From: Chris von Recklinghausen <crecklin@redhat.com>
To: ardb@kernel.org, simo@redhat.com, rafael@kernel.org,
decui@microsoft.com, linux-pm@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] use crc32 instead of md5 for hibernation e820 integrity check
Date: Thu, 1 Apr 2021 08:24:58 -0400 [thread overview]
Message-ID: <20210401122458.12663-2-crecklin@redhat.com> (raw)
In-Reply-To: <20210401122458.12663-1-crecklin@redhat.com>
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen <crecklin@redhat.com>
---
arch/x86/power/hibernate.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/arch/x86/power/hibernate.c b/arch/x86/power/hibernate.c
index cd3914fc9f3d..6a3f4e32e49c 100644
--- a/arch/x86/power/hibernate.c
+++ b/arch/x86/power/hibernate.c
@@ -55,31 +55,31 @@ int pfn_is_nosave(unsigned long pfn)
}
-#define MD5_DIGEST_SIZE 16
+#define CRC32_DIGEST_SIZE 16
struct restore_data_record {
unsigned long jump_address;
unsigned long jump_address_phys;
unsigned long cr3;
unsigned long magic;
- u8 e820_digest[MD5_DIGEST_SIZE];
+ u8 e820_digest[CRC32_DIGEST_SIZE];
};
-#if IS_BUILTIN(CONFIG_CRYPTO_MD5)
+#if IS_BUILTIN(CONFIG_CRYPTO_CRC32)
/**
- * get_e820_md5 - calculate md5 according to given e820 table
+ * get_e820_crc32 - calculate crc32 according to given e820 table
*
* @table: the e820 table to be calculated
- * @buf: the md5 result to be stored to
+ * @buf: the crc32 result to be stored to
*/
-static int get_e820_md5(struct e820_table *table, void *buf)
+static int get_e820_crc32(struct e820_table *table, void *buf)
{
struct crypto_shash *tfm;
struct shash_desc *desc;
int size;
int ret = 0;
- tfm = crypto_alloc_shash("md5", 0, 0);
+ tfm = crypto_alloc_shash("crc32", 0, 0);
if (IS_ERR(tfm))
return -ENOMEM;
@@ -107,24 +107,24 @@ static int get_e820_md5(struct e820_table *table, void *buf)
static int hibernation_e820_save(void *buf)
{
- return get_e820_md5(e820_table_firmware, buf);
+ return get_e820_crc32(e820_table_firmware, buf);
}
static bool hibernation_e820_mismatch(void *buf)
{
int ret;
- u8 result[MD5_DIGEST_SIZE];
+ u8 result[CRC32_DIGEST_SIZE];
- memset(result, 0, MD5_DIGEST_SIZE);
+ memset(result, 0, CRC32_DIGEST_SIZE);
/* If there is no digest in suspend kernel, let it go. */
- if (!memcmp(result, buf, MD5_DIGEST_SIZE))
+ if (!memcmp(result, buf, CRC32_DIGEST_SIZE))
return false;
- ret = get_e820_md5(e820_table_firmware, result);
+ ret = get_e820_crc32(e820_table_firmware, result);
if (ret)
return true;
- return memcmp(result, buf, MD5_DIGEST_SIZE) ? true : false;
+ return memcmp(result, buf, CRC32_DIGEST_SIZE) ? true : false;
}
#else
static int hibernation_e820_save(void *buf)
@@ -134,7 +134,7 @@ static int hibernation_e820_save(void *buf)
static bool hibernation_e820_mismatch(void *buf)
{
- /* If md5 is not builtin for restore kernel, let it go. */
+ /* If crc32 is not builtin for restore kernel, let it go. */
return false;
}
#endif
@@ -160,6 +160,9 @@ int arch_hibernation_header_save(void *addr, unsigned int max_size)
rdr->jump_address = (unsigned long)restore_registers;
rdr->jump_address_phys = __pa_symbol(restore_registers);
+ /* crc32 digest size is 4 but digest buffer size is 16 so zero it all */
+ memset(rdr->e820_digest, 0, CRC32_DIGEST_SIZE);
+
/*
* The restore code fixes up CR3 and CR4 in the following sequence:
*
--
2.18.1
next prev parent reply other threads:[~2021-04-01 17:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 12:24 [PATCH 0/1] use crc32 instead of md5 for hibernation e820 integrity check Chris von Recklinghausen
2021-04-01 12:24 ` Chris von Recklinghausen [this message]
2021-04-01 13:34 ` [PATCH 1/1] " Rafael J. Wysocki
2021-04-01 13:59 ` Ard Biesheuvel
2021-04-01 16:19 ` Rafael J. Wysocki
2021-04-01 18:43 ` Eric Biggers
2021-04-01 16:22 ` Rafael J. Wysocki
2021-04-01 18:47 ` [PATCH 0/1] " Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210401122458.12663-2-crecklin@redhat.com \
--to=crecklin@redhat.com \
--cc=ardb@kernel.org \
--cc=decui@microsoft.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).