mirror of
https://github.com/torvalds/linux.git
synced 2024-12-17 16:43:08 +00:00
d590284419
- Add support for IBM z15 machines. - Add SHA3 and CCA AES cipher key support in zcrypt and pkey refactoring. - Move to arch_stack_walk infrastructure for the stack unwinder. - Various kasan fixes and improvements. - Various command line parsing fixes. - Improve decompressor phase debuggability. - Lift no bss usage restriction for the early code. - Use refcount_t for reference counters for couple of places in mm code. - Logging improvements and return code fix in vfio-ccw code. - Couple of zpci fixes and minor refactoring. - Remove some outdated documentation. - Fix secure boot detection. - Other various minor code clean ups. -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEE3QHqV+H2a8xAv27vjYWKoQLXFBgFAl1/pRoACgkQjYWKoQLX FBjxLQf/Y1nlmoc8URLqaqfNTczIvUzdfXuahI7L75RoIIiqHtcHBrVwauSr7Lma XVRzK/+6q0UPISrOIZEEtQKsMMM7rGuUv/+XTyrOB/Tsc31kN2EIRXltfXI/lkb8 BZdgch4Xs2rOD7y6TvqpYJsXYXsnLMWwCk8V+48V/pok4sEgMDgh0bTQRHPHYmZ6 1cv8ZQ0AeuVxC6ChM30LhajGRPkYd8RQ82K7fU7jxT0Tjzu66SyrW3pTwA5empBD RI2yBZJ8EXwJyTCpvN8NKiBgihDs9oUZl61Dyq3j64Mb1OuNUhxXA/8jmtnGn0ok O9vtImCWzExhjSMkvotuhHEC05nEEQ== =LCgE -----END PGP SIGNATURE----- Merge tag 's390-5.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Vasily Gorbik: - Add support for IBM z15 machines. - Add SHA3 and CCA AES cipher key support in zcrypt and pkey refactoring. - Move to arch_stack_walk infrastructure for the stack unwinder. - Various kasan fixes and improvements. - Various command line parsing fixes. - Improve decompressor phase debuggability. - Lift no bss usage restriction for the early code. - Use refcount_t for reference counters for couple of places in mm code. - Logging improvements and return code fix in vfio-ccw code. - Couple of zpci fixes and minor refactoring. - Remove some outdated documentation. - Fix secure boot detection. - Other various minor code clean ups. * tag 's390-5.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (48 commits) s390: remove pointless drivers-y in drivers/s390/Makefile s390/cpum_sf: Fix line length and format string s390/pci: fix MSI message data s390: add support for IBM z15 machines s390/crypto: Support for SHA3 via CPACF (MSA6) s390/startup: add pgm check info printing s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding vfio-ccw: fix error return code in vfio_ccw_sch_init() s390: vfio-ap: fix warning reset not completed s390/base: remove unused s390_base_mcck_handler s390/sclp: Fix bit checked for has_sipl s390/zcrypt: fix wrong handling of cca cipher keygenflags s390/kasan: add kdump support s390/setup: avoid using strncmp with hardcoded length s390/sclp: avoid using strncmp with hardcoded length s390/module: avoid using strncmp with hardcoded length s390/pci: avoid using strncmp with hardcoded length s390/kaslr: reserve memory for kasan usage s390/mem_detect: provide single get_mem_detect_end s390/cmma: reuse kstrtobool for option value parsing ...
171 lines
4.3 KiB
C
171 lines
4.3 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright IBM Corp. 2019
|
|
*/
|
|
#include <asm/mem_detect.h>
|
|
#include <asm/pgtable.h>
|
|
#include <asm/cpacf.h>
|
|
#include <asm/timex.h>
|
|
#include <asm/sclp.h>
|
|
#include "compressed/decompressor.h"
|
|
#include "boot.h"
|
|
|
|
#define PRNG_MODE_TDES 1
|
|
#define PRNG_MODE_SHA512 2
|
|
#define PRNG_MODE_TRNG 3
|
|
|
|
struct prno_parm {
|
|
u32 res;
|
|
u32 reseed_counter;
|
|
u64 stream_bytes;
|
|
u8 V[112];
|
|
u8 C[112];
|
|
};
|
|
|
|
struct prng_parm {
|
|
u8 parm_block[32];
|
|
u32 reseed_counter;
|
|
u64 byte_counter;
|
|
};
|
|
|
|
static int check_prng(void)
|
|
{
|
|
if (!cpacf_query_func(CPACF_KMC, CPACF_KMC_PRNG)) {
|
|
sclp_early_printk("KASLR disabled: CPU has no PRNG\n");
|
|
return 0;
|
|
}
|
|
if (cpacf_query_func(CPACF_PRNO, CPACF_PRNO_TRNG))
|
|
return PRNG_MODE_TRNG;
|
|
if (cpacf_query_func(CPACF_PRNO, CPACF_PRNO_SHA512_DRNG_GEN))
|
|
return PRNG_MODE_SHA512;
|
|
else
|
|
return PRNG_MODE_TDES;
|
|
}
|
|
|
|
static unsigned long get_random(unsigned long limit)
|
|
{
|
|
struct prng_parm prng = {
|
|
/* initial parameter block for tdes mode, copied from libica */
|
|
.parm_block = {
|
|
0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
|
|
0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
|
|
0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
|
|
0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0
|
|
},
|
|
};
|
|
unsigned long seed, random;
|
|
struct prno_parm prno;
|
|
__u64 entropy[4];
|
|
int mode, i;
|
|
|
|
mode = check_prng();
|
|
seed = get_tod_clock_fast();
|
|
switch (mode) {
|
|
case PRNG_MODE_TRNG:
|
|
cpacf_trng(NULL, 0, (u8 *) &random, sizeof(random));
|
|
break;
|
|
case PRNG_MODE_SHA512:
|
|
cpacf_prno(CPACF_PRNO_SHA512_DRNG_SEED, &prno, NULL, 0,
|
|
(u8 *) &seed, sizeof(seed));
|
|
cpacf_prno(CPACF_PRNO_SHA512_DRNG_GEN, &prno, (u8 *) &random,
|
|
sizeof(random), NULL, 0);
|
|
break;
|
|
case PRNG_MODE_TDES:
|
|
/* add entropy */
|
|
*(unsigned long *) prng.parm_block ^= seed;
|
|
for (i = 0; i < 16; i++) {
|
|
cpacf_kmc(CPACF_KMC_PRNG, prng.parm_block,
|
|
(char *) entropy, (char *) entropy,
|
|
sizeof(entropy));
|
|
memcpy(prng.parm_block, entropy, sizeof(entropy));
|
|
}
|
|
random = seed;
|
|
cpacf_kmc(CPACF_KMC_PRNG, prng.parm_block, (u8 *) &random,
|
|
(u8 *) &random, sizeof(random));
|
|
break;
|
|
default:
|
|
random = 0;
|
|
}
|
|
return random % limit;
|
|
}
|
|
|
|
unsigned long get_random_base(unsigned long safe_addr)
|
|
{
|
|
unsigned long memory_limit = memory_end_set ? memory_end : 0;
|
|
unsigned long base, start, end, kernel_size;
|
|
unsigned long block_sum, offset;
|
|
unsigned long kasan_needs;
|
|
int i;
|
|
|
|
if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && INITRD_START && INITRD_SIZE) {
|
|
if (safe_addr < INITRD_START + INITRD_SIZE)
|
|
safe_addr = INITRD_START + INITRD_SIZE;
|
|
}
|
|
safe_addr = ALIGN(safe_addr, THREAD_SIZE);
|
|
|
|
if ((IS_ENABLED(CONFIG_KASAN))) {
|
|
/*
|
|
* Estimate kasan memory requirements, which it will reserve
|
|
* at the very end of available physical memory. To estimate
|
|
* that, we take into account that kasan would require
|
|
* 1/8 of available physical memory (for shadow memory) +
|
|
* creating page tables for the whole memory + shadow memory
|
|
* region (1 + 1/8). To keep page tables estimates simple take
|
|
* the double of combined ptes size.
|
|
*/
|
|
memory_limit = get_mem_detect_end();
|
|
if (memory_end_set && memory_limit > memory_end)
|
|
memory_limit = memory_end;
|
|
|
|
/* for shadow memory */
|
|
kasan_needs = memory_limit / 8;
|
|
/* for paging structures */
|
|
kasan_needs += (memory_limit + kasan_needs) / PAGE_SIZE /
|
|
_PAGE_ENTRIES * _PAGE_TABLE_SIZE * 2;
|
|
memory_limit -= kasan_needs;
|
|
}
|
|
|
|
kernel_size = vmlinux.image_size + vmlinux.bss_size;
|
|
block_sum = 0;
|
|
for_each_mem_detect_block(i, &start, &end) {
|
|
if (memory_limit) {
|
|
if (start >= memory_limit)
|
|
break;
|
|
if (end > memory_limit)
|
|
end = memory_limit;
|
|
}
|
|
if (end - start < kernel_size)
|
|
continue;
|
|
block_sum += end - start - kernel_size;
|
|
}
|
|
if (!block_sum) {
|
|
sclp_early_printk("KASLR disabled: not enough memory\n");
|
|
return 0;
|
|
}
|
|
|
|
base = get_random(block_sum);
|
|
if (base == 0)
|
|
return 0;
|
|
if (base < safe_addr)
|
|
base = safe_addr;
|
|
block_sum = offset = 0;
|
|
for_each_mem_detect_block(i, &start, &end) {
|
|
if (memory_limit) {
|
|
if (start >= memory_limit)
|
|
break;
|
|
if (end > memory_limit)
|
|
end = memory_limit;
|
|
}
|
|
if (end - start < kernel_size)
|
|
continue;
|
|
block_sum += end - start - kernel_size;
|
|
if (base <= block_sum) {
|
|
base = start + base - offset;
|
|
base = ALIGN_DOWN(base, THREAD_SIZE);
|
|
break;
|
|
}
|
|
offset = block_sum;
|
|
}
|
|
return base;
|
|
}
|