[PATCH 3/3] vsprintf: Add use-early-random-bytes cmd line option

From: Tobin C. Harding
Date: Tue May 01 2018 - 19:34:53 EST


Currently if an attempt is made to print a pointer before there is
enough entropy then '(____ptrval____)' is printed. This makes debugging
early stage stack traces difficult. We can relax the requirement for
cryptographically secure hashing when debugging while still maintaining
pointer hashing behaviour.

Add a command line option 'use-early-random-bytes'. When enabled get
key material from the hw RNG if available.

This option should NOT be enabled on production kernels.

Suggested-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
---
lib/vsprintf.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 47 insertions(+), 3 deletions(-)

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index b82f0c6c2aec..7b9cf6bb9fd2 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -1654,12 +1654,39 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,
return widen_string(buf, buf - buf_start, end, spec);
}

+/*
+ * Command line option use_early_random_bytes allows debugging early in
+ * the boot sequence, if enabled we attempt to use the hw RNG to get
+ * ptr_key material. Do NOT use on production kernels.
+ */
+static int use_early_random_bytes;
+EXPORT_SYMBOL(use_early_random_bytes);
+
+/*
+ * Process kernel command-line parameter at boot time.
+ * use_early_random_bytes=0 or use_early_random_bytes=1
+ */
+static int __init use_early_random_bytes_enable(char *str)
+{
+ long option;
+ int ret;
+
+ ret = !!kstrtol(str, 10, &option);
+ if (ret == 0 && option != 0)
+ use_early_random_bytes = 1;
+
+ pr_info("use_early_random_bytes: %s\n",
+ use_early_random_bytes ? "enabled" : "disabled");
+
+ return 1;
+}
+__setup("use-early-random-bytes=", use_early_random_bytes_enable);
+
static bool have_filled_random_ptr_key __read_mostly;
static siphash_key_t ptr_key __read_mostly;

-static void fill_random_ptr_key(struct random_ready_callback *unused)
+static void ptr_key_ready(void)
{
- get_random_bytes(&ptr_key, sizeof(ptr_key));
/*
* have_filled_random_ptr_key==true is dependent on get_random_bytes().
* ptr_to_id() needs to see have_filled_random_ptr_key==true
@@ -1669,13 +1696,30 @@ static void fill_random_ptr_key(struct random_ready_callback *unused)
WRITE_ONCE(have_filled_random_ptr_key, true);
}

+static void fill_random_ptr_key(struct random_ready_callback *unused)
+{
+ get_random_bytes(&ptr_key, sizeof(ptr_key));
+ ptr_key_ready();
+}
+
static struct random_ready_callback random_ready = {
.func = fill_random_ptr_key
};

static int __init initialize_ptr_random(void)
{
- int ret = add_random_ready_callback(&random_ready);
+ int ret;
+
+ if (use_early_random_bytes) {
+ int nbytes = sizeof(ptr_key);
+
+ if (get_random_bytes_arch(&ptr_key, nbytes) == nbytes) {
+ ptr_key_ready();
+ return 0;
+ }
+ }
+
+ ret = add_random_ready_callback(&random_ready);

if (!ret) {
return 0;
--
2.7.4