Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp5870863rwb; Sun, 11 Dec 2022 14:23:50 -0800 (PST) X-Google-Smtp-Source: AA0mqf6QMSYn+sr9lyP6dsv0aClU5vJh9Mini6RWhZqxzY2pLX21AKGhCch9992lr6A/+c6MRKMg X-Received: by 2002:a05:6a20:93a3:b0:ad:a277:e57f with SMTP id x35-20020a056a2093a300b000ada277e57fmr154412pzh.34.1670797430152; Sun, 11 Dec 2022 14:23:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670797430; cv=none; d=google.com; s=arc-20160816; b=hIr7/jP84xeQr2mkWA6FYm7Eg08pC7L6zoThsyBwb+zx/mZQ1XJHhSCa0ITynZuul7 9df2wdt2hTW4xOgnYesnKP369Ap32lBdLxSM9JoUruA0SAiO01Jpatc+t54OqwZ29OkI ABtJyzGeZgTdD1LcLrnOWBiA+xLgfjYppXVloAqnQ10w9ZuupTNsuyqjsFoLCHH8kKVh F5VSR6QnS3hplcm3O6eQP8rxnZs46G7GPX5+QHh+vTCg+NZz4A4s6LdVsYJXw8CoFkP1 SEvo2zagiScmc3/9lp/DrHcK3vU861fnMWkqEetBIOjCqMh5uFgH0HLcjVUAthDBLdTC NCYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ni6ap3ZTSSQLWT4jw5HwfmJdLJiMoNH+N4dU0gGowyA=; b=B0slHmuzQeafrMbq25sG99xbfvkMDXVxOv4zq82JZKO8M6epzahwMZ7ssFoyC2+vso m/sy34xr7bkkLZpdHu5ap3JvMPWnr3ByEbc5equK42MHUmHTF2ONpDwFkH+cFwW6zaqJ oOEozj/yj8dM+4sOEcDI7cnYQ5voOTIYOl/ax9+EvLRJGRyuSe1J5d5e069mxt9oYuMU dY9XknB29+zVT0KO31eq6YOouPUJ4LR1zh6G81S8WUIgiF9Cuz1V5+OWG9xAihLcE2as cueQozgO5lQHKMlamKH6WyQEk7cWWIsx/Hu3t8C3N15VW0JOoVSn3IEI1VJHknxqCyg0 5zuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@mail.huji.ac.il header.s=mailhuji header.b=EYLzQOAo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=huji.ac.il Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k1-20020a056a00168100b005774d572ad3si8626665pfc.31.2022.12.11.14.23.40; Sun, 11 Dec 2022 14:23:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@mail.huji.ac.il header.s=mailhuji header.b=EYLzQOAo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=huji.ac.il Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230345AbiLKWQb (ORCPT + 75 others); Sun, 11 Dec 2022 17:16:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230335AbiLKWQZ (ORCPT ); Sun, 11 Dec 2022 17:16:25 -0500 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75839DECF for ; Sun, 11 Dec 2022 14:16:24 -0800 (PST) Received: by mail-wr1-x431.google.com with SMTP id h12so10289868wrv.10 for ; Sun, 11 Dec 2022 14:16:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ni6ap3ZTSSQLWT4jw5HwfmJdLJiMoNH+N4dU0gGowyA=; b=EYLzQOAopum3pSRQHrpnKxi13r3F+Hy0yhyJAoTuvDz33Ch7Tv2ysaS8m4GyyOxgBi q/k32WQO5EX91YsdGdGMabqCZ9P8blItNhs9fIQM7o1mTlleCHIr3HtU1PIWR6v+z85I cDLhaKRLFOCzCBXGxHMwhxnrJmimSYjeYJIx0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ni6ap3ZTSSQLWT4jw5HwfmJdLJiMoNH+N4dU0gGowyA=; b=0/EKU37xuNrhtAV24vQFIFfFMHwbGwnWh1x6gLCVyPjJ0xauF8P1MvUb+oRDTvilBa IMyEWyyJ2mulv++dBKMzGs8zMazrLHROpyZPfl1f42k/VjEjs4hsv4z4bFNTPGsA1eR/ 6K1o4kzGRB8QGaIHpED3SOM3tAR6BXTsR29WbI02WToOwrKsfeHGu708jNREGKNIovbK yLT/ATuFDUgrUzGaVre2F/Pq8lmuMmbRb3iYin4vSWwaZIDjqldUgQaG0lYQJyri9uiA b5+gQ3WNrdOrDP3/IQtJ21wSqfyVuFYAypbQzwG+oXhF+eVUK11aZSTrEbH2AE1S/uhg j5wA== X-Gm-Message-State: ANoB5pk9kQVJXlwtjB+GCZTbmtsCPsdCtbU/elGy+d60eyNGDSnohJ0W P/xscJMb82I3euDYmTbzSjoSCQ== X-Received: by 2002:a05:6000:81a:b0:242:69f4:cb6f with SMTP id bt26-20020a056000081a00b0024269f4cb6fmr9084177wrb.32.1670796982926; Sun, 11 Dec 2022 14:16:22 -0800 (PST) Received: from MacBook-Pro-5.lan ([2a0d:6fc2:218c:1a00:a91c:f8bf:c26f:4f15]) by smtp.gmail.com with ESMTPSA id d7-20020adffd87000000b002422bc69111sm8605805wrr.9.2022.12.11.14.16.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 11 Dec 2022 14:16:22 -0800 (PST) From: david.keisarschm@mail.huji.ac.il To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: David , aksecurity@gmail.com, ilay.bahat1@gmail.com, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 2/5] Replace invocation of weak PRNG in kernel/bpf/core.c Date: Mon, 12 Dec 2022 00:16:05 +0200 Message-Id: <7c16cafe96c47ff5234fbb980df9d3e3d48a0296.1670778652.git.david.keisarschm@mail.huji.ac.il> X-Mailer: git-send-email 2.38.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David We changed the invocation of prandom_u32_state to get_random_u32. We deleted the maintained state, which was a CPU-variable, since get_random_u32 maintains its own CPU-variable. We also deleted the state initializer, since it is not needed anymore. Signed-off-by: David --- include/linux/bpf.h | 1 - kernel/bpf/core.c | 13 +------------ kernel/bpf/verifier.c | 2 -- net/core/filter.c | 1 - 4 files changed, 1 insertion(+), 16 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index c1bd1bd10..0689520b9 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2572,7 +2572,6 @@ const struct bpf_func_proto *tracing_prog_func_proto( enum bpf_func_id func_id, const struct bpf_prog *prog); /* Shared helpers among cBPF and eBPF. */ -void bpf_user_rnd_init_once(void); u64 bpf_user_rnd_u32(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); u64 bpf_get_raw_cpu_id(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 4cb5421d9..a6f06894e 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -2579,13 +2579,6 @@ void bpf_prog_free(struct bpf_prog *fp) } EXPORT_SYMBOL_GPL(bpf_prog_free); -/* RNG for unpriviledged user space with separated state from prandom_u32(). */ -static DEFINE_PER_CPU(struct rnd_state, bpf_user_rnd_state); - -void bpf_user_rnd_init_once(void) -{ - prandom_init_once(&bpf_user_rnd_state); -} BPF_CALL_0(bpf_user_rnd_u32) { @@ -2595,12 +2588,8 @@ BPF_CALL_0(bpf_user_rnd_u32) * transformations. Register assignments from both sides are * different, f.e. classic always sets fn(ctx, A, X) here. */ - struct rnd_state *state; u32 res; - - state = &get_cpu_var(bpf_user_rnd_state); - res = predictable_rng_prandom_u32_state(state); - put_cpu_var(bpf_user_rnd_state); + res = get_random_u32(); return res; } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 264b3dc71..9f22fb3fa 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -14049,8 +14049,6 @@ static int do_misc_fixups(struct bpf_verifier_env *env) if (insn->imm == BPF_FUNC_get_route_realm) prog->dst_needed = 1; - if (insn->imm == BPF_FUNC_get_prandom_u32) - bpf_user_rnd_init_once(); if (insn->imm == BPF_FUNC_override_return) prog->kprobe_override = 1; if (insn->imm == BPF_FUNC_tail_call) { diff --git a/net/core/filter.c b/net/core/filter.c index bb0136e7a..7a595ac00 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -443,7 +443,6 @@ static bool convert_bpf_extensions(struct sock_filter *fp, break; case SKF_AD_OFF + SKF_AD_RANDOM: *insn = BPF_EMIT_CALL(bpf_user_rnd_u32); - bpf_user_rnd_init_once(); break; } break; -- 2.38.0