Re: [PATCH] x86/coco: Require seeding RNG with RDRAND on CoCo systems

From: Andi Kleen
Date: Sat Feb 10 2024 - 00:09:22 EST

Next message: syzbot: "[syzbot] [kernel?] linux-next boot error: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) (2)"
Previous message: David Ahern: "Re: [PATCH V4 0/5] mlx5 ConnectX control misc driver"
In reply to: Jason A. Donenfeld: "[PATCH] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> + for (i = 0; i < ARRAY_SIZE(rng_seed); i += longs) {
> + longs = arch_get_random_longs(&rng_seed[i], ARRAY_SIZE(rng_seed) - i);
> +
> + /*
> + * A zero return value means that the guest is under attack,
> + * the hardware is broken, or some other mishap has occurred
> + * that means the RNG cannot be properly rng_seeded, which also
> + * likely means most crypto inside of the CoCo instance will be
> + * broken, defeating the purpose of CoCo in the first place. So
> + * just panic here because it's absolutely unsafe to continue
> + * executing.
> + */
> + BUG_ON(longs == 0);

BUG_ON doesn't necessarily panic. If you want panic, use panic.

-Andi

Next message: syzbot: "[syzbot] [kernel?] linux-next boot error: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) (2)"
Previous message: David Ahern: "Re: [PATCH V4 0/5] mlx5 ConnectX control misc driver"
In reply to: Jason A. Donenfeld: "[PATCH] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]