From nobody Sat Apr 18 14:12:34 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBAD4C43334 for ; Wed, 13 Jul 2022 09:58:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231550AbiGMJ6a (ORCPT ); Wed, 13 Jul 2022 05:58:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229863AbiGMJ62 (ORCPT ); Wed, 13 Jul 2022 05:58:28 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46338B8EBF; Wed, 13 Jul 2022 02:58:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 048EDB81D61; Wed, 13 Jul 2022 09:58:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0446DC34114; Wed, 13 Jul 2022 09:58:23 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="i/ZymLFw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1657706302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cC9+vyBosgoNyCNggp5RRMhlmkVtUs2ndvxh9Fw5GoU=; b=i/ZymLFw+lmlx/vdDUjVgFygwHuBebZkorP5rHZUDrqfAlx/WXlzfsy09IaONc7Kq8Ktmp aRY/VhPUaGGmr+m/ggDuUmtCVyl7D6FF3d3eyxfu0KOd9+QeDvg/ih8Z5n0KpSAc/4BwNv 6IykJlOgT6z64wqegKqplKmi0fl1Ld4= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 97711f6d (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 13 Jul 2022 09:58:22 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-um@lists.infradead.org, linux-kernel@vger.kernel.org, johannes@sipsolutions.net Cc: "Jason A. Donenfeld" , stable@vger.kernel.org, Anton Ivanov Subject: [PATCH v2] um: seed rng using host OS rng Date: Wed, 13 Jul 2022 11:58:15 +0200 Message-Id: <20220713095815.162741-1-Jason@zx2c4.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" UML generally does not provide access to special CPU instructions like RDRAND, and execution tends to be rather deterministic, with no real hardware interrupts, making good randomness really very hard, if not all together impossible. Not only is this a security eyebrow raiser, but it's also quite annoying when trying to do various pieces of UML-based automation that takes a long time to boot, if ever. Fix this by trivially calling getrandom() in the host and using that seed as "bootloader randomness", which initializes the rng immediately at UML boot. The old behavior can be restored the same way as on any other arch, by way of CONFIG_TRUST_BOOTLOADER_RANDOMNESS=3Dn or random.trust_bootloader=3D0. So seen from that perspective, this just makes UML act like other archs, which is positive in its own right. Cc: stable@vger.kernel.org Cc: Johannes Berg Acked-By: Anton Ivanov Signed-off-by: Jason A. Donenfeld --- Changes v1->v2: - Include sys/types.h instead of stddef.h. arch/um/include/shared/os.h | 7 +++++++ arch/um/kernel/um_arch.c | 8 ++++++++ arch/um/os-Linux/util.c | 6 ++++++ 3 files changed, 21 insertions(+) diff --git a/arch/um/include/shared/os.h b/arch/um/include/shared/os.h index fafde1d5416e..0df646c6651e 100644 --- a/arch/um/include/shared/os.h +++ b/arch/um/include/shared/os.h @@ -11,6 +11,12 @@ #include #include #include +/* This is to get size_t */ +#ifndef __UM_HOST__ +#include +#else +#include +#endif =20 #define CATCH_EINTR(expr) while ((errno =3D 0, ((expr) < 0)) && (errno =3D= =3D EINTR)) =20 @@ -243,6 +249,7 @@ extern void stack_protections(unsigned long address); extern int raw(int fd); extern void setup_machinename(char *machine_out); extern void setup_hostinfo(char *buf, int len); +extern ssize_t os_getrandom(void *buf, size_t len, unsigned int flags); extern void os_dump_core(void) __attribute__ ((noreturn)); extern void um_early_printk(const char *s, unsigned int n); extern void os_fix_helper_signals(void); diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c index 0760e24f2eba..74f3efd96bd4 100644 --- a/arch/um/kernel/um_arch.c +++ b/arch/um/kernel/um_arch.c @@ -16,6 +16,7 @@ #include #include #include +#include =20 #include #include @@ -406,6 +407,8 @@ int __init __weak read_initrd(void) =20 void __init setup_arch(char **cmdline_p) { + u8 rng_seed[32]; + stack_protections((unsigned long) &init_thread_info); setup_physmem(uml_physmem, uml_reserved, physmem_size, highmem); mem_total_pages(physmem_size, iomem_size, highmem); @@ -416,6 +419,11 @@ void __init setup_arch(char **cmdline_p) strlcpy(boot_command_line, command_line, COMMAND_LINE_SIZE); *cmdline_p =3D command_line; setup_hostinfo(host_info, sizeof host_info); + + if (os_getrandom(rng_seed, sizeof(rng_seed), 0) =3D=3D sizeof(rng_seed)) { + add_bootloader_randomness(rng_seed, sizeof(rng_seed)); + memzero_explicit(rng_seed, sizeof(rng_seed)); + } } =20 void __init check_bugs(void) diff --git a/arch/um/os-Linux/util.c b/arch/um/os-Linux/util.c index 41297ec404bf..fc0f2a9dee5a 100644 --- a/arch/um/os-Linux/util.c +++ b/arch/um/os-Linux/util.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include =20 @@ -96,6 +97,11 @@ static inline void __attribute__ ((noreturn)) uml_abort(= void) exit(127); } =20 +ssize_t os_getrandom(void *buf, size_t len, unsigned int flags) +{ + return getrandom(buf, len, flags); +} + /* * UML helper threads must not handle SIGWINCH/INT/TERM */ --=20 2.35.1