[PATCH v13 1/2] arm64: Implement archrandom.h for ARMv8.5-RNG
chenjun (AM)
chenjun102 at huawei.com
Thu Jul 9 03:37:03 EDT 2020
Hi
I get a compile warning that val maybe uninitialized in
arch_get_random_seed_int, after applying this patch.
And whether this will cause a security problem or not.
__extract_hwseed called by prandom_init does not check the value
returned by arch_get_random_seed_int.
static u32 __extract_hwseed(void)
{
unsigned int val = 0;
(void)(arch_get_random_seed_int(&val) ||
arch_get_random_int(&val));
return val;
}
Could you fix the compile warning in next version?
> From: Richard Henderson <richard.henderson at linaro.org>
>
> Expose the ID_AA64ISAR0.RNDR field to userspace, as the RNG system
> registers are always available at EL0.
>
> Implement arch_get_random_seed_long using RNDR. Given that the
> TRNG is likely to be a shared resource between cores, and VMs,
> do not explicitly force re-seeding with RNDRRS. In order to avoid
> code complexity and potential issues with hetrogenous systems only
> provide values after cpufeature has finalized the system capabilities.
>
> Signed-off-by: Richard Henderson <richard.henderson at linaro.org>
> [Modified to only function after cpufeature has finalized the system
> capabilities and move all the code into the header -- broonie]
> Signed-off-by: Mark Brown <broonie at kernel.org>
> Reviewed-by: Mark Rutland <mark.rutland at arm.com>
> ---
> Documentation/arm64/cpu-feature-registers.rst | 2 +
> Documentation/arm64/elf_hwcaps.rst | 4 ++
> arch/arm64/Kconfig | 12 ++++
> arch/arm64/include/asm/archrandom.h | 67 +++++++++++++++++++
> arch/arm64/include/asm/cpucaps.h | 3 +-
> arch/arm64/include/asm/hwcap.h | 1 +
> arch/arm64/include/asm/sysreg.h | 4 ++
> arch/arm64/include/uapi/asm/hwcap.h | 1 +
> arch/arm64/kernel/cpufeature.c | 14 ++++
> 9 files changed, 107 insertions(+), 1 deletion(-)
> create mode 100644 arch/arm64/include/asm/archrandom.h
>
> diff --git a/Documentation/arm64/cpu-feature-registers.rst
> b/Documentation/arm64/cpu-feature-registers.rst
> index b6e44884e3ad..ce320785fb0c 100644
> --- a/Documentation/arm64/cpu-feature-registers.rst
> +++ b/Documentation/arm64/cpu-feature-registers.rst
> @@ -117,6 +117,8 @@ infrastructure:
> +------------------------------+---------+---------+
> | Name | bits | visible |
> +------------------------------+---------+---------+
> + | RNDR | [63-60] | y |
> + +------------------------------+---------+---------+
> | TS | [55-52] | y |
> +------------------------------+---------+---------+
> | FHM | [51-48] | y |
> diff --git a/Documentation/arm64/elf_hwcaps.rst
> b/Documentation/arm64/elf_hwcaps.rst
> index 7fa3d215ae6a..276a33414b22 100644
> --- a/Documentation/arm64/elf_hwcaps.rst
> +++ b/Documentation/arm64/elf_hwcaps.rst
> @@ -204,6 +204,10 @@ HWCAP2_FRINT
> Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001.
> +HWCAP2_RNG
> +
> + Functionality implied by ID_AA64ISAR0_EL1.RNDR == 0b0001.
> +
> 4. Unused AT_HWCAP bits
> -----------------------
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index b1b4476ddb83..835f8158220e 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1484,6 +1484,18 @@ config ARM64_PTR_AUTH
> endmenu
> +menu "ARMv8.5 architectural features"
> +
> +config ARCH_RANDOM
> + bool "Enable support for random number generation"
> + default y
> + help
> + Random number generation (part of the ARMv8.5 Extensions)
> + provides a high bandwidth, cryptographically secure
> + hardware random number generator.
> +
> +endmenu
> +
> config ARM64_SVE
> bool "ARM Scalable Vector Extension support"
> default y
> diff --git a/arch/arm64/include/asm/archrandom.h
> b/arch/arm64/include/asm/archrandom.h
> new file mode 100644
> index 000000000000..5ea5a1ce5a5f
> --- /dev/null
> +++ b/arch/arm64/include/asm/archrandom.h
> @@ -0,0 +1,67 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _ASM_ARCHRANDOM_H
> +#define _ASM_ARCHRANDOM_H
> +
> +#ifdef CONFIG_ARCH_RANDOM
> +
> +#include <linux/random.h>
> +#include <asm/cpufeature.h>
> +
> +static inline bool __arm64_rndr(unsigned long *v)
> +{
> + bool ok;
> +
> + /*
> + * Reads of RNDR set PSTATE.NZCV to 0b0000 on success,
> + * and set PSTATE.NZCV to 0b0100 otherwise.
> + */
> + asm volatile(
> + __mrs_s("%0", SYS_RNDR_EL0) "\n"
> + " cset %w1, ne\n"
> + : "=r" (*v), "=r" (ok)
> + :
> + : "cc");
> +
> + return ok;
> +}
> +
> +static inline bool __must_check arch_get_random_long(unsigned long *v)
> +{
> + return false;
> +}
> +
> +static inline bool __must_check arch_get_random_int(unsigned int *v)
> +{
> + return false;
> +}
> +
> +static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
> +{
> + /*
> + * Only support the generic interface after we have detected
> + * the system wide capability, avoiding complexity with the
> + * cpufeature code and with potential scheduling between CPUs
> + * with and without the feature.
> + */
> + if (!cpus_have_const_cap(ARM64_HAS_RNG))
> + return false;
> +
> + return __arm64_rndr(v);
> +}
> +
> +
> +static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
> +{
> + unsigned long val;
> + bool ok = arch_get_random_seed_long(&val);
> +
> + *v = val;
> + return ok;
> +}
> +
> +#else
> +
> +static inline bool __arm64_rndr(unsigned long *v) { return false; }
> +
> +#endif /* CONFIG_ARCH_RANDOM */
> +#endif /* _ASM_ARCHRANDOM_H */
> diff --git a/arch/arm64/include/asm/cpucaps.h
> b/arch/arm64/include/asm/cpucaps.h
> index b92683871119..515f4fbcbf91 100644
> --- a/arch/arm64/include/asm/cpucaps.h
> +++ b/arch/arm64/include/asm/cpucaps.h
> @@ -56,7 +56,8 @@
> #define ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM 46
> #define ARM64_WORKAROUND_1542419 47
> #define ARM64_WORKAROUND_1319367 48
> +#define ARM64_HAS_RNG 49
> -#define ARM64_NCAPS 49
> +#define ARM64_NCAPS 50
> #endif /* __ASM_CPUCAPS_H */
> diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h
> index 3d2f2472a36c..fa186480e805 100644
> --- a/arch/arm64/include/asm/hwcap.h
> +++ b/arch/arm64/include/asm/hwcap.h
> @@ -86,6 +86,7 @@
> #define KERNEL_HWCAP_SVESM4 __khwcap2_feature(SVESM4)
> #define KERNEL_HWCAP_FLAGM2 __khwcap2_feature(FLAGM2)
> #define KERNEL_HWCAP_FRINT __khwcap2_feature(FRINT)
> +#define KERNEL_HWCAP_RNG __khwcap2_feature(RNG)
> /*
> * This yields a mask that user programs can use to figure out what
> diff --git a/arch/arm64/include/asm/sysreg.h
> b/arch/arm64/include/asm/sysreg.h
> index 6e919fafb43d..5e718f279469 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -365,6 +365,9 @@
> #define SYS_CTR_EL0 sys_reg(3, 3, 0, 0, 1)
> #define SYS_DCZID_EL0 sys_reg(3, 3, 0, 0, 7)
> +#define SYS_RNDR_EL0 sys_reg(3, 3, 2, 4, 0)
> +#define SYS_RNDRRS_EL0 sys_reg(3, 3, 2, 4, 1)
> +
> #define SYS_PMCR_EL0 sys_reg(3, 3, 9, 12, 0)
> #define SYS_PMCNTENSET_EL0 sys_reg(3, 3, 9, 12, 1)
> #define SYS_PMCNTENCLR_EL0 sys_reg(3, 3, 9, 12, 2)
> @@ -539,6 +542,7 @@
> ENDIAN_SET_EL1 | SCTLR_EL1_UCI | SCTLR_EL1_RES1)
> /* id_aa64isar0 */
> +#define ID_AA64ISAR0_RNDR_SHIFT 60
> #define ID_AA64ISAR0_TS_SHIFT 52
> #define ID_AA64ISAR0_FHM_SHIFT 48
> #define ID_AA64ISAR0_DP_SHIFT 44
> diff --git a/arch/arm64/include/uapi/asm/hwcap.h
> b/arch/arm64/include/uapi/asm/hwcap.h
> index a1e72886b30c..f192ac33fc76 100644
> --- a/arch/arm64/include/uapi/asm/hwcap.h
> +++ b/arch/arm64/include/uapi/asm/hwcap.h
> @@ -65,5 +65,6 @@
> #define HWCAP2_SVESM4 (1 << 6)
> #define HWCAP2_FLAGM2 (1 << 7)
> #define HWCAP2_FRINT (1 << 8)
> +#define HWCAP2_RNG (1 << 9)
> #endif /* _UAPI__ASM_HWCAP_H */
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 04cf64e9f0c9..3b94e8047c9e 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -119,6 +119,7 @@ static void cpu_enable_cnp(struct
> arm64_cpu_capabilities const *cap);
> * sync with the documentation of the CPU feature register ABI.
> */
> static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
> + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
> ID_AA64ISAR0_RNDR_SHIFT, 4, 0),
> ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
> ID_AA64ISAR0_TS_SHIFT, 4, 0),
> ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
> ID_AA64ISAR0_FHM_SHIFT, 4, 0),
> ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
> ID_AA64ISAR0_DP_SHIFT, 4, 0),
> @@ -1566,6 +1567,18 @@ static const struct arm64_cpu_capabilities
> arm64_features[] = {
> .sign = FTR_UNSIGNED,
> .min_field_value = 1,
> },
> +#endif
> +#ifdef CONFIG_ARCH_RANDOM
> + {
> + .desc = "Random Number Generator",
> + .capability = ARM64_HAS_RNG,
> + .type = ARM64_CPUCAP_SYSTEM_FEATURE,
> + .matches = has_cpuid_feature,
> + .sys_reg = SYS_ID_AA64ISAR0_EL1,
> + .field_pos = ID_AA64ISAR0_RNDR_SHIFT,
> + .sign = FTR_UNSIGNED,
> + .min_field_value = 1,
> + },
> #endif
> {},
> };
> @@ -1638,6 +1651,7 @@ static const struct arm64_cpu_capabilities
> arm64_elf_hwcaps[] = {
> HWCAP_CAP(SYS_ID_AA64ISAR0_EL1, ID_AA64ISAR0_FHM_SHIFT, FTR_UNSIGNED, 1,
> CAP_HWCAP, KERNEL_HWCAP_ASIMDFHM),
> HWCAP_CAP(SYS_ID_AA64ISAR0_EL1, ID_AA64ISAR0_TS_SHIFT, FTR_UNSIGNED, 1,
> CAP_HWCAP, KERNEL_HWCAP_FLAGM),
> HWCAP_CAP(SYS_ID_AA64ISAR0_EL1, ID_AA64ISAR0_TS_SHIFT, FTR_UNSIGNED, 2,
> CAP_HWCAP, KERNEL_HWCAP_FLAGM2),
> + HWCAP_CAP(SYS_ID_AA64ISAR0_EL1, ID_AA64ISAR0_RNDR_SHIFT, FTR_UNSIGNED,
> 1, CAP_HWCAP, KERNEL_HWCAP_RNG),
> HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_FP_SHIFT, FTR_SIGNED, 0,
> CAP_HWCAP, KERNEL_HWCAP_FP),
> HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_FP_SHIFT, FTR_SIGNED, 1,
> CAP_HWCAP, KERNEL_HWCAP_FPHP),
> HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_ASIMD_SHIFT, FTR_SIGNED, 0,
> CAP_HWCAP, KERNEL_HWCAP_ASIMD),
>
> --
> 2.20.1
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
> .
>
More information about the linux-arm-kernel
mailing list