tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

random: remove CONFIG_ARCH_RANDOM

When RDRAND was introduced, there was much discussion on whether it
should be trusted and how the kernel should handle that. Initially, two
mechanisms cropped up, CONFIG_ARCH_RANDOM, a compile time switch, and
"nordrand", a boot-time switch.

Later the thinking evolved. With a properly designed RNG, using RDRAND
values alone won't harm anything, even if the outputs are malicious.
Rather, the issue is whether those values are being *trusted* to be good
or not. And so a new set of options were introduced as the real
ones that people use -- CONFIG_RANDOM_TRUST_CPU and "random.trust_cpu".
With these options, RDRAND is used, but it's not always credited. So in
the worst case, it does nothing, and in the best case, maybe it helps.

Along the way, CONFIG_ARCH_RANDOM's meaning got sort of pulled into the
center and became something certain platforms force-select.

The old options don't really help with much, and it's a bit odd to have
special handling for these instructions when the kernel can deal fine
with the existence or untrusted existence or broken existence or
non-existence of that CPU capability.

Simplify the situation by removing CONFIG_ARCH_RANDOM and using the
ordinary asm-generic fallback pattern instead, keeping the two options
that are actually used. For now it leaves "nordrand" for now, as the
removal of that will take a different route.

Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Borislav Petkov <bp@suse.de>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Jason A. Donenfeld 9592eef7 829d680e

+34 -93
+2
arch/arm/include/asm/archrandom.h
··· 7 7 return false; 8 8 } 9 9 10 + #include <asm-generic/archrandom.h> 11 + 10 12 #endif /* _ASM_ARCHRANDOM_H */
-8
arch/arm64/Kconfig
··· 1858 1858 1859 1859 This option enables E0PD for TTBR1 where available. 1860 1860 1861 - config ARCH_RANDOM 1862 - bool "Enable support for random number generation" 1863 - default y 1864 - help 1865 - Random number generation (part of the ARMv8.5 Extensions) 1866 - provides a high bandwidth, cryptographically secure 1867 - hardware random number generator. 1868 - 1869 1861 config ARM64_AS_HAS_MTE 1870 1862 # Initial support for MTE went in binutils 2.32.0, checked with 1871 1863 # ".arch armv8.5-a+memtag" below. However, this was incomplete
-10
arch/arm64/include/asm/archrandom.h
··· 2 2 #ifndef _ASM_ARCHRANDOM_H 3 3 #define _ASM_ARCHRANDOM_H 4 4 5 - #ifdef CONFIG_ARCH_RANDOM 6 - 7 5 #include <linux/arm-smccc.h> 8 6 #include <linux/bug.h> 9 7 #include <linux/kernel.h> ··· 165 167 } 166 168 #define arch_get_random_seed_long_early arch_get_random_seed_long_early 167 169 168 - #else /* !CONFIG_ARCH_RANDOM */ 169 - 170 - static inline bool __init smccc_probe_trng(void) 171 - { 172 - return false; 173 - } 174 - 175 - #endif /* CONFIG_ARCH_RANDOM */ 176 170 #endif /* _ASM_ARCHRANDOM_H */
-2
arch/arm64/kernel/cpufeature.c
··· 2416 2416 .cpu_enable = cpu_enable_e0pd, 2417 2417 }, 2418 2418 #endif 2419 - #ifdef CONFIG_ARCH_RANDOM 2420 2419 { 2421 2420 .desc = "Random Number Generator", 2422 2421 .capability = ARM64_HAS_RNG, ··· 2427 2428 .sign = FTR_UNSIGNED, 2428 2429 .min_field_value = 1, 2429 2430 }, 2430 - #endif 2431 2431 #ifdef CONFIG_ARM64_BTI 2432 2432 { 2433 2433 .desc = "Branch Target Identification",
-3
arch/powerpc/Kconfig
··· 1252 1252 default "0x00000000" 1253 1253 endif 1254 1254 1255 - config ARCH_RANDOM 1256 - def_bool n 1257 - 1258 1255 config PPC_LIB_RHEAP 1259 1256 bool 1260 1257
-3
arch/powerpc/include/asm/archrandom.h
··· 2 2 #ifndef _ASM_POWERPC_ARCHRANDOM_H 3 3 #define _ASM_POWERPC_ARCHRANDOM_H 4 4 5 - #ifdef CONFIG_ARCH_RANDOM 6 - 7 5 #include <asm/machdep.h> 8 6 9 7 static inline bool __must_check arch_get_random_long(unsigned long *v) ··· 33 35 34 36 return rc; 35 37 } 36 - #endif /* CONFIG_ARCH_RANDOM */ 37 38 38 39 #ifdef CONFIG_PPC_POWERNV 39 40 int powernv_hwrng_present(void);
-2
arch/powerpc/include/asm/machdep.h
··· 200 200 ssize_t (*cpu_release)(const char *, size_t); 201 201 #endif 202 202 203 - #ifdef CONFIG_ARCH_RANDOM 204 203 int (*get_random_seed)(unsigned long *v); 205 - #endif 206 204 }; 207 205 208 206 extern void e500_idle(void);
-1
arch/powerpc/platforms/microwatt/Kconfig
··· 6 6 select PPC_ICS_NATIVE 7 7 select PPC_ICP_NATIVE 8 8 select PPC_UDBG_16550 9 - select ARCH_RANDOM 10 9 help 11 10 This option enables support for FPGA-based Microwatt implementations. 12 11
-1
arch/powerpc/platforms/powernv/Kconfig
··· 12 12 select EPAPR_BOOT 13 13 select PPC_INDIRECT_PIO 14 14 select PPC_UDBG_16550 15 - select ARCH_RANDOM 16 15 select CPU_FREQ 17 16 select PPC_DOORBELL 18 17 select MMU_NOTIFIER
-1
arch/powerpc/platforms/pseries/Kconfig
··· 19 19 select PPC_UDBG_16550 20 20 select PPC_DOORBELL 21 21 select HOTPLUG_CPU 22 - select ARCH_RANDOM 23 22 select FORCE_SMP 24 23 select SWIOTLB 25 24 default y
-15
arch/s390/Kconfig
··· 507 507 verification for the corresponding kernel image type being 508 508 loaded in order for this to work. 509 509 510 - config ARCH_RANDOM 511 - def_bool y 512 - prompt "s390 architectural random number generation API" 513 - help 514 - Enable the s390 architectural random number generation API 515 - to provide random data for all consumers within the Linux 516 - kernel. 517 - 518 - When enabled the arch_random_* functions declared in linux/random.h 519 - are implemented. The implementation is based on the s390 CPACF 520 - instruction subfunction TRNG which provides a real true random 521 - number generator. 522 - 523 - If unsure, say Y. 524 - 525 510 config KERNEL_NOBP 526 511 def_bool n 527 512 prompt "Enable modified branch prediction for the kernel by default"
-1
arch/s390/configs/zfcpdump_defconfig
··· 15 15 # CONFIG_COMPAT is not set 16 16 CONFIG_NR_CPUS=2 17 17 CONFIG_HZ_100=y 18 - # CONFIG_ARCH_RANDOM is not set 19 18 # CONFIG_RELOCATABLE is not set 20 19 # CONFIG_CHSC_SCH is not set 21 20 # CONFIG_SCM_BUS is not set
+1 -1
arch/s390/crypto/Makefile
··· 15 15 obj-$(CONFIG_S390_PRNG) += prng.o 16 16 obj-$(CONFIG_CRYPTO_GHASH_S390) += ghash_s390.o 17 17 obj-$(CONFIG_CRYPTO_CRC32_S390) += crc32-vx_s390.o 18 - obj-$(CONFIG_ARCH_RANDOM) += arch_random.o 18 + obj-y += arch_random.o 19 19 20 20 crc32-vx_s390-y := crc32-vx.o crc32le-vx.o crc32be-vx.o 21 21 chacha_s390-y := chacha-glue.o chacha-s390.o
-3
arch/s390/include/asm/archrandom.h
··· 11 11 #ifndef _ASM_S390_ARCHRANDOM_H 12 12 #define _ASM_S390_ARCHRANDOM_H 13 13 14 - #ifdef CONFIG_ARCH_RANDOM 15 - 16 14 #include <linux/static_key.h> 17 15 #include <linux/atomic.h> 18 16 #include <asm/cpacf.h> ··· 48 50 return false; 49 51 } 50 52 51 - #endif /* CONFIG_ARCH_RANDOM */ 52 53 #endif /* _ASM_S390_ARCHRANDOM_H */
-2
arch/s390/kernel/setup.c
··· 876 876 add_device_randomness(&vmms->vm, sizeof(vmms->vm[0]) * vmms->count); 877 877 memblock_free(vmms, PAGE_SIZE); 878 878 879 - #ifdef CONFIG_ARCH_RANDOM 880 879 if (cpacf_query_func(CPACF_PRNO, CPACF_PRNO_TRNG)) 881 880 static_branch_enable(&s390_arch_random_available); 882 - #endif 883 881 } 884 882 885 883 /*
-9
arch/x86/Kconfig
··· 1810 1810 def_bool y 1811 1811 depends on X86_PAT 1812 1812 1813 - config ARCH_RANDOM 1814 - def_bool y 1815 - prompt "x86 architectural random number generator" if EXPERT 1816 - help 1817 - Enable the x86 architectural RDRAND instruction 1818 - (Intel Bull Mountain technology) to generate random numbers. 1819 - If supported, this is a high bandwidth, cryptographically 1820 - secure hardware random number generator. 1821 - 1822 1813 config X86_UMIP 1823 1814 def_bool y 1824 1815 prompt "User Mode Instruction Prevention" if EXPERT
+4 -10
arch/x86/include/asm/archrandom.h
··· 65 65 66 66 /* 67 67 * These are the generic interfaces; they must not be declared if the 68 - * stubs in <linux/random.h> are to be invoked, 69 - * i.e. CONFIG_ARCH_RANDOM is not defined. 68 + * stubs in <linux/random.h> are to be invoked. 70 69 */ 71 - #ifdef CONFIG_ARCH_RANDOM 72 70 73 71 static inline bool __must_check arch_get_random_long(unsigned long *v) 74 72 { ··· 88 90 return static_cpu_has(X86_FEATURE_RDSEED) ? rdseed_int(v) : false; 89 91 } 90 92 91 - extern void x86_init_rdrand(struct cpuinfo_x86 *c); 92 - 93 - #else /* !CONFIG_ARCH_RANDOM */ 94 - 95 - static inline void x86_init_rdrand(struct cpuinfo_x86 *c) { } 96 - 97 - #endif /* !CONFIG_ARCH_RANDOM */ 93 + #ifndef CONFIG_UML 94 + void x86_init_rdrand(struct cpuinfo_x86 *c); 95 + #endif 98 96 99 97 #endif /* ASM_X86_ARCHRANDOM_H */
-2
arch/x86/kernel/cpu/rdrand.c
··· 26 26 */ 27 27 #define SANITY_CHECK_LOOPS 8 28 28 29 - #ifdef CONFIG_ARCH_RANDOM 30 29 void x86_init_rdrand(struct cpuinfo_x86 *c) 31 30 { 32 31 unsigned int changed = 0; ··· 62 63 "RDRAND gives funky smelling output, might consider not using it by booting with \"nordrand\""); 63 64 64 65 } 65 - #endif
-1
drivers/char/Kconfig
··· 431 431 config RANDOM_TRUST_CPU 432 432 bool "Initialize RNG using CPU RNG instructions" 433 433 default y 434 - depends on ARCH_RANDOM 435 434 help 436 435 Initialize the RNG using random numbers supplied by the CPU's 437 436 RNG instructions (e.g. RDRAND), if supported and available. These
-9
drivers/char/hw_random/s390-trng.c
··· 108 108 { 109 109 u64 dev_counter = atomic64_read(&trng_dev_counter); 110 110 u64 hwrng_counter = atomic64_read(&trng_hwrng_counter); 111 - #if IS_ENABLED(CONFIG_ARCH_RANDOM) 112 111 u64 arch_counter = atomic64_read(&s390_arch_random_counter); 113 112 114 113 return sysfs_emit(buf, ··· 117 118 "total: %llu\n", 118 119 dev_counter, hwrng_counter, arch_counter, 119 120 dev_counter + hwrng_counter + arch_counter); 120 - #else 121 - return sysfs_emit(buf, 122 - "trng: %llu\n" 123 - "hwrng: %llu\n" 124 - "total: %llu\n", 125 - dev_counter, hwrng_counter, 126 - dev_counter + hwrng_counter); 127 - #endif 128 121 } 129 122 static DEVICE_ATTR(byte_counter, 0444, trng_counter_show, NULL); 130 123
+1
include/asm-generic/Kbuild
··· 5 5 # asm headers from the host architecutre.) 6 6 7 7 mandatory-y += atomic.h 8 + mandatory-y += archrandom.h 8 9 mandatory-y += barrier.h 9 10 mandatory-y += bitops.h 10 11 mandatory-y += bug.h
+25
include/asm-generic/archrandom.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + #ifndef __ASM_GENERIC_ARCHRANDOM_H__ 3 + #define __ASM_GENERIC_ARCHRANDOM_H__ 4 + 5 + static inline bool __must_check arch_get_random_long(unsigned long *v) 6 + { 7 + return false; 8 + } 9 + 10 + static inline bool __must_check arch_get_random_int(unsigned int *v) 11 + { 12 + return false; 13 + } 14 + 15 + static inline bool __must_check arch_get_random_seed_long(unsigned long *v) 16 + { 17 + return false; 18 + } 19 + 20 + static inline bool __must_check arch_get_random_seed_int(unsigned int *v) 21 + { 22 + return false; 23 + } 24 + 25 + #endif
+1 -8
include/linux/random.h
··· 106 106 */ 107 107 #include <linux/prandom.h> 108 108 109 - #ifdef CONFIG_ARCH_RANDOM 110 - # include <asm/archrandom.h> 111 - #else 112 - static inline bool __must_check arch_get_random_long(unsigned long *v) { return false; } 113 - static inline bool __must_check arch_get_random_int(unsigned int *v) { return false; } 114 - static inline bool __must_check arch_get_random_seed_long(unsigned long *v) { return false; } 115 - static inline bool __must_check arch_get_random_seed_int(unsigned int *v) { return false; } 116 - #endif 109 + #include <asm/archrandom.h> 117 110 118 111 /* 119 112 * Called from the boot CPU during startup; not valid to call once
-1
tools/testing/selftests/wireguard/qemu/kernel.config
··· 58 58 CONFIG_NO_HZ_FULL=n 59 59 CONFIG_HZ_PERIODIC=n 60 60 CONFIG_HIGH_RES_TIMERS=y 61 - CONFIG_ARCH_RANDOM=y 62 61 CONFIG_FILE_LOCKING=y 63 62 CONFIG_POSIX_TIMERS=y 64 63 CONFIG_DEVTMPFS=y