| Message ID | 20221020083910.1902009-2-ardb@kernel.org |
|---|---|
| State | Accepted |
| Commit | 161a438d730dade2ba2b1bf8785f0759aba4ca5f |
| Headers | show |
| Series | efi: consume random seed provided by loader | expand |
On Thu, Oct 20, 2022 at 10:39:08AM +0200, Ard Biesheuvel wrote: > We no longer need at least 64 bytes of random seed to permit the early > crng init to complete. The RNG is now based on Blake2s, so reduce the > EFI seed size to the Blake2s hash size, which is sufficient for our > purposes. > > While at it, drop the READ_ONCE(), which was supposed to prevent size > from being evaluated after seed was unmapped. However, this cannot > actually happen, so READ_ONCE() is unnecessary here. > > Cc: <stable@vger.kernel.org> # v4.14+ > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> > --- > drivers/firmware/efi/efi.c | 2 +- > include/linux/efi.h | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c > index 9624735f1575..a949509de62f 100644 > --- a/drivers/firmware/efi/efi.c > +++ b/drivers/firmware/efi/efi.c > @@ -609,7 +609,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, > > seed = early_memremap(efi_rng_seed, sizeof(*seed)); > if (seed != NULL) { > - size = READ_ONCE(seed->size); > + size = min(seed->size, EFI_RANDOM_SEED_SIZE); > early_memunmap(seed, sizeof(*seed)); > } else { > pr_err("Could not map UEFI random seed!\n"); > diff --git a/include/linux/efi.h b/include/linux/efi.h > index da3974bf05d3..cf96f8d5f15f 100644 > --- a/include/linux/efi.h > +++ b/include/linux/efi.h > @@ -1225,7 +1225,7 @@ efi_status_t efi_random_get_seed(void); > arch_efi_call_virt_teardown(); \ > }) > > -#define EFI_RANDOM_SEED_SIZE 64U > +#define EFI_RANDOM_SEED_SIZE 32U // BLAKE2S_HASH_SIZE > > struct linux_efi_random_seed { > u32 size; > -- > 2.35.1 > Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 9624735f1575..a949509de62f 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -609,7 +609,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, seed = early_memremap(efi_rng_seed, sizeof(*seed)); if (seed != NULL) { - size = READ_ONCE(seed->size); + size = min(seed->size, EFI_RANDOM_SEED_SIZE); early_memunmap(seed, sizeof(*seed)); } else { pr_err("Could not map UEFI random seed!\n"); diff --git a/include/linux/efi.h b/include/linux/efi.h index da3974bf05d3..cf96f8d5f15f 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1225,7 +1225,7 @@ efi_status_t efi_random_get_seed(void); arch_efi_call_virt_teardown(); \ }) -#define EFI_RANDOM_SEED_SIZE 64U +#define EFI_RANDOM_SEED_SIZE 32U // BLAKE2S_HASH_SIZE struct linux_efi_random_seed { u32 size;