From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Stephen Brennan <stephen.s.brennan@oracle.com>,
Douglas Anderson <dianders@chromium.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.10 001/163] lockdown: also lock down previous kgdb use
Date: Fri, 27 May 2022 10:48:01 +0200 [thread overview]
Message-ID: <20220527084828.365808165@linuxfoundation.org> (raw)
In-Reply-To: <20220527084828.156494029@linuxfoundation.org>
From: Daniel Thompson <daniel.thompson@linaro.org>
commit eadb2f47a3ced5c64b23b90fd2a3463f63726066 upstream.
KGDB and KDB allow read and write access to kernel memory, and thus
should be restricted during lockdown. An attacker with access to a
serial port (for example, via a hypervisor console, which some cloud
vendors provide over the network) could trigger the debugger so it is
important that the debugger respect the lockdown mode when/if it is
triggered.
Fix this by integrating lockdown into kdb's existing permissions
mechanism. Unfortunately kgdb does not have any permissions mechanism
(although it certainly could be added later) so, for now, kgdb is simply
and brutally disabled by immediately exiting the gdb stub without taking
any action.
For lockdowns established early in the boot (e.g. the normal case) then
this should be fine but on systems where kgdb has set breakpoints before
the lockdown is enacted than "bad things" will happen.
CVE: CVE-2022-21499
Co-developed-by: Stephen Brennan <stephen.s.brennan@oracle.com>
Signed-off-by: Stephen Brennan <stephen.s.brennan@oracle.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/security.h | 2 +
kernel/debug/debug_core.c | 24 +++++++++++++++++
kernel/debug/kdb/kdb_main.c | 62 +++++++++++++++++++++++++++++++++++++++++---
security/security.c | 2 +
4 files changed, 87 insertions(+), 3 deletions(-)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -121,10 +121,12 @@ enum lockdown_reason {
LOCKDOWN_DEBUGFS,
LOCKDOWN_XMON_WR,
LOCKDOWN_BPF_WRITE_USER,
+ LOCKDOWN_DBG_WRITE_KERNEL,
LOCKDOWN_INTEGRITY_MAX,
LOCKDOWN_KCORE,
LOCKDOWN_KPROBES,
LOCKDOWN_BPF_READ,
+ LOCKDOWN_DBG_READ_KERNEL,
LOCKDOWN_PERF,
LOCKDOWN_TRACEFS,
LOCKDOWN_XMON_RW,
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -56,6 +56,7 @@
#include <linux/vmacache.h>
#include <linux/rcupdate.h>
#include <linux/irq.h>
+#include <linux/security.h>
#include <asm/cacheflush.h>
#include <asm/byteorder.h>
@@ -756,6 +757,29 @@ cpu_master_loop:
continue;
kgdb_connected = 0;
} else {
+ /*
+ * This is a brutal way to interfere with the debugger
+ * and prevent gdb being used to poke at kernel memory.
+ * This could cause trouble if lockdown is applied when
+ * there is already an active gdb session. For now the
+ * answer is simply "don't do that". Typically lockdown
+ * *will* be applied before the debug core gets started
+ * so only developers using kgdb for fairly advanced
+ * early kernel debug can be biten by this. Hopefully
+ * they are sophisticated enough to take care of
+ * themselves, especially with help from the lockdown
+ * message printed on the console!
+ */
+ if (security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL)) {
+ if (IS_ENABLED(CONFIG_KGDB_KDB)) {
+ /* Switch back to kdb if possible... */
+ dbg_kdb_mode = 1;
+ continue;
+ } else {
+ /* ... otherwise just bail */
+ break;
+ }
+ }
error = gdb_serial_stub(ks);
}
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -45,6 +45,7 @@
#include <linux/proc_fs.h>
#include <linux/uaccess.h>
#include <linux/slab.h>
+#include <linux/security.h>
#include "kdb_private.h"
#undef MODULE_PARAM_PREFIX
@@ -197,10 +198,62 @@ struct task_struct *kdb_curr_task(int cp
}
/*
- * Check whether the flags of the current command and the permissions
- * of the kdb console has allow a command to be run.
+ * Update the permissions flags (kdb_cmd_enabled) to match the
+ * current lockdown state.
+ *
+ * Within this function the calls to security_locked_down() are "lazy". We
+ * avoid calling them if the current value of kdb_cmd_enabled already excludes
+ * flags that might be subject to lockdown. Additionally we deliberately check
+ * the lockdown flags independently (even though read lockdown implies write
+ * lockdown) since that results in both simpler code and clearer messages to
+ * the user on first-time debugger entry.
+ *
+ * The permission masks during a read+write lockdown permits the following
+ * flags: INSPECT, SIGNAL, REBOOT (and ALWAYS_SAFE).
+ *
+ * The INSPECT commands are not blocked during lockdown because they are
+ * not arbitrary memory reads. INSPECT covers the backtrace family (sometimes
+ * forcing them to have no arguments) and lsmod. These commands do expose
+ * some kernel state but do not allow the developer seated at the console to
+ * choose what state is reported. SIGNAL and REBOOT should not be controversial,
+ * given these are allowed for root during lockdown already.
+ */
+static void kdb_check_for_lockdown(void)
+{
+ const int write_flags = KDB_ENABLE_MEM_WRITE |
+ KDB_ENABLE_REG_WRITE |
+ KDB_ENABLE_FLOW_CTRL;
+ const int read_flags = KDB_ENABLE_MEM_READ |
+ KDB_ENABLE_REG_READ;
+
+ bool need_to_lockdown_write = false;
+ bool need_to_lockdown_read = false;
+
+ if (kdb_cmd_enabled & (KDB_ENABLE_ALL | write_flags))
+ need_to_lockdown_write =
+ security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL);
+
+ if (kdb_cmd_enabled & (KDB_ENABLE_ALL | read_flags))
+ need_to_lockdown_read =
+ security_locked_down(LOCKDOWN_DBG_READ_KERNEL);
+
+ /* De-compose KDB_ENABLE_ALL if required */
+ if (need_to_lockdown_write || need_to_lockdown_read)
+ if (kdb_cmd_enabled & KDB_ENABLE_ALL)
+ kdb_cmd_enabled = KDB_ENABLE_MASK & ~KDB_ENABLE_ALL;
+
+ if (need_to_lockdown_write)
+ kdb_cmd_enabled &= ~write_flags;
+
+ if (need_to_lockdown_read)
+ kdb_cmd_enabled &= ~read_flags;
+}
+
+/*
+ * Check whether the flags of the current command, the permissions of the kdb
+ * console and the lockdown state allow a command to be run.
*/
-static inline bool kdb_check_flags(kdb_cmdflags_t flags, int permissions,
+static bool kdb_check_flags(kdb_cmdflags_t flags, int permissions,
bool no_args)
{
/* permissions comes from userspace so needs massaging slightly */
@@ -1194,6 +1247,9 @@ static int kdb_local(kdb_reason_t reason
kdb_curr_task(raw_smp_processor_id());
KDB_DEBUG_STATE("kdb_local 1", reason);
+
+ kdb_check_for_lockdown();
+
kdb_go_count = 0;
if (reason == KDB_REASON_DEBUG) {
/* special case below */
--- a/security/security.c
+++ b/security/security.c
@@ -59,10 +59,12 @@ const char *const lockdown_reasons[LOCKD
[LOCKDOWN_DEBUGFS] = "debugfs access",
[LOCKDOWN_XMON_WR] = "xmon write access",
[LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
+ [LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
[LOCKDOWN_INTEGRITY_MAX] = "integrity",
[LOCKDOWN_KCORE] = "/proc/kcore access",
[LOCKDOWN_KPROBES] = "use of kprobes",
[LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM",
+ [LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
[LOCKDOWN_PERF] = "unsafe use of perf",
[LOCKDOWN_TRACEFS] = "use of tracefs",
[LOCKDOWN_XMON_RW] = "xmon read and write access",
next prev parent reply other threads:[~2022-05-27 8:51 UTC|newest]
Thread overview: 177+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-27 8:48 [PATCH 5.10 000/163] 5.10.119-rc1 review Greg Kroah-Hartman
2022-05-27 8:48 ` Greg Kroah-Hartman [this message]
2022-05-27 8:48 ` [PATCH 5.10 002/163] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 003/163] KVM: x86: Properly handle APF vs disabled LAPIC situation Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 004/163] KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 005/163] tcp: change source port randomizarion at connect() time Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 006/163] secure_seq: use the 64 bits of the siphash for port offset calculation Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 007/163] media: vim2m: Register video device after setting up internals Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 008/163] media: vim2m: initialize the media device earlier Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 009/163] ACPI: sysfs: Make sparse happy about address space in use Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 010/163] ACPI: sysfs: Fix BERT error region memory mapping Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 011/163] random: avoid arch_get_random_seed_long() when collecting IRQ randomness Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 012/163] random: remove dead code left over from blocking pool Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 013/163] MAINTAINERS: co-maintain random.c Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 014/163] MAINTAINERS: add git tree for random.c Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 015/163] crypto: lib/blake2s - Move selftest prototype into header file Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 016/163] crypto: blake2s - define shash_alg structs using macros Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 017/163] crypto: x86/blake2s " Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 018/163] crypto: blake2s - remove unneeded includes Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 019/163] crypto: blake2s - move update and final logic to internal/blake2s.h Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 020/163] crypto: blake2s - share the "shash" API boilerplate code Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 021/163] crypto: blake2s - optimize blake2s initialization Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 022/163] crypto: blake2s - add comment for blake2s_state fields Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 023/163] crypto: blake2s - adjust include guard naming Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 024/163] crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 025/163] lib/crypto: blake2s: include as built-in Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 026/163] lib/crypto: blake2s: move hmac construction into wireguard Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 027/163] lib/crypto: sha1: re-roll loops to reduce code size Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 028/163] lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 029/163] random: document add_hwgenerator_randomness() with other input functions Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 030/163] random: remove unused irq_flags argument from add_interrupt_randomness() Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 031/163] random: use BLAKE2s instead of SHA1 in extraction Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 032/163] random: do not sign extend bytes for rotation when mixing Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 033/163] random: do not re-init if crng_reseed completes before primary init Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 034/163] random: mix bootloader randomness into pool Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 035/163] random: harmonize "crng init done" messages Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 036/163] random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 037/163] random: early initialization of ChaCha constants Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 038/163] random: avoid superfluous call to RDRAND in CRNG extraction Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 039/163] random: dont reset crng_init_cnt on urandom_read() Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 040/163] random: fix typo in comments Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 041/163] random: cleanup poolinfo abstraction Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 042/163] random: cleanup integer types Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 043/163] random: remove incomplete last_data logic Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 044/163] random: remove unused extract_entropy() reserved argument Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 045/163] random: rather than entropy_store abstraction, use global Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 046/163] random: remove unused OUTPUT_POOL constants Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 047/163] random: de-duplicate INPUT_POOL constants Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 049/163] random: cleanup fractional entropy shift constants Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 050/163] random: access input_pool_data directly rather than through pointer Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 051/163] random: selectively clang-format where it makes sense Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 052/163] random: simplify arithmetic function flow in account() Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 053/163] random: continually use hwgenerator randomness Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 054/163] random: access primary_pool directly rather than through pointer Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 055/163] random: only call crng_finalize_init() for primary_crng Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 056/163] random: use computational hash for entropy extraction Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 057/163] random: simplify entropy debiting Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 058/163] random: use linear min-entropy accumulation crediting Greg Kroah-Hartman
2022-05-27 8:48 ` [PATCH 5.10 059/163] random: always wake up entropy writers after extraction Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 060/163] random: make credit_entropy_bits() always safe Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 061/163] random: remove use_input_pool parameter from crng_reseed() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 062/163] random: remove batched entropy locking Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 063/163] random: fix locking in crng_fast_load() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 064/163] random: use RDSEED instead of RDRAND in entropy extraction Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 065/163] random: get rid of secondary crngs Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 066/163] random: inline leaves of rand_initialize() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 067/163] random: ensure early RDSEED goes through mixer on init Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 068/163] random: do not xor RDRAND when writing into /dev/random Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 069/163] random: absorb fast pool into input pool after fast load Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 070/163] random: use simpler fast key erasure flow on per-cpu keys Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 071/163] random: use hash function for crng_slow_load() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 072/163] random: make more consistent use of integer types Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 073/163] random: remove outdated INT_MAX >> 6 check in urandom_read() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 074/163] random: zero buffer after reading entropy from userspace Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 075/163] random: fix locking for crng_init in crng_reseed() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 076/163] random: tie batched entropy generation to base_crng generation Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 077/163] random: remove ifdefd out interrupt bench Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 078/163] random: remove unused tracepoints Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 079/163] random: add proper SPDX header Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 080/163] random: deobfuscate irq u32/u64 contributions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 081/163] random: introduce drain_entropy() helper to declutter crng_reseed() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 082/163] random: remove useless header comment Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 083/163] random: remove whitespace and reorder includes Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 084/163] random: group initialization wait functions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 085/163] random: group crng functions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 086/163] random: group entropy extraction functions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 087/163] random: group entropy collection functions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 088/163] random: group userspace read/write functions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 089/163] random: group sysctl functions Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 090/163] random: rewrite header introductory comment Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 091/163] random: defer fast pool mixing to worker Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 092/163] random: do not take pool spinlock at boot Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 093/163] random: unify early init crng load accounting Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 094/163] random: check for crng_init == 0 in add_device_randomness() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 095/163] random: pull add_hwgenerator_randomness() declaration into random.h Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 096/163] random: clear fast pool, crng, and batches in cpuhp bring up Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 097/163] random: round-robin registers as ulong, not u32 Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 098/163] random: only wake up writers after zap if threshold was passed Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 099/163] random: cleanup UUID handling Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 100/163] random: unify cycles_t and jiffies usage and types Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 101/163] random: do crng pre-init loading in worker rather than irq Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 102/163] random: give sysctl_random_min_urandom_seed a more sensible value Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 103/163] random: dont let 644 read-only sysctls be written to Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 104/163] random: replace custom notifier chain with standard one Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 105/163] random: use SipHash as interrupt entropy accumulator Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 106/163] random: make consistent usage of crng_ready() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 107/163] random: reseed more often immediately after booting Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 108/163] random: check for signal and try earlier when generating entropy Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 109/163] random: skip fast_init if hwrng provides large chunk of entropy Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 110/163] random: treat bootloader trust toggle the same way as cpu trust toggle Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 111/163] random: re-add removed comment about get_random_{u32,u64} reseeding Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 112/163] random: mix build-time latent entropy into pool at init Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 113/163] random: do not split fast init input in add_hwgenerator_randomness() Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 114/163] random: do not allow user to keep crng key around on stack Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 115/163] random: check for signal_pending() outside of need_resched() check Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 116/163] random: check for signals every PAGE_SIZE chunk of /dev/[u]random Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 117/163] random: allow partial reads if later user copies fail Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 118/163] random: make random_get_entropy() return an unsigned long Greg Kroah-Hartman
2022-05-27 8:49 ` [PATCH 5.10 119/163] random: document crng_fast_key_erasure() destination possibility Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 120/163] random: fix sysctl documentation nits Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 121/163] init: call time_init() before rand_initialize() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 122/163] ia64: define get_cycles macro for arch-override Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 123/163] s390: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 124/163] parisc: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 125/163] alpha: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 126/163] powerpc: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 127/163] timekeeping: Add raw clock fallback for random_get_entropy() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 128/163] m68k: use fallback for random_get_entropy() instead of zero Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 129/163] riscv: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 130/163] mips: use fallback for random_get_entropy() instead of just c0 random Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 131/163] arm: use fallback for random_get_entropy() instead of zero Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 132/163] nios2: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 133/163] x86/tsc: Use " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 134/163] um: use " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 135/163] sparc: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 136/163] xtensa: " Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 137/163] random: insist on random_get_entropy() existing in order to simplify Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 138/163] random: do not use batches when !crng_ready() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 139/163] random: use first 128 bits of input as fast init Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 140/163] random: do not pretend to handle premature next security model Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 141/163] random: order timer entropy functions below interrupt functions Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 142/163] random: do not use input pool from hard IRQs Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 143/163] random: help compiler out with fast_mix() by using simpler arguments Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 144/163] siphash: use one source of truth for siphash permutations Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 145/163] random: use symbolic constants for crng_init states Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 146/163] random: avoid initializing twice in credit race Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 147/163] random: move initialization out of reseeding hot path Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 148/163] random: remove ratelimiting for in-kernel unseeded randomness Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 149/163] random: use proper jiffies comparison macro Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 150/163] random: handle latent entropy and command line from random_init() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 151/163] random: credit architectural init the exact amount Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 152/163] random: use static branch for crng_ready() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 153/163] random: remove extern from functions in header Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 154/163] random: use proper return types on get_random_{int,long}_wait() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 155/163] random: make consistent use of buf and len Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 156/163] random: move initialization functions out of hot pages Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 157/163] random: move randomize_page() into mm where it belongs Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 158/163] random: unify batched entropy implementations Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 159/163] random: convert to using fops->read_iter() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 160/163] random: convert to using fops->write_iter() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 161/163] random: wire up fops->splice_{read,write}_iter() Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 162/163] random: check for signals after page of pool writes Greg Kroah-Hartman
2022-05-27 8:50 ` [PATCH 5.10 163/163] ALSA: ctxfi: Add SB046x PCI ID Greg Kroah-Hartman
2022-05-27 14:14 ` [PATCH 5.10 000/163] 5.10.119-rc1 review Pavel Machek
2022-05-27 15:53 ` Greg Kroah-Hartman
2022-05-27 16:59 ` Guenter Roeck
2022-05-27 17:39 ` Guenter Roeck
2022-05-27 21:10 ` Jason A. Donenfeld
2022-05-27 22:38 ` Guenter Roeck
2022-05-28 6:03 ` Jason A. Donenfeld
2022-05-27 21:04 ` Jason A. Donenfeld
2022-06-01 6:13 ` Chris Paterson
2022-05-27 22:38 ` Guenter Roeck
2022-05-28 11:07 ` Naresh Kamboju
2022-05-28 15:29 ` Sudip Mukherjee
2022-05-28 22:24 ` Fox Chen
2022-05-30 1:09 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220527084828.365808165@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=daniel.thompson@linaro.org \
--cc=dianders@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=stephen.s.brennan@oracle.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.