Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp1592569rwj; Sun, 18 Dec 2022 11:18:38 -0800 (PST) X-Google-Smtp-Source: AA0mqf6OoXr6ECuz4Rf7FOmNU1cW2VKR2JJ9DY/KjQxwItBb24X+O3GUBnoKqhM4olcSgrZCyqBn X-Received: by 2002:a05:6a20:c19f:b0:ad:c694:5956 with SMTP id bg31-20020a056a20c19f00b000adc6945956mr31787496pzb.62.1671391118142; Sun, 18 Dec 2022 11:18:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671391118; cv=none; d=google.com; s=arc-20160816; b=h+xGFVGuLnpud4dzLD3k9A7u32U400j/zfX3P5rD3V2MGfn5ve02gm5Sg3Eywwu/49 H9LJeuFTFmMNieUiQn4P4aNLQnZ+WyRKL/rOgQzE3MEBjGwNbvPKcF6STgPZArMhgRI4 vblaXThXxbYY8FKvVjufXqglhTXEOUdyV73U5JW/LAsve8pv502dKxcnYy+feNsyES9C rb7AIhxZNWGXFsuVAAD+bJeDSZcFML/dmQ4bDkPt65UTlYGt9QORHeguPrYGDFSGShfr FwhbhwU7/D8eqHwuDM6CHjyaMW3a+2uLiBBqTUH/TTbOO/iN2syddB3QQnUD78Fmo7J5 EWug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Yxdu72YhCTISL2BPtVB+B8zb3J0dRA9fDH5fu8L77EM=; b=uVfVDbd5qVFCHKJxBluY7/9L5IP5bGeLRUvmlcFbs1WxKO3br7kTyubTNk+db8L0Lu 1b8EIM1RqBM4Si1/QHK2sicZjyUgQ3Po1Gpz7IHQACtmFqJTKnkxeZLn1VyOhQJhkN/Y k03IvX2YQbwPYDWdoQ0xfRerbRZblXCdl748yXzzQxlDRBz4qVl6ZLr5jCTooFIh8jAI 5YM/H+HKDYnGBPMjsMGQoO3x/FU3SKraltMdi45F1uaQPDu6PtWOiWpCAWMHCn8Cy+JQ Ph1SGx4GhafrHziLNhiGBhC6VuOJnYWzMzHbZ7zp+Js2NvlB63IwdyP9nh64xcX3LHaq ABJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@mail.huji.ac.il header.s=mailhuji header.b=ofTP31M0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=huji.ac.il Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g2-20020a636b02000000b004791c673bcesi8549764pgc.682.2022.12.18.11.18.29; Sun, 18 Dec 2022 11:18:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@mail.huji.ac.il header.s=mailhuji header.b=ofTP31M0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=huji.ac.il Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231245AbiLRSbQ (ORCPT + 70 others); Sun, 18 Dec 2022 13:31:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35358 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230455AbiLRSaf (ORCPT ); Sun, 18 Dec 2022 13:30:35 -0500 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABF1355B0 for ; Sun, 18 Dec 2022 10:19:06 -0800 (PST) Received: by mail-wr1-x432.google.com with SMTP id w15so6784889wrl.9 for ; Sun, 18 Dec 2022 10:19:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Yxdu72YhCTISL2BPtVB+B8zb3J0dRA9fDH5fu8L77EM=; b=ofTP31M0qkkWWR1vwtEoZJ3F61v0rpEoDk5RKSZw4+WHAw9KRF1dDlLhfqIhke21/C gvAqtaS5IEdG0wOIV+MCawfTFs/s57vteMpt/5rsYsmMsiKMbX7VOdo6K01IGjEei3Mi gKC8S6Px/FBRos77qCtzDAzncon4bagRkSDt4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Yxdu72YhCTISL2BPtVB+B8zb3J0dRA9fDH5fu8L77EM=; b=FGfRPjw3roJdPrf5jZgIr9lUX+W36Ox67OM3lPHltqn4ck0+ARvb4KILKcv95eaMtV 6MYtqO2zzqfI5zDvWwe6oOugvsLXiguFgBoOzPaEzyB+VO8YZDYlL6AOitoRmSn9Fp++ xZQSzzrhPvka8uhCMlDUWmarZHscyQFrKz5cpO4HSd2pyPFlp18tSWTrzmd1VlQKEKMs 6m3Sleg3XJxnok09ikIXXtIVWtjvV4UDduN8tl5wnHRvyUZGXbKUVEazgo2qppntFiA+ ECauzr/WS4qnWej81qo2E/WebpoWqQkOdOWA7eiJeZrb94NksWhYBFIqKxKIp7sWlhsC 77Kg== X-Gm-Message-State: ANoB5pmgcaKsxiUgXu5xH15fH8E86Fr9W48E4nV4JLImq+E9VWnp0O7m xQaJAsK1D4CTChgX5FBhvPzVuJ1+etyL6YN414W/RqR0L01d2LtpmU4VOfHbcMEHujnNCs+u69u QX4OjWDEpVtvwZyY77C3UNnNL/uJ1UpyRB11fzRXMw1/jPMbvUwzNOPrHS/AdF0HThy0XUKb7So yZw+GuWHgOartD12rzFNlCnWg= X-Received: by 2002:adf:ee12:0:b0:242:1cc2:b1eb with SMTP id y18-20020adfee12000000b002421cc2b1ebmr25898728wrn.5.1671387544992; Sun, 18 Dec 2022 10:19:04 -0800 (PST) Received: from MacBook-Pro-6.lan ([2a0d:6fc2:218c:1a00:c45e:1c4b:fab4:ee34]) by smtp.gmail.com with ESMTPSA id b13-20020a05600003cd00b0024cb961b6aesm7956489wrg.104.2022.12.18.10.19.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Dec 2022 10:19:04 -0800 (PST) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org Cc: Jason@zx2c4.com, David Keisar Schmidt , aksecurity@gmail.com, ilay.bahat1@gmail.com, bpf@vger.kernel.org Subject: [PATCH v3 0/3] Replace invocations of prandom_u32() with get_random_u32() Date: Sun, 18 Dec 2022 20:18:57 +0200 Message-Id: X-Mailer: git-send-email 2.38.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Keisar Schmidt Hi, This third series add some changes to the commit messages, and also replaces get_random_u32 with get_random_u32_below, in a case a modulo operation is done on the result. The security improvements for prandom_u32 done in commits c51f8f88d705 from October 2020 and d4150779e60f from May 2022 didn't handle the cases when prandom_bytes_state() and prandom_u32_state() are used. Specifically, this weak randomization takes place in three cases: 1. mm/slab.c 2. mm/slab_common.c 3. arch/x86/mm/kaslr.c The first two invocations (mm/slab.c, mm/slab_common.c) are used to create randomization in the slab allocator freelists. This is done to make sure attackers can’t obtain information on the heap state. The last invocation, inside arch/x86/mm/kaslr.c, randomizes the virtual address space of kernel memory regions. Hence, we have added the necessary changes to make those randomizations stronger, switching prandom_u32 instances to get_random_u32. # Changes since v2 * edited commit message in all three patches. * replaced instances of get_random_u32 with get_random_u32_below in mm/slab.c, mm/slab_common.c # Changes since v1 * omitted the renaming patch, per the feedback we received * omitted the replace of prandom_u32_state with get_random_u32 in bpf/core.c as it turned out to be a duplicate of a patch suggested earlier by Jason Donenfeld Regards, David Keisar Schmidt (3): Replace invocation of weak PRNG in mm/slab.c Replace invocation of weak PRNG inside mm/slab_common.c Replace invocation of weak PRNG in arch/x86/mm/kaslr.c arch/x86/mm/kaslr.c | 5 +---- mm/slab.c | 25 ++++++++++--------------- mm/slab_common.c | 11 +++-------- 3 files changed, 14 insertions(+), 27 deletions(-) -- 2.38.0