From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57979C77B73 for ; Sun, 16 Apr 2023 17:22:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9A4D56B0074; Sun, 16 Apr 2023 13:22:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 94C2C6B0075; Sun, 16 Apr 2023 13:22:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 814736B0078; Sun, 16 Apr 2023 13:22:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 6EDBE6B0074 for ; Sun, 16 Apr 2023 13:22:04 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 3E82E1402A5 for ; Sun, 16 Apr 2023 17:22:04 +0000 (UTC) X-FDA: 80687922168.13.0CA9D62 Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by imf16.hostedemail.com (Postfix) with ESMTP id 5AEA0180028 for ; Sun, 16 Apr 2023 17:22:02 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b="fOnB9/GC"; dmarc=pass (policy=none) header.from=huji.ac.il; spf=pass (imf16.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.128.45 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681665722; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=DDlQI/J+UFcjKa6nIRBcZjhQV/MQ60rlZb/LHoB6Dp8=; b=Mm+tVnWtFOawMMeDijd15+ImJLLiqi9JpACy1e6cJJdlUcCvO2amr24NzufGpMolRg/h6j G+1YErttSMiX5EoCWvVt5RzLyv9JK/ZhM6BV+IJZlowepKBX8TkbuNgfhqE1CIBhwemw4W VrC12rTP6XD2CTU0hHpS6Mk2nfaap2Y= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b="fOnB9/GC"; dmarc=pass (policy=none) header.from=huji.ac.il; spf=pass (imf16.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.128.45 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681665722; a=rsa-sha256; cv=none; b=Uk++y/Fu+ycADLOauaMedyESRd4Q8bMXrZlFP0idXFfrYMh4tKdb5NSzSocTWObFB78++5 fsq0tzmg1ii9dWmI6/yQZTbZkAj/1tKft2sNj3iUnAAAuNIwMGHa1fL4cDWRW3tH1etoJR JOQXh2aXSOMojzUSsC7Px9MOcP9aQQA= Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-3f09b4a1584so5938115e9.2 for ; Sun, 16 Apr 2023 10:22:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; t=1681665721; x=1684257721; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=DDlQI/J+UFcjKa6nIRBcZjhQV/MQ60rlZb/LHoB6Dp8=; b=fOnB9/GClUPxMSB+z+8X5YoIs+bYGohLSbNJO4lElgVpmh9dkh20EsjQBQP5iJ4SpB 48APshaUgpALCK1NugS+2pgwezYRielOJ9tjRFNuMQyWC2i01+VDWCUJtvApczZTtbee TVgMYt59oSZ/U1irMHRgmtymG+t6YemBdhPq0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681665721; x=1684257721; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DDlQI/J+UFcjKa6nIRBcZjhQV/MQ60rlZb/LHoB6Dp8=; b=Qu33TID9+zWGzsmq09rINs06Z9LefoL/WkN21W7dWr8tvMnIGa2cL9ZydoFZhadhDB 45uhwE6argjru8AJ8SrQzMjsYINkhusBKCNksMmCpaCEAxgrL83teUClu6PVjhoatesQ Mh77N6M8KqBWHLNRq8Qej7JJpJmZKwzYKz69+dH9XJhEaHLBBY6PiHYuaVnxfvjO0al7 hCxtufmN3E9FUEGc62kjUQE+vpXp94feqxl9rkYJuvgcYvT0BdnOSwuKfeE7m+6X47A4 CRgyAg2KCDh3VdRssZfd4pXoph75MFhv/9R+Vp12AXYNFsOF1E1n3S+70ktzxWuOtWkl OUPw== X-Gm-Message-State: AAQBX9eNX9eEHCgKEpQbBaOBry0Rzu+yueVXu4Til60pmztbFa296qHR ov/NYnbfSkmXDXC4Tvo5VLKkiw== X-Google-Smtp-Source: AKy350bIAcypE5oApgVn5rul6KQifXK4N2ExuxKCNn8gC3dsfIPPIRPvhkqxmOEJW/RiIYN4r2Wfkg== X-Received: by 2002:a5d:4610:0:b0:2f6:c5bd:ba13 with SMTP id t16-20020a5d4610000000b002f6c5bdba13mr3921614wrq.42.1681665720867; Sun, 16 Apr 2023 10:22:00 -0700 (PDT) Received: from localhost.localdomain ([94.159.161.55]) by smtp.gmail.com with ESMTPSA id g8-20020a05600c310800b003eddc6aa5fasm13355192wmo.39.2023.04.16.10.21.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Apr 2023 10:22:00 -0700 (PDT) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org Cc: Jason@zx2c4.com, linux-mm@kvack.org, akpm@linux-foundation.org, vbabka@suse.cz, 42.hyeyoo@gmail.com, mingo@redhat.com, hpa@zytor.com, keescook@chromium.org, David Keisar Schmidt , ilay.bahat1@gmail.com, aksecurity@gmail.com Subject: [PATCH v6 0/3] Replace invocations of prandom_u32() with get_random_u32() and siphash Date: Sun, 16 Apr 2023 20:21:58 +0300 Message-Id: <20230416172158.13133-1-david.keisarschm@mail.huji.ac.il> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5AEA0180028 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: wrt1ufae85boarr8u19n4cetesfjamu7 X-HE-Tag: 1681665722-167165 X-HE-Meta: U2FsdGVkX18IPc5LAN+hAVAAA73Us10bZEffNlXRPwcZBWTdITH16s0B+fb7sw+hKGLSxmffbyzYXSaaHY7w8rITULc2rJSd6A9X4P22jUv7POI+0Tzi4QBtPbLoX6CsnXPyEOdlcDLebuNk0nIqFQFPAs2iC2M5oYHUN5ufoScwIBAbppNIN//9RUHgF/VovApF+o+vvAKV1Rn5UdX2LxQ0263Ijt/7C59AD51HSsgMFeTDMZmpha1Y6rWxdjyzeWklViqDM5wumr/XNZlA13i08sHK7QRxsgFvNS1Sjq9mfggfuLkq883RQGbB6q5a3zArCEr025ah46+jfkZkHTZXTc4F/FIvC6mR7hHItQn+K6mVnigJYbxEDM/nPIVpfI89CzDn7xoNIqPc0S+R/1qci6wunCvARVgdKpiyqu0NybNL2bL7Nu2r4AkYoVGfr4bnG0URl/IwNoLKyxAevRSYR+nHkrXfhuYZMh/15al+q60g20uMJu7gNBvUcZIuMS9xj0G9+n2xby7xu7dMEg7vrHDHECj0nxuTe3U8q29GZQBJuYnrDdXQt+5c981jvq1R7JF0My1odnwNt+OLZufUah6RAabq3R8rC7wEAJz6vTzMTBYE4rs6TCCx7shb1JXudrmer9PTto+X6JBnbiWwlK5uYy3dIxnVyn9Slro+Zr60JHn1eZPryxhVsPonOJ2G9zqZbit6rt9wtCylAYKxP3dqmUIiqbrs745LGeBIN9O4RF+K0jXt19zKtyPt7JXV3k5Hh91ZY9JPu/YPK9TG8/PMl/Z3RIFt3ndH48FWVSSPWx27tzOEQcKBfDjZ2l/C85CtQ+69SdFdHbrYh+ahOfj1wVk8oXhlLdMZ9dthnPyzL5+vWRHl1pOeVnqo965uC8fHxkSVvO/N45aweJ27o7TfShsfXtps3NZkh5A7LsbwoNDVQ/IlWf48sU3fEGht4GZ5wptDR/EdLQ0 +ziEEMvC ZmOMxXw2KvAeCQoNk4By3uUPCnXWsgRTyP3OM8vj4VUNyziMZ+HMH0wfrdQQZ1EDKNd3qthNnFdOHfXC5JFGsc7c295S3wN52ojdLLloL3+96JRLZeV7MNlw1fgVM8traYY8xyC1zcm46OV5P0u1dCT9DbyUuNzylFfpRtSozCkJFbRTrQkF7hkGUEm3kkMREYOA9KbfO2QY/sxTANJpqok1PgSmYEQUAGi8a1BtHoWZAjpMOkvuhew7YH66HAPz58O3BLHwf+Pwvs4ezNvdiKuSncw1ukJYd32RiBoPTNGabqMLp1J9sV3fM+OAzY8iIuZ8pMJKlomSwZkSKXfLuUuNXZxuGEbVqnEzawqtWY21pPq1XzAbkkriI9FyvJkREFxUQ3HpNF8alJolABIqMUlTZAJKomGZMqh1Y5CCLUDOwJY2/CNG203+WAYv7/mGUNqjk9rlzK6Os8qdJaBygbUA+CRRruF/7en9++ZH76M0OxC/cpD1vQma0pw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: David Keisar Schmidt Hi, The security improvements for prandom_u32 done in commits c51f8f88d705 from October 2020 and d4150779e60f from May 2022 didn't handle the cases when prandom_bytes_state() and prandom_u32_state() are used. Specifically, this weak randomization takes place in three cases: 1. mm/slab.c 2. mm/slab_common.c 3. arch/x86/mm/kaslr.c The first two invocations (mm/slab.c, mm/slab_common.c) are used to create randomization in the slab allocator freelists. This is done to make sure attackers can’t obtain information on the heap state. The last invocation, inside arch/x86/mm/kaslr.c, randomizes the virtual address space of kernel memory regions. Hence, we have added the necessary changes to make those randomizations stronger, switching prandom_u32 instance to siphash. Changes since v5: * Fixed coding style issues in mm/slab and mm/slab_common. * Deleted irrelevant changes which were appended accidentally in arch/x86/mm/kaslr. Changes since v4: * Changed only the arch/x86/mm/kaslr patch. In particular, we replaced the use of prandom_bytes_state and prandom_seed_state with siphash inside arch/x86/mm/kaslr.c. Changes since v3: * edited commit messages Changes since v2: * edited commit message. * replaced instances of get_random_u32 with get_random_u32_below in mm/slab.c, mm/slab_common.c Regards, David Keisar Schmidt (3): mm/slab: Replace invocation of weak PRNG mm/slab_common: Replace invocation of weak PRNG arch/x86/mm/kaslr: use siphash instead of prandom_bytes_state arch/x86/mm/kaslr.c | 21 +++++++++++++++------ mm/slab.c | 29 +++++++++-------------------- mm/slab_common.c | 11 +++-------- 3 files changed, 27 insertions(+), 34 deletions(-) -- 2.37.3