Re: [PATCH v6 3/3] arm64: kexec_file: add rng-seed support

Fri, 28 Jun 2019 02:43:47 -0700 

On Wed, Jun 12, 2019 at 12:33:02PM +0800, Hsin-Yi Wang wrote:
> Adding "rng-seed" to dtb. It's fine to add this property if original
> fdt doesn't contain it. Since original seed will be wiped after
> read, so use a default size 128 bytes here.

Why is 128 bytes the default value?

I didn't see an update to Documentation/devicetree/bindings/chosen.txt,
so it's not clear to me precisely what we expect.

> 
> Signed-off-by: Hsin-Yi Wang <hsi...@chromium.org>
> Reviewed-by: Stephen Boyd <swb...@chromium.org>
> ---
> change log v5->v6:
> * no change
> ---
>  arch/arm64/kernel/machine_kexec_file.c | 22 +++++++++++++++++++++-
>  1 file changed, 21 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm64/kernel/machine_kexec_file.c 
> b/arch/arm64/kernel/machine_kexec_file.c
> index 58871333737a..d40fde72a023 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -27,6 +27,8 @@
>  #define FDT_PROP_INITRD_END  "linux,initrd-end"
>  #define FDT_PROP_BOOTARGS    "bootargs"
>  #define FDT_PROP_KASLR_SEED  "kaslr-seed"
> +#define FDT_PROP_RNG_SEED    "rng-seed"
> +#define RNG_SEED_SIZE                128
>  
>  const struct kexec_file_ops * const kexec_file_loaders[] = {
>       &kexec_image_ops,
> @@ -102,6 +104,23 @@ static int setup_dtb(struct kimage *image,
>                               FDT_PROP_KASLR_SEED);
>       }
>  
> +     /* add rng-seed */
> +     if (rng_is_initialized()) {
> +             void *rng_seed = kmalloc(RNG_SEED_SIZE, GFP_ATOMIC);

For 128 bytes, it would be better to use a buffer on the stack. That
avoids the possibility of the allocation failing.

> +             get_random_bytes(rng_seed, RNG_SEED_SIZE);
> +
> +             ret = fdt_setprop(dtb, off, FDT_PROP_RNG_SEED, rng_seed,
> +                             RNG_SEED_SIZE);
> +             kfree(rng_seed);
> +
> +             if (ret)
> +                     goto out;

If the RNG wasn't initialised, we'd carry on with a warning. Why do we
follow a different policy here?

Thanks,
Mark.

> +
> +     } else {
> +             pr_notice("RNG is not initialised: omitting \"%s\" property\n",
> +                             FDT_PROP_RNG_SEED);
> +     }
> +
>  out:
>       if (ret)
>               return (ret == -FDT_ERR_NOSPACE) ? -ENOMEM : -EINVAL;
> @@ -110,7 +129,8 @@ static int setup_dtb(struct kimage *image,
>  }
>  
>  /*
> - * More space needed so that we can add initrd, bootargs and kaslr-seed.
> + * More space needed so that we can add initrd, bootargs, kaslr-seed, and
> + * rng-seed.
>   */
>  #define DTB_EXTRA_SPACE 0x1000
>  
> -- 
> 2.20.1
>

Reply via email to