Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp790284ybb; Sat, 28 Mar 2020 10:08:56 -0700 (PDT) X-Google-Smtp-Source: ADFU+vs7gWTPR7tzC1G5bMPy5f/kDiNy71rtAtCq+IOgdfrItP0OvQMLAglo6wI/FWRBPKWWgn2Y X-Received: by 2002:a4a:6841:: with SMTP id a1mr4067241oof.18.1585415336137; Sat, 28 Mar 2020 10:08:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585415336; cv=none; d=google.com; s=arc-20160816; b=btRW/3r8QqjvgCgjI8VtVMQi5vxWge34IkqwWPFw28IYDnX0t0Xb2G6cAHwgY4sDqZ T57Je0ZORtokpvx562TUivQ+sHgk/LyX37YvwIa9LWW/ksLan2T18I2g2627pkZvDHnv NogevKoUjHEya/0JWkC2MxJRK0DOAfGIIvAezSShsC045YUWE5+ePvUhLwIm/LMyjs+E mvHZZi/4eg5WCwda4bA1DiPrJRE45BVzFpYcUHsbGog/zFZU+94+t/cEVsnJo477Pf4V Fehnn5pPWN2rkcRQnixEDrV+iEPe0ii1L0AQAYgI5V+q2hJp691oItIrgJQO+L4t95mz qn7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:content-transfer-encoding :mime-version:subject:date:from:message-id; bh=ak2TTPN7rswFWtwbPIBF+NdLJSnqlnlyo81vB+UIp0A=; b=zzqJxrZ+jx0D1PtxIG1+vbV/F/SmlquTpkG1ggrH0ZmGky2wwRon29NSS3IM2lFcXI E+1eyj6r2GdCg800/V05hwajD9te5It4BG4F0CRidBNQ8gIu3BHhLCoz2Wn2J+8SLauq lEQJPV97sdjJnOFJehA+Hsps2KBWeW7YTg/k+fH5dXI8UVInWwsVjW2E24z2PjzVHUil EBXksl2y5KpJOTBNCubVARZ1G0z3YoU5LyI9u50wa7dDseKmAYoR5Uuf6x8qkMvK2pt6 XLOwsaAcMvkyM6kZeMLGLCQ71ZTlvlMLNZuCi9b+C4HtvPZiiB+Z4V5W56qINUtaPYsN j6lg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m5si2751325otp.41.2020.03.28.10.08.43; Sat, 28 Mar 2020 10:08:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726380AbgC1RHP (ORCPT + 99 others); Sat, 28 Mar 2020 13:07:15 -0400 Received: from mx.sdf.org ([205.166.94.20]:62766 "EHLO mx.sdf.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725807AbgC1RHP (ORCPT ); Sat, 28 Mar 2020 13:07:15 -0400 Received: from sdf.org (IDENT:lkml@sdf.lonestar.org [205.166.94.16]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 02SH7E98002914 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO); Sat, 28 Mar 2020 17:07:15 GMT Received: (from lkml@localhost) by sdf.org (8.15.2/8.12.8/Submit) id 02SH7EEB025951; Sat, 28 Mar 2020 17:07:14 GMT Message-Id: <202003281707.02SH7EEB025951@sdf.org> From: George Spelvin Date: Sun, 8 Mar 2020 09:44:59 -0400 Subject: [RFC PATCH v1 04/50] batman-adv: fix batadv_nc_random_weight_tq MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To: linux-kernel@vger.kernel.org, lkml@sdf.org Cc: Martin Hundeboll , Marek Lindner , Simon Wunderlich , Antonio Quartulli , Sven Eckelmann , b.a.t.m.a.n@diktynna.open-mesh.org Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org and change to pseudorandom numbers, as this is a traffic dithering operation that doesn't need crypto-grade. The previous code operated in 4 steps: 1) Generate a random byte 0 <= rand_tq <= 255 2) Multiply it by BATADV_TQ_MAX_VALUE - tq 3) Divide by 255 (= BATADV_TQ_MAX_VALUE) 4) Return BATADV_TQ_MAX_VALUE - rand_tq This would apperar to scale (BATADV_TQ_MAX_VALUE - tq) by a random value between 0/255 and 255/255. But! The intermediate value between steps 3 and 4 is stored in a u8 variable. So it's truncated, and most of the time, is less than 255, after which the division produces 0. Specifically, if tq is odd, the product is always even, and can never be 255. If tq is even, there's exactly one random byte value that will produce a product byte of 255. Thus, the return value is 255 (511/512 of the time) or 254 (1/512 of the time). If we assume that the truncation is a bug, and the code is meant to scale the input, a simpler way of looking at it is that it's returning a random value between tq and BATADV_TQ_MAX_VALUE, inclusive. Well, we have an optimized function for doing just that. Signed-off-by: George Spelvin Cc: Martin Hundebøll Cc: Marek Lindner Cc: Simon Wunderlich Cc: Antonio Quartulli Cc: Sven Eckelmann Cc: b.a.t.m.a.n@lists.open-mesh.org --- net/batman-adv/network-coding.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index 580609389f0f7..70e3b161c6635 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -1009,15 +1009,8 @@ static struct batadv_nc_path *batadv_nc_get_path(struct batadv_priv *bat_priv, */ static u8 batadv_nc_random_weight_tq(u8 tq) { - u8 rand_val, rand_tq; - - get_random_bytes(&rand_val, sizeof(rand_val)); - /* randomize the estimated packet loss (max TQ - estimated TQ) */ - rand_tq = rand_val * (BATADV_TQ_MAX_VALUE - tq); - - /* normalize the randomized packet loss */ - rand_tq /= BATADV_TQ_MAX_VALUE; + u8 rand_tq = prandom_u32_max(BATADV_TQ_MAX_VALUE + 1 - tq); /* convert to (randomized) estimated tq again */ return BATADV_TQ_MAX_VALUE - rand_tq; -- 2.26.0