From nobody Mon Feb 28 17:37:08 2022 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1AB7419ECF25 for ; Mon, 28 Feb 2022 17:37:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K6ncz5jLWz3lM6 for ; Mon, 28 Feb 2022 17:37:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A46CB1F6EC for ; Mon, 28 Feb 2022 17:37:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 21SHb7IC021218 for ; Mon, 28 Feb 2022 17:37:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 21SHb7BC021217 for bugs@FreeBSD.org; Mon, 28 Feb 2022 17:37:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 262192] Crashes at boot with kern.random.initial_seeding.bypass_before_seeding=0 in randomdev_wait_until_seeded() Date: Mon, 28 Feb 2022 17:37:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: cem@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646069827; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=96xA39c4I1Z5o1TrtWqWkpkqYddu2oKI5S8Q/UpX+VU=; b=ESUfQc3sIYxNH/vcRdaB6j5LT+/Bdp4/GqcunlOi+tQSZeQ+kTgBpIjs6B35VqH+YZg9Eu P7T3LP1VV4yxXlyzLl+zMoE2+cVeF6OoV406vbO6qaPYQ0E9gb5DnbL661qPlDxJLKXq6c +IsCopikIMaLEf7DMVsM1sa/7jueQ0MXUr1/q42JQPsWm9bByBCRUUJGgXd7wqMnn0c3uy 3aUxg0AeuG3XBfWTpyZQHe2nzpBDvDZYVd0e4VpfcliWCW0Hj/opas8x4O97RRYZIDuAKG qFsj1+nbdS8ZGFu+IAMmSp+yKmBIe0lu+1KigZv2Q0j3vhEuQnBokxlFwDPIBg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646069827; a=rsa-sha256; cv=none; b=DrkFtEFXETzSD4ub1EQcVrE4ieJLI4RPQc1fie6qpSq2ermfYIqe1i9s94g/LD8QpPVyzh ZM1PfRPljkobjaTsM8JPya6FL/5XeUsVZPasqvBIjwghioKr3CBe5bWDp6bcEpbgjCtksG kVX8dRq+gPJuT7hMDuHHsONom7pKfa6rxfneV9cQW5cV+4jRVRzp1Bi3rjUWyyZX5YwIF3 xJQREmPejPGWitZRogo+Fz1emAQTGCrM2WNNSd3vEI9r1+D2fBNGhAXi7yrhSty0zkZce9 Ocxnui1ZPLL7YM/DfJf+UVDmz8GUITGGTd2Jxu8jshAVnO+G58MIR6lhc1OT4Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262192 --- Comment #6 from Conrad Meyer --- (In reply to Olivier Certner from comment #5) Hi Olivier, Yes, the CSPRNG subsystem is not really designed to be usable from very ear= ly in boot with a read-only image, with the various problems you accurately describe. As far as uncovering stack overflow bugs: doesn't a system without stack cookies also work to uncover stack overflow bugs? Most of the time, accide= ntal corruption of the return address will also crash the process. > Don't know the inner details of SSP, but is the same guard used for all p= rocesses/threads? The initialization described in this bug is only for the kernel's stack cookies. The kernel is essentially a privileged process that lives for the entire boot. As far as I know, there is no way to safely change the stack guard cookie values of the running kernel. (I imagine you would have to suspend all cores, including interrupts, and walk all thread stacks, rewrit= ing the cookies. Or add a layer of indirection to stack check failures.) Userspace initializes __stack_chk_guard in lib/libc/secure/stack_protector.= c, from the AT_CANARY auxinfo. Auxinfo is initialized in sys/kern/imgact_elf.c from imgp->canary. For FreeBSD processes (Linuxemul differs), canary is initialized in sys/kern/kern_exec.c by arc4rand(9). In short, userspace processes are seeded with their own stack guards based = on the best random available when they are started -- not a clone of the kerne= l's stack guards. (Intuitively, leaking the kernel stack guards to userspace processes would kind of defeat the point of having unpredictable kernel sta= ck guards. And shared userspace stack guards between processes would also somewhat defeat the point of having unpredictable stack guards.) I think the most satisfying directions for you to pursue are likely going t= o be (1) static kernel stack guards, if you can live with that and if that is the only early random request blocking boot or (2) implementing early on-demand seeding in one of the ways discussed in comment #4. Best, Conrad --=20 You are receiving this mail because: You are the assignee for the bug.=