[PATCH v8 3/3] arm64: Use v8.5-RNG entropy for KASLR seed

Ard Biesheuvel ard.biesheuvel at linaro.org
Wed Jan 8 09:38:48 PST 2020


On Tue, 7 Jan 2020 at 19:38, Mark Brown <broonie at kernel.org> wrote:
>
> When seeding KALSR on a system where we have architecture level random
> number generation make use of that entropy, mixing it in with the seed
> passed by the bootloader. Since this is run very early in init before
> feature detection is complete we open code rather than use archrandom.h.
>
> Signed-off-by: Mark Brown <broonie at kernel.org>
> ---
>  arch/arm64/kernel/kaslr.c | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index 2a11a962e571..fc38c4c25eb6 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -81,7 +81,8 @@ static __init const u8 *kaslr_get_cmdline(void *fdt)
>  u64 __init kaslr_early_init(u64 dt_phys)
>  {
>         void *fdt;
> -       u64 seed, offset, mask, module_range;
> +       u64 seed, offset, mask, module_range, ftr;
> +       unsigned long raw;
>         const u8 *cmdline, *str;
>         int size;
>
> @@ -120,6 +121,18 @@ u64 __init kaslr_early_init(u64 dt_phys)
>                 return 0;
>         }
>
> +       /*
> +        * Mix in any entropy obtainable architecturally, open coded
> +        * since this runs extremely early.
> +        */
> +       if (IS_ENABLED(CONFIG_ARCH_RANDOM)) {
> +               ftr = read_sysreg_s(SYS_ID_AA64ISAR0_EL1);
> +               if ((ftr >> ID_AA64ISAR0_RNDR_SHIFT) & 0xf) {
> +                       if (__arm64_rndr(&raw))
> +                               seed += raw;

Using addition rather than xor to combine seeds is slightly
unidiomatic, so if you are doing this for a specific reason, it would
be good to mention it.

On a system that implements these instructions, the existing seed is
likely to come from the same source, but the ZF flag should catch any
cases where the output is stale (which unfortunately is a thing that
the spec does not ban). So using add instead of xor to mitigate
against correlated seeds seems both unnecessary and insufficient at
the same time, if that was the intention.


> +               }
> +       }
> +
>         if (!seed) {
>                 kaslr_status = KASLR_DISABLED_NO_SEED;
>                 return 0;
> --
> 2.20.1
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel



More information about the linux-arm-kernel mailing list