b08bf9499b6b..69e25bb96e3fb 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -106,12 +106,12 @@ static int setup_dtb(struct kimage *image,
>
> /* add rng-seed */
> if (rng_is_initialized()) {
> - u8 rng_seed[RNG_SEED_SIZE];
> - get_random_bytes(rng_seed, RNG_SEED_SIZE);
> - ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
> - RNG_SEED_SIZE);
> + void *rng_seed;
> + ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED,
> + RNG_SEED_SIZE, &rng_seed);
> if (ret)
> goto out;
> + get_random_bytes(rng_seed, RNG_SEED_SIZE);
> } else {
> pr_notice("RNG is not initialised: omitting \"%s\" property\n",
> FDT_PROP_RNG_SEED);
> --
> 2.26.0
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed
2019-12-10 15:45 [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed George Spelvin
2020-03-28 19:04 ` Hsin-Yi Wang
@ 2020-03-30 11:07 ` Mark Rutland
2020-03-30 13:37 ` Will Deacon
2 siblings, 0 replies; 6+ messages in thread
From: Mark Rutland @ 2020-03-30 11:07 UTC (permalink / raw)
To: George Spelvin
Cc: linux-kernel, Hsin-Yi Wang, Catalin Marinas, Will Deacon,
linux-arm-kernel, Ard Biesheuvel, James Morse
Hi George,
Nit: s/arm/arm64/ in the title
On Tue, Dec 10, 2019 at 10:45:27AM -0500, George Spelvin wrote:
> After using get_random_bytes(), you want to wipe the buffer
> afterward so the seed remains secret.
>
> In this case, we can eliminate the temporary buffer entirely.
> fdt_setprop_placeholder returns a pointer to the property value
> buffer, allowing us to put the random data directy in there without
> using a temporary buffer at all. Faster and less stack all in one.
>
> Signed-off-by: George Spelvin <lkml@sdf.org>
> Cc: Hsin-Yi Wang <hsinyi@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Cc: linux-arm-kernel@lists.infradead.org
> ---
> arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
> index 7b08bf9499b6b..69e25bb96e3fb 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -106,12 +106,12 @@ static int setup_dtb(struct kimage *image,
>
> /* add rng-seed */
> if (rng_is_initialized()) {
> - u8 rng_seed[RNG_SEED_SIZE];
> - get_random_bytes(rng_seed, RNG_SEED_SIZE);
> - ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
> - RNG_SEED_SIZE);
> + void *rng_seed;
> + ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED,
> + RNG_SEED_SIZE, &rng_seed);
> if (ret)
> goto out;
> + get_random_bytes(rng_seed, RNG_SEED_SIZE);
This looks sane to me, so FWIW:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> } else {
> pr_notice("RNG is not initialised: omitting \"%s\" property\n",
> FDT_PROP_RNG_SEED);
> --
> 2.26.0
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed
2019-12-10 15:45 [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed George Spelvin
2020-03-28 19:04 ` Hsin-Yi Wang
2020-03-30 11:07 ` Mark Rutland
@ 2020-03-30 13:37 ` Will Deacon
2020-03-30 17:38 ` [PATCH v2] arm64: " George Spelvin
2 siblings, 1 reply; 6+ messages in thread
From: Will Deacon @ 2020-03-30 13:37 UTC (permalink / raw)
To: George Spelvin
Cc: linux-kernel, Hsin-Yi Wang, Catalin Marinas, linux-arm-kernel
On Tue, Dec 10, 2019 at 10:45:27AM -0500, George Spelvin wrote:
> After using get_random_bytes(), you want to wipe the buffer
> afterward so the seed remains secret.
>
> In this case, we can eliminate the temporary buffer entirely.
> fdt_setprop_placeholder returns a pointer to the property value
> buffer, allowing us to put the random data directy in there without
s/directy/directly/
> using a temporary buffer at all. Faster and less stack all in one.
>
> Signed-off-by: George Spelvin <lkml@sdf.org>
> Cc: Hsin-Yi Wang <hsinyi@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Cc: linux-arm-kernel@lists.infradead.org
> ---
> arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
Acked-by: Will Deacon <will@kernel.org>
Please let me know if you'd like this queued via the arm64 tree, as it
appears to be independent of the rest of this series.
Will
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2] arm64: kexec_file: Avoid temp buffer for RNG seed
2020-03-30 13:37 ` Will Deacon
@ 2020-03-30 17:38 ` George Spelvin
2020-04-28 14:49 ` Will Deacon
0 siblings, 1 reply; 6+ messages in thread
From: George Spelvin @ 2020-03-30 17:38 UTC (permalink / raw)
To: Will Deacon
Cc: linux-kernel, Hsin-Yi Wang, Catalin Marinas, linux-arm-kernel, lkml
After using get_random_bytes(), you want to wipe the buffer
afterward so the seed remains secret.
In this case, we can eliminate the temporary buffer entirely.
fdt_setprop_placeholder() returns a pointer to the property value
buffer, allowing us to put the random data directly in there without
using a temporary buffer at all. Faster and less stack all in one.
Signed-off-by: George Spelvin <lkml@sdf.org>
Acked-by: Will Deacon <will@kernel.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
---
v2: Typos in commit message fixed.
Thank you, I'd be delighted if you'd apply it to the arm64 tree directly!
I can take it out of my patch series and off my plate.
Now that I'm looking at it some more, I want to change
fdt_setprop_placeholder to return an ERR_PTR.
Must. Stop. Scope. Creep.
arch/arm64/kernel/machine_kexec_file.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 7b08bf9499b6b..69e25bb96e3fb 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -106,12 +106,12 @@ static int setup_dtb(struct kimage *image,
/* add rng-seed */
if (rng_is_initialized()) {
- u8 rng_seed[RNG_SEED_SIZE];
- get_random_bytes(rng_seed, RNG_SEED_SIZE);
- ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
- RNG_SEED_SIZE);
+ void *rng_seed;
+ ret = fdt_setprop_placeholder(dtb, off, FDT_PROP_RNG_SEED,
+ RNG_SEED_SIZE, &rng_seed);
if (ret)
goto out;
+ get_random_bytes(rng_seed, RNG_SEED_SIZE);
} else {
pr_notice("RNG is not initialised: omitting \"%s\" property\n",
FDT_PROP_RNG_SEED);
--
2.26.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2] arm64: kexec_file: Avoid temp buffer for RNG seed
2020-03-30 17:38 ` [PATCH v2] arm64: " George Spelvin
@ 2020-04-28 14:49 ` Will Deacon
0 siblings, 0 replies; 6+ messages in thread
From: Will Deacon @ 2020-04-28 14:49 UTC (permalink / raw)
To: George Spelvin
Cc: catalin.marinas, Will Deacon, linux-arm-kernel, linux-kernel,
lkml, Hsin-Yi Wang
On Mon, 30 Mar 2020 17:38:01 +0000, George Spelvin wrote:
> After using get_random_bytes(), you want to wipe the buffer
> afterward so the seed remains secret.
>
> In this case, we can eliminate the temporary buffer entirely.
> fdt_setprop_placeholder() returns a pointer to the property value
> buffer, allowing us to put the random data directly in there without
> using a temporary buffer at all. Faster and less stack all in one.
Applied to arm64 (for-next/misc), thanks!
[1/1] arm64: kexec_file: Avoid temp buffer for RNG seed
https://git.kernel.org/arm64/c/99ee28d99607
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-04-28 14:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-10 15:45 [RFC PATCH v1 39/50] arm: kexec_file: Avoid temp buffer for RNG seed George Spelvin
2020-03-28 19:04 ` Hsin-Yi Wang
2020-03-30 11:07 ` Mark Rutland
2020-03-30 13:37 ` Will Deacon
2020-03-30 17:38 ` [PATCH v2] arm64: " George Spelvin
2020-04-28 14:49 ` Will Deacon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).