From 8fdae68beab798a841cc2b5af8bb100c0503c3b8 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Fri, 14 Feb 2025 16:32:05 -0800 Subject: [PATCH 01/10] changed snapsafe detection to not use access() --- crypto/fipsmodule/rand/snapsafe_detect.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index dee46c3aa1..e742183d75 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -21,28 +21,16 @@ DEFINE_STATIC_ONCE(aws_snapsafe_init) DEFINE_BSS_GET(volatile uint32_t *, sgc_addr) DEFINE_BSS_GET(int, snapsafety_state) -// aws_snapsafe_check_kernel_support returns 1 if the special sysgenid device -// file exists and 0 otherwise. -static int aws_snapsafe_check_kernel_support(void) { - // This file-exist method is generally brittle. But for our purpose, this - // should be more than fine. - if (access(CRYPTO_get_sysgenid_path(), F_OK) != 0) { - return 0; - } - return 1; -} - static void do_aws_snapsafe_init(void) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; *sgc_addr_bss_get() = NULL; - if (aws_snapsafe_check_kernel_support() != 1) { - return; - } - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; - int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); if (fd_sgc == -1) { + if (errno == EACCES) { + return; + } + *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; return; } @@ -57,6 +45,7 @@ static void do_aws_snapsafe_init(void) { close(fd_sgc); if (addr == MAP_FAILED) { + *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; return; } From 0f0a68420a5de3d5b933d06ee5d2b2d1189e960f Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Mon, 17 Feb 2025 15:51:20 -0800 Subject: [PATCH 02/10] try using stat instead --- crypto/fipsmodule/rand/snapsafe_detect.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index e742183d75..e591c49cdb 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -24,13 +24,13 @@ DEFINE_BSS_GET(int, snapsafety_state) static void do_aws_snapsafe_init(void) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; *sgc_addr_bss_get() = NULL; + if (stat(CRYPTO_get_sysgenid_path()) < 0) { + return; + } + *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); if (fd_sgc == -1) { - if (errno == EACCES) { - return; - } - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; return; } From 4a44013caa46638b84f4a6b938b2fb121f43664f Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Mon, 17 Feb 2025 16:04:40 -0800 Subject: [PATCH 03/10] add struct to store stat data --- crypto/fipsmodule/rand/snapsafe_detect.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index e591c49cdb..bb6576a9d3 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -24,7 +24,8 @@ DEFINE_BSS_GET(int, snapsafety_state) static void do_aws_snapsafe_init(void) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; *sgc_addr_bss_get() = NULL; - if (stat(CRYPTO_get_sysgenid_path()) < 0) { + struct stat fileData; + if (stat(CRYPTO_get_sysgenid_path(), &fileData) < 0) { return; } From 9d38ba63a17f9f3fc791761f242f4309fd8f545a Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Mon, 17 Feb 2025 16:10:29 -0800 Subject: [PATCH 04/10] missing include --- crypto/fipsmodule/rand/snapsafe_detect.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index bb6576a9d3..a3d9fd74cf 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include "../delocate.h" From 862e651c762046a57907fa249173b7bf1568b6d9 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 18 Feb 2025 11:36:36 -0800 Subject: [PATCH 05/10] try babis approach --- crypto/fipsmodule/rand/snapsafe_detect.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index a3d9fd74cf..ba698ba458 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -23,16 +23,20 @@ DEFINE_BSS_GET(volatile uint32_t *, sgc_addr) DEFINE_BSS_GET(int, snapsafety_state) static void do_aws_snapsafe_init(void) { - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; + // *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; *sgc_addr_bss_get() = NULL; - struct stat fileData; - if (stat(CRYPTO_get_sysgenid_path(), &fileData) < 0) { - return; - } + // struct stat fileData; + // if (stat(CRYPTO_get_sysgenid_path(), &fileData) < 0) { + // return; + // } *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; - int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); + + int fd_gcc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); if (fd_sgc == -1) { + if (errno == ENOENT) { + *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; + } return; } @@ -47,7 +51,6 @@ static void do_aws_snapsafe_init(void) { close(fd_sgc); if (addr == MAP_FAILED) { - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; return; } From faf4bd93a8ecda7b1187348466f639b022580f8f Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 18 Feb 2025 11:47:44 -0800 Subject: [PATCH 06/10] fixed typo --- crypto/fipsmodule/rand/snapsafe_detect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index ba698ba458..2c9738e13e 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -32,7 +32,7 @@ static void do_aws_snapsafe_init(void) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; - int fd_gcc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); + int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); if (fd_sgc == -1) { if (errno == ENOENT) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; From 06cc975fc45f8af58e69c6b0d34b9e6c7e46af31 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 18 Feb 2025 12:14:45 -0800 Subject: [PATCH 07/10] cleanup --- crypto/fipsmodule/rand/snapsafe_detect.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index 2c9738e13e..06ff9ffe2e 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -9,7 +9,6 @@ #include #include #include -#include #include #include "../delocate.h" @@ -23,13 +22,7 @@ DEFINE_BSS_GET(volatile uint32_t *, sgc_addr) DEFINE_BSS_GET(int, snapsafety_state) static void do_aws_snapsafe_init(void) { - // *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; *sgc_addr_bss_get() = NULL; - // struct stat fileData; - // if (stat(CRYPTO_get_sysgenid_path(), &fileData) < 0) { - // return; - // } - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); From aee31473c83a62bebbbcda6e72bb087f68361745 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 18 Feb 2025 14:40:35 -0800 Subject: [PATCH 08/10] use stat --- crypto/fipsmodule/rand/snapsafe_detect.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index 06ff9ffe2e..5e61c84381 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include "../delocate.h" @@ -23,13 +24,16 @@ DEFINE_BSS_GET(int, snapsafety_state) static void do_aws_snapsafe_init(void) { *sgc_addr_bss_get() = NULL; - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; + *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; + + struct stat buff; + if (stat(CRYPTO_get_sysgenid_path(), &buff) != 0) { + return; + } + *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); - if (fd_sgc == -1) { - if (errno == ENOENT) { - *snapsafety_state_bss_get() = SNAPSAFETY_STATE_NOT_SUPPORTED; - } + if (fd_sgc != 0) { return; } From f83eb44a1a959004e35c680b7e36f478a584d1e5 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Wed, 19 Feb 2025 14:41:39 -0800 Subject: [PATCH 09/10] change condition --- crypto/fipsmodule/rand/snapsafe_detect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index 5e61c84381..dd5a6d7db0 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -33,7 +33,7 @@ static void do_aws_snapsafe_init(void) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); - if (fd_sgc != 0) { + if (fd_sgc <= 0) { return; } From b59de103616473579f46b1a0b71af818d4a3ee43 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Wed, 19 Feb 2025 14:43:54 -0800 Subject: [PATCH 10/10] change if condition --- crypto/fipsmodule/rand/snapsafe_detect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/snapsafe_detect.c b/crypto/fipsmodule/rand/snapsafe_detect.c index dd5a6d7db0..430445d06c 100644 --- a/crypto/fipsmodule/rand/snapsafe_detect.c +++ b/crypto/fipsmodule/rand/snapsafe_detect.c @@ -33,7 +33,7 @@ static void do_aws_snapsafe_init(void) { *snapsafety_state_bss_get() = SNAPSAFETY_STATE_FAILED_INITIALISE; int fd_sgc = open(CRYPTO_get_sysgenid_path(), O_RDONLY); - if (fd_sgc <= 0) { + if (fd_sgc < 0) { return; }