[v4,02/11] device-tree: add re-randomization helper function

When the system reboots, the rng-seed that the FDT has should be
re-randomized, so that the new boot gets a new seed. Several
architectures require this functionality, so export a function for
injecting a new seed into the given FDT.

Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 include/sysemu/device_tree.h |  9 +++++++++
 softmmu/device_tree.c        | 21 +++++++++++++++++++++
 2 files changed, 30 insertions(+)

On Tue, Oct 25, 2022 at 10:51 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> When the system reboots, the rng-seed that the FDT has should be
> re-randomized, so that the new boot gets a new seed. Several
> architectures require this functionality, so export a function for
> injecting a new seed into the given FDT.
>
> Cc: Alistair Francis <alistair.francis@wdc.com>
> Cc: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Alistair

> ---
>  include/sysemu/device_tree.h |  9 +++++++++
>  softmmu/device_tree.c        | 21 +++++++++++++++++++++
>  2 files changed, 30 insertions(+)
>
> diff --git a/include/sysemu/device_tree.h b/include/sysemu/device_tree.h
> index e7c5441f56..ca5339beae 100644
> --- a/include/sysemu/device_tree.h
> +++ b/include/sysemu/device_tree.h
> @@ -197,6 +197,15 @@ int qemu_fdt_setprop_sized_cells_from_array(void *fdt,
>                                                  qdt_tmp);                 \
>      })
>
> +
> +/**
> + * qemu_fdt_randomize_seeds:
> + * @fdt: device tree blob
> + *
> + * Re-randomize all "rng-seed" properties with new seeds.
> + */
> +void qemu_fdt_randomize_seeds(void *fdt);
> +
>  #define FDT_PCI_RANGE_RELOCATABLE          0x80000000
>  #define FDT_PCI_RANGE_PREFETCHABLE         0x40000000
>  #define FDT_PCI_RANGE_ALIASED              0x20000000
> diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
> index ce74f3d48d..30aa3aea9f 100644
> --- a/softmmu/device_tree.c
> +++ b/softmmu/device_tree.c
> @@ -22,6 +22,7 @@
>  #include "qemu/option.h"
>  #include "qemu/bswap.h"
>  #include "qemu/cutils.h"
> +#include "qemu/guest-random.h"
>  #include "sysemu/device_tree.h"
>  #include "hw/loader.h"
>  #include "hw/boards.h"
> @@ -680,3 +681,23 @@ void hmp_dumpdtb(Monitor *mon, const QDict *qdict)
>
>      info_report("dtb dumped to %s", filename);
>  }
> +
> +void qemu_fdt_randomize_seeds(void *fdt)
> +{
> +    int noffset, poffset, len;
> +    const char *name;
> +    uint8_t *data;
> +
> +    for (noffset = fdt_next_node(fdt, 0, NULL);
> +         noffset >= 0;
> +         noffset = fdt_next_node(fdt, noffset, NULL)) {
> +        for (poffset = fdt_first_property_offset(fdt, noffset);
> +             poffset >= 0;
> +             poffset = fdt_next_property_offset(fdt, poffset)) {
> +            data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);
> +            if (!data || strcmp(name, "rng-seed"))
> +                continue;
> +            qemu_guest_getrandom_nofail(data, len);
> +        }
> +    }
> +}
> --
> 2.38.1
>
>

On 25/10/22 02:43, Jason A. Donenfeld wrote:
> When the system reboots, the rng-seed that the FDT has should be
> re-randomized, so that the new boot gets a new seed. Several
> architectures require this functionality, so export a function for
> injecting a new seed into the given FDT.
> 
> Cc: Alistair Francis <alistair.francis@wdc.com>
> Cc: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
>   include/sysemu/device_tree.h |  9 +++++++++
>   softmmu/device_tree.c        | 21 +++++++++++++++++++++
>   2 files changed, 30 insertions(+)

> +void qemu_fdt_randomize_seeds(void *fdt)
> +{
> +    int noffset, poffset, len;
> +    const char *name;
> +    uint8_t *data;
> +
> +    for (noffset = fdt_next_node(fdt, 0, NULL);
> +         noffset >= 0;
> +         noffset = fdt_next_node(fdt, noffset, NULL)) {
> +        for (poffset = fdt_first_property_offset(fdt, noffset);
> +             poffset >= 0;
> +             poffset = fdt_next_property_offset(fdt, poffset)) {
> +            data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);

Is this non-const cast is safe?

> +            if (!data || strcmp(name, "rng-seed"))
> +                continue;
> +            qemu_guest_getrandom_nofail(data, len);

Shouldn't we read to the stack and fill with fdt_setprop_inplace()?

> +        }
> +    }
> +}

On Tue, Oct 25, 2022 at 3:30 PM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:
>
> On 25/10/22 02:43, Jason A. Donenfeld wrote:
> > When the system reboots, the rng-seed that the FDT has should be
> > re-randomized, so that the new boot gets a new seed. Several
> > architectures require this functionality, so export a function for
> > injecting a new seed into the given FDT.
> >
> > Cc: Alistair Francis <alistair.francis@wdc.com>
> > Cc: David Gibson <david@gibson.dropbear.id.au>
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > ---
> >   include/sysemu/device_tree.h |  9 +++++++++
> >   softmmu/device_tree.c        | 21 +++++++++++++++++++++
> >   2 files changed, 30 insertions(+)
>
> > +void qemu_fdt_randomize_seeds(void *fdt)
> > +{
> > +    int noffset, poffset, len;
> > +    const char *name;
> > +    uint8_t *data;
> > +
> > +    for (noffset = fdt_next_node(fdt, 0, NULL);
> > +         noffset >= 0;
> > +         noffset = fdt_next_node(fdt, noffset, NULL)) {
> > +        for (poffset = fdt_first_property_offset(fdt, noffset);
> > +             poffset >= 0;
> > +             poffset = fdt_next_property_offset(fdt, poffset)) {
> > +            data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);
>
> Is this non-const cast is safe?

This is how the libfdt/fdt_rw.c helpers of libfdt do it, so I think so.

Jason