From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDAD3C77B61 for ; Sun, 16 Apr 2023 17:21:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A11406B0072; Sun, 16 Apr 2023 13:21:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9C36E6B0074; Sun, 16 Apr 2023 13:21:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 888B16B0075; Sun, 16 Apr 2023 13:21:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 781696B0072 for ; Sun, 16 Apr 2023 13:21:04 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 457FB4025A for ; Sun, 16 Apr 2023 17:21:04 +0000 (UTC) X-FDA: 80687919648.02.5BB2983 Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by imf23.hostedemail.com (Postfix) with ESMTP id DE7C1140003 for ; Sun, 16 Apr 2023 17:21:01 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b=iWlAYsnw; spf=pass (imf23.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.128.51 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il; dmarc=pass (policy=none) header.from=huji.ac.il ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681665662; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=8YLwTQZZnbXOgemqdrps8fA9Gldg2HuKE0/7cxnQpFQ=; b=Dm4EVqT2XwqY5BAx0U7y0lEw4o108C7E58m9N7G+MQx10915Yn9tQv6ZzieVaExSDNxvAk dxCZs/Yr1mjmfGj8t3BB3yrEx8hxBF6w0gOoAl1FPVo3EMMqZtDgA3CJbFz5AJeuA8P9ry /aOrvsQ6w/4rJ3kvpYGEYyQQQQFFxHE= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b=iWlAYsnw; spf=pass (imf23.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.128.51 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il; dmarc=pass (policy=none) header.from=huji.ac.il ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681665662; a=rsa-sha256; cv=none; b=VZwGvFX7HIE+neajDyE9ar7xPhkit7t4anSeAa9uiezNKv3aXalyX70LhBmdp05ji/Dhjx NN5kehJcdlJahair/l6Mic4N0vCSQgiN3obur/mSBrvKKDLtZDi4aPzu9F5nQ9mWfk7IkG JwjtxFPA2uRSEYbOUfFRAigUJhf4+bI= Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-3f09d088fabso5119515e9.2 for ; Sun, 16 Apr 2023 10:21:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; t=1681665660; x=1684257660; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8YLwTQZZnbXOgemqdrps8fA9Gldg2HuKE0/7cxnQpFQ=; b=iWlAYsnwgQX8Cv+0u7jNsJWFqYxZ/C8lGVSRKgRj3qP9oakqkaEJs2uFMcFTHctaw7 eti0dU8HdJ+9qMsAbXIjxj582Q6F3mBHIm6bv9udoEKE0ghGEoQIbvTBDlfzT8G+iPXs VSmBSe2HoXbw5z84nYJNq0q5chYouFQSyPLZM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681665660; x=1684257660; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8YLwTQZZnbXOgemqdrps8fA9Gldg2HuKE0/7cxnQpFQ=; b=Kf+PQO+51DSAEQteYtSZekddHkuWaZ0aM8dC8nzHcxGvBMmjXmzkWBANqZcJK9bs3U PqeFvZHnf/lZO+LJkqQVQXfK1xIhwcXJQtej/lmXGAcRkWCAs04itcJZXxIfVegINDTw ioROccNS00o1c4yejb1of8T/2EurATTwOCNFvjFFPlsXYxyIH9aGuW/fzz9jpSb1vK/Y 0ndxfNV1YSy9pukW4SF78X1WItNz20LwjGRCz44MOE/GKBJhiE+a/VFQBhr1/Z+Ub3/u covIjlzmzLrhQXYi7bsi5aR+dNlAXYQEN4mPdN8c49LNSYPTG9hFLpqW812HydE/hn7t m04Q== X-Gm-Message-State: AAQBX9dTqY62iBv9ZgpqMWWxLRt2qYbGmCULO+klfZHgE5L4qgUPy1yP bTxfgAEzWZJToEbbC5I5Bi2QNw== X-Google-Smtp-Source: AKy350YuviM0vIUObaHotGRnvr9Vjw1j/ME0ncg+8Bba8DVf81OeLpLoAEtituVxJhkT4xf7F/zZUQ== X-Received: by 2002:a05:6000:151:b0:2fa:9036:9cf with SMTP id r17-20020a056000015100b002fa903609cfmr302208wrx.37.1681665659757; Sun, 16 Apr 2023 10:20:59 -0700 (PDT) Received: from localhost.localdomain ([94.159.161.55]) by smtp.gmail.com with ESMTPSA id s15-20020adfeb0f000000b002c55306f6edsm8496525wrn.54.2023.04.16.10.20.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Apr 2023 10:20:59 -0700 (PDT) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org Cc: Jason@zx2c4.com, linux-mm@kvack.org, akpm@linux-foundation.org, vbabka@suse.cz, 42.hyeyoo@gmail.com, mingo@redhat.com, hpa@zytor.com, keescook@chromium.org, David Keisar Schmidt , ilay.bahat1@gmail.com, aksecurity@gmail.com Subject: [PATCH v5 0/3] Replace invocations of prandom_u32() with get_random_u32() Date: Sun, 16 Apr 2023 20:20:56 +0300 Message-Id: <20230416172056.13086-1-david.keisarschm@mail.huji.ac.il> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Stat-Signature: 1rbd8amd1sxsdtm747woqipywf5x6c1m X-Rspam-User: X-Rspamd-Queue-Id: DE7C1140003 X-Rspamd-Server: rspam06 X-HE-Tag: 1681665661-435509 X-HE-Meta: U2FsdGVkX19QOzsEh/cBEkurofOE0Zh/e9UCku9qPwBN2BmL3UbxnSQN2sqOJ+8ydAGxsdDuK5Q0bfR/yVOmLVaSivPWF6azzFVM0DAHC1GpdtyC9cLjVAING6/HUK15VfO1bUKZOJsdpdpYNcGqqt9AHLlgVhtU4vEVvBLf/2BKxP/g9bXSxCYBTb5++zVWda0oAZTwcbVhrINyebz387+A2nnRTN79yJD7Z6a/l7pG5Ejzr68vbTUt2o5t8pTqgFhXZA8JFDxsQ/8lz5HCMikXVK7CF4iNTFx9IvcRqYLE+3U4CghHORbV7XruRRBiVGcJXYAQ8O5LwfLrWygEsz+saENzKOk9lspJ1yO2kJr+UNbVCMG/iPRlFwndl4PEu4tmWDMWlqKVr8ZoX2n0Lw4+0Zf6dYZt+KY8dcAU8IV44H9QWvdSJuMycdzsTYmB84GmF0/FIts5ujIUU3t5QhxSiUptNGMIyZFntL3uPP5map3+vKeUVsXq+5yKLv0KjfejJ/WApMymVGMFm9xwqRkCXkQOqGZexWP8H0+MWPbgIohf632UMzwcFEiz05UtLNhg7pepJtY9vTMUJzeaz4A6q2TFiVmU+BMXhgBErpq7ZJQgwcO+Bp3EH8Usjyn99dQfk8XuvWrd5xq2wEtuGMoq6OXLqLSu/x0SsHeOWMgXkh9Vff+FykAj+28i1BThQjR3aXikP6U6j1m7KRQUYN9OQgEShHlksnmCfw2WqKxqkImv+B+7HrmED3frxG6EMWtWxyXfXC0riAjHA27FqkSB5cNOLaAObFDFdILYPj5NCKF+g4QjXPiMT/WWmIyjwYqnvfPI/qw+ycaAcAs4yP5vIFpqtYbrBSXfWe8UyhgPQL7BGAC5Oi0UPXVcmL580hn9v2z69T3gao+kCbC6wSjZeq5dlQiOdPozOMGG6BiLSR+4AHzb572pB3EAm6xJ1uVNy7P23GZqYloJNid 4v1YUKxM QiNfbDwgXieN6YYlNO3nEKfOsJ+H9A5T48h2xPYHZh85zv9JjdDDUTlWSjy/NlVu0VS2wwPee7I52Ta5ZSOMLNxvWG9N/jidTwbgbDifUOVaC8Dd0/eInlCfTCI2DxF/HeVLA6JHh0Me5m+CMIWUMHCl26fo1l3Jl37ZpvJdPuE4UwQY6sWfGLkGU5nnlm3P5CgYQbXJ1rtGWptNVIebfhS8TfF9eKXi38cx8/Sxbw4mc701qkgwdmslC9exHH58Txfhs5qbu0zZ0CW+NBOvrTuUEks7peXYHNTMzGB4ogMP0sjBP0u3CB4SlSW/6Cr+NvKGBfiqQ7K/5tdG6Re1lgY2UW0gyjGGjZ5zfMilMDThI8JkRz3rgAaGeR15o1Y0yGioMIoPL9hGWXl6C0xe9OGihxD3ubeno14YhAwNj+NJ0mC8Vgx9zrhGZjhaE0/PAUPQXW/7ypxhbTvdQpQKyCKSVXZhmptPzBG86UXcDrcuKAHqpyw3dUPAu8Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: David Keisar Schmidt Hi, The security improvements for prandom_u32 done in commits c51f8f88d705 from October 2020 and d4150779e60f from May 2022 didn't handle the cases when prandom_bytes_state() and prandom_u32_state() are used. Specifically, this weak randomization takes place in three cases: 1. mm/slab.c 2. mm/slab_common.c 3. arch/x86/mm/kaslr.c The first two invocations (mm/slab.c, mm/slab_common.c) are used to create randomization in the slab allocator freelists. This is done to make sure attackers can’t obtain information on the heap state. The last invocation, inside arch/x86/mm/kaslr.c, randomizes the virtual address space of kernel memory regions. Hence, we have added the necessary changes to make those randomizations stronger, switching prandom_u32 instance to siphash. Changes since v4: * This fifth series changes only the arch/x86/mm/kaslr patch. In particular, we replaced the use of prandom_bytes_state and prandom_seed_state with siphash inside arch/x86/mm/kaslr.c. Changes since v3: * edited commit messages Changes since v2: * edited commit message. * replaced instances of get_random_u32 with get_random_u32_below in mm/slab.c, mm/slab_common.c Regards, David Keisar Schmidt (3): Replace invocation of weak PRNG in mm/slab.c Replace invocation of weak PRNG inside mm/slab_common.c Replace invocation of weak PRNG in arch/x86/mm/kaslr.c arch/x86/mm/kaslr.c | 18 +- include/uapi/linux/netfilter/xt_connmark.h | 40 +- include/uapi/linux/netfilter/xt_dscp.h | 27 +- include/uapi/linux/netfilter/xt_mark.h | 17 +- include/uapi/linux/netfilter/xt_rateest.h | 38 +- include/uapi/linux/netfilter/xt_tcpmss.h | 13 +- include/uapi/linux/netfilter_ipv4/ipt_ecn.h | 40 +- include/uapi/linux/netfilter_ipv4/ipt_ttl.h | 14 +- include/uapi/linux/netfilter_ipv6/ip6t_hl.h | 14 +- mm/slab.c | 25 +- mm/slab_common.c | 11 +- net/netfilter/xt_dscp.c | 149 ++++--- net/netfilter/xt_hl.c | 164 +++++--- net/netfilter/xt_rateest.c | 282 ++++++++----- net/netfilter/xt_tcpmss.c | 378 ++++++++++++++---- ...Z6.0+pooncelock+pooncelock+pombonce.litmus | 12 +- 16 files changed, 815 insertions(+), 427 deletions(-) -- 2.37.3