Re: [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator

From: Jason A. Donenfeld
Date: Wed Mar 13 2024 - 19:33:11 EST

Next message: Jason A. Donenfeld: "Re: [PATCH v5] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Previous message: David Rientjes: "Re: [PATCH v3 0/3] A Solution to Re-enable hugetlb vmemmap optimize"
In reply to: Long Li: "RE: [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator"
Next in thread: Michael Kelley: "RE: [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Michael,

On Thu, Mar 07, 2024 at 10:48:20AM -0800, mhkelley58@xxxxxxxxx wrote:
> + /*
> + * Seed the Linux random number generator with entropy provided by
> + * the Hyper-V host in ACPI table OEM0. It would be nice to do this
> + * even earlier in ms_hyperv_init_platform(), but the ACPI subsystem
> + * isn't set up at that point. Skip if booted via EFI as generic EFI
> + * code has already done some seeding using the EFI RNG protocol.
> + */
> + if (!IS_ENABLED(CONFIG_ACPI) || efi_enabled(EFI_BOOT))
> + return;

Even if EFI seeds the kernel using its own code, if this is available,
it should be used too. So I think you should remove the `|| efi_enabled(EFI_BOOT)`
part and let the add_bootloader_randomness() do what it wants with the
entropy.

> +
> + status = acpi_get_table("OEM0", 0, &header);
> + if (ACPI_FAILURE(status) || !header)
> + return;
> +
> + /*
> + * Since the "OEM0" table name is for OEM specific usage, verify
> + * that what we're seeing purports to be from Microsoft.
> + */
> + if (strncmp(header->oem_table_id, "MICROSFT", 8))
> + goto error;
> +
> + /*
> + * Ensure the length is reasonable. Requiring at least 32 bytes and
> + * no more than 256 bytes is somewhat arbitrary. Hyper-V currently
> + * provides 64 bytes, but allow for a change in a later version.
> + */
> + if (header->length < sizeof(*header) + 32 ||
> + header->length > sizeof(*header) + 256)

What's the point of the lower bound? Obviously skip for 0, but if
there's only 16 bytes, cool, 16 bytes is good and can't hurt.

For the upper bound, I understand you need some sanity check. Why not
put it a bit higher, though, at SZ_4K or something? Can't hurt.

> + goto error;
> +
> + length = header->length - sizeof(*header);
> + randomdata = (u8 *)(header + 1);
> +
> + pr_debug("Hyper-V: Seeding rng with %d random bytes from ACPI table OEM0\n",
> + length);
> +
> + add_bootloader_randomness(randomdata, length);
> +
> + /*
> + * To prevent the seed data from being visible in /sys/firmware/acpi,
> + * zero out the random data in the ACPI table and fixup the checksum.
> + */
> + for (i = 0; i < length; i++) {
> + header->checksum += randomdata[i];
> + randomdata[i] = 0;
> + }

Seems dangerous for kexec and such. What if, in addition to zeroing out
the actual data, you also set header->length to 0, so that it doesn't
get used again as 32 bytes of known zeros?

Thanks,
Jason

Next message: Jason A. Donenfeld: "Re: [PATCH v5] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Previous message: David Rientjes: "Re: [PATCH v3 0/3] A Solution to Re-enable hugetlb vmemmap optimize"
In reply to: Long Li: "RE: [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator"
Next in thread: Michael Kelley: "RE: [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]