Re: [PATCH v34 04/12] LRNG - add switchable DRNG support
From: kernel test robot
Date: Mon Aug 31 2020 - 06:49:53 EST
Hi "Stephan,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on char-misc/char-misc-testing]
[also build test ERROR on cryptodev/master crypto/master v5.9-rc3 next-20200828]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Stephan-M-ller/dev-random-a-new-approach-with-full-SP800-90B-compliance/20200825-153914
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git d162219c655c8cf8003128a13840d6c1e183fb80
config: riscv-allmodconfig (attached as .config)
compiler: riscv64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=riscv
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
All errors (new ones prefixed by >>):
drivers/char/lrng/lrng_switch.c: In function 'lrng_drng_switch':
>> drivers/char/lrng/lrng_switch.c:20:2: error: variable 'seed' with 'latent_entropy' attribute must not be local
20 | u8 seed[LRNG_DRNG_SECURITY_STRENGTH_BYTES] __latent_entropy;
| ^~
# https://github.com/0day-ci/linux/commit/b4a65336bab63ba2d7b4be76a1acad8eb6b63daf
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Stephan-M-ller/dev-random-a-new-approach-with-full-SP800-90B-compliance/20200825-153914
git checkout b4a65336bab63ba2d7b4be76a1acad8eb6b63daf
vim +20 drivers/char/lrng/lrng_switch.c
13
14 static int lrng_drng_switch(struct lrng_drng *drng_store,
15 const struct lrng_crypto_cb *cb, int node)
16 {
17 const struct lrng_crypto_cb *old_cb;
18 unsigned long flags = 0;
19 int ret;
> 20 u8 seed[LRNG_DRNG_SECURITY_STRENGTH_BYTES] __latent_entropy;
21 void *new_drng = cb->lrng_drng_alloc(LRNG_DRNG_SECURITY_STRENGTH_BYTES);
22 void *old_drng, *new_hash, *old_hash;
23 bool sl = false, reset_drng = !lrng_get_available();
24
25 if (IS_ERR(new_drng)) {
26 pr_warn("could not allocate new DRNG for NUMA node %d (%ld)\n",
27 node, PTR_ERR(new_drng));
28 return PTR_ERR(new_drng);
29 }
30
31 /*
32 * The seed potentially used as MAC key is undefined to add some
33 * variation. Yet, the security of the MAC does not rely on the key
34 * being secret. The key is only there to turn a MAC into a hash.
35 * The intention is to allow the specification of CMAC(AES) as "hash"
36 * to limit the dependency to AES when using the CTR DRBG.
37 */
38 new_hash = cb->lrng_hash_alloc(seed, sizeof(seed));
39 if (IS_ERR(new_hash)) {
40 pr_warn("could not allocate new LRNG pool hash (%ld)\n",
41 PTR_ERR(new_hash));
42 cb->lrng_drng_dealloc(new_drng);
43 return PTR_ERR(new_hash);
44 }
45
46 lrng_drng_lock(drng_store, &flags);
47
48 /*
49 * Pull from existing DRNG to seed new DRNG regardless of seed status
50 * of old DRNG -- the entropy state for the DRNG is left unchanged which
51 * implies that als the new DRNG is reseeded when deemed necessary. This
52 * seeding of the new DRNG shall only ensure that the new DRNG has the
53 * same entropy as the old DRNG.
54 */
55 ret = drng_store->crypto_cb->lrng_drng_generate_helper(
56 drng_store->drng, seed, sizeof(seed));
57 lrng_drng_unlock(drng_store, &flags);
58
59 if (ret < 0) {
60 reset_drng = true;
61 pr_warn("getting random data from DRNG failed for NUMA node %d (%d)\n",
62 node, ret);
63 } else {
64 /* seed new DRNG with data */
65 ret = cb->lrng_drng_seed_helper(new_drng, seed, ret);
66 if (ret < 0) {
67 reset_drng = true;
68 pr_warn("seeding of new DRNG failed for NUMA node %d (%d)\n",
69 node, ret);
70 } else {
71 pr_debug("seeded new DRNG of NUMA node %d instance from old DRNG instance\n",
72 node);
73 }
74 }
75
76 mutex_lock(&drng_store->lock);
77 /*
78 * If we switch the DRNG from the initial ChaCha20 DRNG to something
79 * else, there is a lock transition from spin lock to mutex (see
80 * lrng_drng_is_atomic and how the lock is taken in lrng_drng_lock).
81 * Thus, we need to take both locks during the transition phase.
82 */
83 if (lrng_drng_is_atomic(drng_store)) {
84 spin_lock_irqsave(&drng_store->spin_lock, flags);
85 sl = true;
86 } else {
87 __acquire(&drng_store->spin_lock);
88 }
89
90 if (reset_drng)
91 lrng_drng_reset(drng_store);
92
93 old_drng = drng_store->drng;
94 old_cb = drng_store->crypto_cb;
95 drng_store->drng = new_drng;
96 drng_store->crypto_cb = cb;
97
98 old_hash = drng_store->hash;
99 drng_store->hash = new_hash;
100 pr_info("Entropy pool read-hash allocated for DRNG for NUMA node %d\n",
101 node);
102
103 if (sl)
104 spin_unlock_irqrestore(&drng_store->spin_lock, flags);
105 else
106 __release(&drng_store->spin_lock);
107 mutex_unlock(&drng_store->lock);
108
109 /* ChaCha20 serves as atomic instance left untouched. */
110 if (old_drng != &chacha20) {
111 old_cb->lrng_drng_dealloc(old_drng);
112 old_cb->lrng_hash_dealloc(old_hash);
113 }
114
115 pr_info("DRNG of NUMA node %d switched\n", node);
116
117 return 0;
118 }
119
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip