random: remove CONFIG_ARCH_RANDOM
When RDRAND was introduced, there was much discussion on whether it should be trusted and how the kernel should handle that. Initially, two mechanisms cropped up, CONFIG_ARCH_RANDOM, a compile time switch, and "nordrand", a boot-time switch. Later the thinking evolved. With a properly designed RNG, using RDRAND values alone won't harm anything, even if the outputs are malicious. Rather, the issue is whether those values are being *trusted* to be good or not. And so a new set of options were introduced as the real ones that people use -- CONFIG_RANDOM_TRUST_CPU and "random.trust_cpu". With these options, RDRAND is used, but it's not always credited. So in the worst case, it does nothing, and in the best case, maybe it helps. Along the way, CONFIG_ARCH_RANDOM's meaning got sort of pulled into the center and became something certain platforms force-select. The old options don't really help with much, and it's a bit odd to have special handling for these instructions when the kernel can deal fine with the existence or untrusted existence or broken existence or non-existence of that CPU capability. Simplify the situation by removing CONFIG_ARCH_RANDOM and using the ordinary asm-generic fallback pattern instead, keeping the two options that are actually used. For now it leaves "nordrand" for now, as the removal of that will take a different route. Acked-by: Michael Ellerman <mpe@ellerman.id.au> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Borislav Petkov <bp@suse.de> Acked-by: Heiko Carstens <hca@linux.ibm.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Родитель
829d680e82
Коммит
9592eef7c1
|
@ -7,4 +7,6 @@ static inline bool __init smccc_probe_trng(void)
|
|||
return false;
|
||||
}
|
||||
|
||||
#include <asm-generic/archrandom.h>
|
||||
|
||||
#endif /* _ASM_ARCHRANDOM_H */
|
||||
|
|
|
@ -1858,14 +1858,6 @@ config ARM64_E0PD
|
|||
|
||||
This option enables E0PD for TTBR1 where available.
|
||||
|
||||
config ARCH_RANDOM
|
||||
bool "Enable support for random number generation"
|
||||
default y
|
||||
help
|
||||
Random number generation (part of the ARMv8.5 Extensions)
|
||||
provides a high bandwidth, cryptographically secure
|
||||
hardware random number generator.
|
||||
|
||||
config ARM64_AS_HAS_MTE
|
||||
# Initial support for MTE went in binutils 2.32.0, checked with
|
||||
# ".arch armv8.5-a+memtag" below. However, this was incomplete
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
#ifndef _ASM_ARCHRANDOM_H
|
||||
#define _ASM_ARCHRANDOM_H
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
|
||||
#include <linux/arm-smccc.h>
|
||||
#include <linux/bug.h>
|
||||
#include <linux/kernel.h>
|
||||
|
@ -167,12 +165,4 @@ arch_get_random_seed_long_early(unsigned long *v)
|
|||
}
|
||||
#define arch_get_random_seed_long_early arch_get_random_seed_long_early
|
||||
|
||||
#else /* !CONFIG_ARCH_RANDOM */
|
||||
|
||||
static inline bool __init smccc_probe_trng(void)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_ARCH_RANDOM */
|
||||
#endif /* _ASM_ARCHRANDOM_H */
|
||||
|
|
|
@ -2416,7 +2416,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
|
|||
.cpu_enable = cpu_enable_e0pd,
|
||||
},
|
||||
#endif
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
{
|
||||
.desc = "Random Number Generator",
|
||||
.capability = ARM64_HAS_RNG,
|
||||
|
@ -2428,7 +2427,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
|
|||
.sign = FTR_UNSIGNED,
|
||||
.min_field_value = 1,
|
||||
},
|
||||
#endif
|
||||
#ifdef CONFIG_ARM64_BTI
|
||||
{
|
||||
.desc = "Branch Target Identification",
|
||||
|
|
|
@ -1252,9 +1252,6 @@ config PHYSICAL_START
|
|||
default "0x00000000"
|
||||
endif
|
||||
|
||||
config ARCH_RANDOM
|
||||
def_bool n
|
||||
|
||||
config PPC_LIB_RHEAP
|
||||
bool
|
||||
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
#ifndef _ASM_POWERPC_ARCHRANDOM_H
|
||||
#define _ASM_POWERPC_ARCHRANDOM_H
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
|
||||
#include <asm/machdep.h>
|
||||
|
||||
static inline bool __must_check arch_get_random_long(unsigned long *v)
|
||||
|
@ -35,7 +33,6 @@ static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
|
|||
|
||||
return rc;
|
||||
}
|
||||
#endif /* CONFIG_ARCH_RANDOM */
|
||||
|
||||
#ifdef CONFIG_PPC_POWERNV
|
||||
int powernv_hwrng_present(void);
|
||||
|
|
|
@ -200,9 +200,7 @@ struct machdep_calls {
|
|||
ssize_t (*cpu_release)(const char *, size_t);
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
int (*get_random_seed)(unsigned long *v);
|
||||
#endif
|
||||
};
|
||||
|
||||
extern void e500_idle(void);
|
||||
|
|
|
@ -6,7 +6,6 @@ config PPC_MICROWATT
|
|||
select PPC_ICS_NATIVE
|
||||
select PPC_ICP_NATIVE
|
||||
select PPC_UDBG_16550
|
||||
select ARCH_RANDOM
|
||||
help
|
||||
This option enables support for FPGA-based Microwatt implementations.
|
||||
|
||||
|
|
|
@ -12,7 +12,6 @@ config PPC_POWERNV
|
|||
select EPAPR_BOOT
|
||||
select PPC_INDIRECT_PIO
|
||||
select PPC_UDBG_16550
|
||||
select ARCH_RANDOM
|
||||
select CPU_FREQ
|
||||
select PPC_DOORBELL
|
||||
select MMU_NOTIFIER
|
||||
|
|
|
@ -19,7 +19,6 @@ config PPC_PSERIES
|
|||
select PPC_UDBG_16550
|
||||
select PPC_DOORBELL
|
||||
select HOTPLUG_CPU
|
||||
select ARCH_RANDOM
|
||||
select FORCE_SMP
|
||||
select SWIOTLB
|
||||
default y
|
||||
|
|
|
@ -507,21 +507,6 @@ config KEXEC_SIG
|
|||
verification for the corresponding kernel image type being
|
||||
loaded in order for this to work.
|
||||
|
||||
config ARCH_RANDOM
|
||||
def_bool y
|
||||
prompt "s390 architectural random number generation API"
|
||||
help
|
||||
Enable the s390 architectural random number generation API
|
||||
to provide random data for all consumers within the Linux
|
||||
kernel.
|
||||
|
||||
When enabled the arch_random_* functions declared in linux/random.h
|
||||
are implemented. The implementation is based on the s390 CPACF
|
||||
instruction subfunction TRNG which provides a real true random
|
||||
number generator.
|
||||
|
||||
If unsure, say Y.
|
||||
|
||||
config KERNEL_NOBP
|
||||
def_bool n
|
||||
prompt "Enable modified branch prediction for the kernel by default"
|
||||
|
|
|
@ -15,7 +15,6 @@ CONFIG_TUNE_ZEC12=y
|
|||
# CONFIG_COMPAT is not set
|
||||
CONFIG_NR_CPUS=2
|
||||
CONFIG_HZ_100=y
|
||||
# CONFIG_ARCH_RANDOM is not set
|
||||
# CONFIG_RELOCATABLE is not set
|
||||
# CONFIG_CHSC_SCH is not set
|
||||
# CONFIG_SCM_BUS is not set
|
||||
|
|
|
@ -15,7 +15,7 @@ obj-$(CONFIG_CRYPTO_CHACHA_S390) += chacha_s390.o
|
|||
obj-$(CONFIG_S390_PRNG) += prng.o
|
||||
obj-$(CONFIG_CRYPTO_GHASH_S390) += ghash_s390.o
|
||||
obj-$(CONFIG_CRYPTO_CRC32_S390) += crc32-vx_s390.o
|
||||
obj-$(CONFIG_ARCH_RANDOM) += arch_random.o
|
||||
obj-y += arch_random.o
|
||||
|
||||
crc32-vx_s390-y := crc32-vx.o crc32le-vx.o crc32be-vx.o
|
||||
chacha_s390-y := chacha-glue.o chacha-s390.o
|
||||
|
|
|
@ -11,8 +11,6 @@
|
|||
#ifndef _ASM_S390_ARCHRANDOM_H
|
||||
#define _ASM_S390_ARCHRANDOM_H
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
|
||||
#include <linux/static_key.h>
|
||||
#include <linux/atomic.h>
|
||||
#include <asm/cpacf.h>
|
||||
|
@ -50,5 +48,4 @@ static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
|
|||
return false;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_ARCH_RANDOM */
|
||||
#endif /* _ASM_S390_ARCHRANDOM_H */
|
||||
|
|
|
@ -876,10 +876,8 @@ static void __init setup_randomness(void)
|
|||
add_device_randomness(&vmms->vm, sizeof(vmms->vm[0]) * vmms->count);
|
||||
memblock_free(vmms, PAGE_SIZE);
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
if (cpacf_query_func(CPACF_PRNO, CPACF_PRNO_TRNG))
|
||||
static_branch_enable(&s390_arch_random_available);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -1810,15 +1810,6 @@ config ARCH_USES_PG_UNCACHED
|
|||
def_bool y
|
||||
depends on X86_PAT
|
||||
|
||||
config ARCH_RANDOM
|
||||
def_bool y
|
||||
prompt "x86 architectural random number generator" if EXPERT
|
||||
help
|
||||
Enable the x86 architectural RDRAND instruction
|
||||
(Intel Bull Mountain technology) to generate random numbers.
|
||||
If supported, this is a high bandwidth, cryptographically
|
||||
secure hardware random number generator.
|
||||
|
||||
config X86_UMIP
|
||||
def_bool y
|
||||
prompt "User Mode Instruction Prevention" if EXPERT
|
||||
|
|
|
@ -65,10 +65,8 @@ static inline bool __must_check rdseed_int(unsigned int *v)
|
|||
|
||||
/*
|
||||
* These are the generic interfaces; they must not be declared if the
|
||||
* stubs in <linux/random.h> are to be invoked,
|
||||
* i.e. CONFIG_ARCH_RANDOM is not defined.
|
||||
* stubs in <linux/random.h> are to be invoked.
|
||||
*/
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
|
||||
static inline bool __must_check arch_get_random_long(unsigned long *v)
|
||||
{
|
||||
|
@ -90,12 +88,8 @@ static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
|
|||
return static_cpu_has(X86_FEATURE_RDSEED) ? rdseed_int(v) : false;
|
||||
}
|
||||
|
||||
extern void x86_init_rdrand(struct cpuinfo_x86 *c);
|
||||
|
||||
#else /* !CONFIG_ARCH_RANDOM */
|
||||
|
||||
static inline void x86_init_rdrand(struct cpuinfo_x86 *c) { }
|
||||
|
||||
#endif /* !CONFIG_ARCH_RANDOM */
|
||||
#ifndef CONFIG_UML
|
||||
void x86_init_rdrand(struct cpuinfo_x86 *c);
|
||||
#endif
|
||||
|
||||
#endif /* ASM_X86_ARCHRANDOM_H */
|
||||
|
|
|
@ -26,7 +26,6 @@ __setup("nordrand", x86_rdrand_setup);
|
|||
*/
|
||||
#define SANITY_CHECK_LOOPS 8
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
void x86_init_rdrand(struct cpuinfo_x86 *c)
|
||||
{
|
||||
unsigned int changed = 0;
|
||||
|
@ -63,4 +62,3 @@ void x86_init_rdrand(struct cpuinfo_x86 *c)
|
|||
"RDRAND gives funky smelling output, might consider not using it by booting with \"nordrand\"");
|
||||
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -431,7 +431,6 @@ config ADI
|
|||
config RANDOM_TRUST_CPU
|
||||
bool "Initialize RNG using CPU RNG instructions"
|
||||
default y
|
||||
depends on ARCH_RANDOM
|
||||
help
|
||||
Initialize the RNG using random numbers supplied by the CPU's
|
||||
RNG instructions (e.g. RDRAND), if supported and available. These
|
||||
|
|
|
@ -108,7 +108,6 @@ static ssize_t trng_counter_show(struct device *dev,
|
|||
{
|
||||
u64 dev_counter = atomic64_read(&trng_dev_counter);
|
||||
u64 hwrng_counter = atomic64_read(&trng_hwrng_counter);
|
||||
#if IS_ENABLED(CONFIG_ARCH_RANDOM)
|
||||
u64 arch_counter = atomic64_read(&s390_arch_random_counter);
|
||||
|
||||
return sysfs_emit(buf,
|
||||
|
@ -118,14 +117,6 @@ static ssize_t trng_counter_show(struct device *dev,
|
|||
"total: %llu\n",
|
||||
dev_counter, hwrng_counter, arch_counter,
|
||||
dev_counter + hwrng_counter + arch_counter);
|
||||
#else
|
||||
return sysfs_emit(buf,
|
||||
"trng: %llu\n"
|
||||
"hwrng: %llu\n"
|
||||
"total: %llu\n",
|
||||
dev_counter, hwrng_counter,
|
||||
dev_counter + hwrng_counter);
|
||||
#endif
|
||||
}
|
||||
static DEVICE_ATTR(byte_counter, 0444, trng_counter_show, NULL);
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
# asm headers from the host architecutre.)
|
||||
|
||||
mandatory-y += atomic.h
|
||||
mandatory-y += archrandom.h
|
||||
mandatory-y += barrier.h
|
||||
mandatory-y += bitops.h
|
||||
mandatory-y += bug.h
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
#ifndef __ASM_GENERIC_ARCHRANDOM_H__
|
||||
#define __ASM_GENERIC_ARCHRANDOM_H__
|
||||
|
||||
static inline bool __must_check arch_get_random_long(unsigned long *v)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
static inline bool __must_check arch_get_random_int(unsigned int *v)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
#endif
|
|
@ -106,14 +106,7 @@ declare_get_random_var_wait(long, unsigned long)
|
|||
*/
|
||||
#include <linux/prandom.h>
|
||||
|
||||
#ifdef CONFIG_ARCH_RANDOM
|
||||
# include <asm/archrandom.h>
|
||||
#else
|
||||
static inline bool __must_check arch_get_random_long(unsigned long *v) { return false; }
|
||||
static inline bool __must_check arch_get_random_int(unsigned int *v) { return false; }
|
||||
static inline bool __must_check arch_get_random_seed_long(unsigned long *v) { return false; }
|
||||
static inline bool __must_check arch_get_random_seed_int(unsigned int *v) { return false; }
|
||||
#endif
|
||||
#include <asm/archrandom.h>
|
||||
|
||||
/*
|
||||
* Called from the boot CPU during startup; not valid to call once
|
||||
|
|
|
@ -58,7 +58,6 @@ CONFIG_NO_HZ_IDLE=y
|
|||
CONFIG_NO_HZ_FULL=n
|
||||
CONFIG_HZ_PERIODIC=n
|
||||
CONFIG_HIGH_RES_TIMERS=y
|
||||
CONFIG_ARCH_RANDOM=y
|
||||
CONFIG_FILE_LOCKING=y
|
||||
CONFIG_POSIX_TIMERS=y
|
||||
CONFIG_DEVTMPFS=y
|
||||
|
|
Загрузка…
Ссылка в новой задаче