From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3839C77B73 for ; Sun, 16 Apr 2023 17:23:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 79FB46B0075; Sun, 16 Apr 2023 13:23:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 750386B0078; Sun, 16 Apr 2023 13:23:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 617E56B007B; Sun, 16 Apr 2023 13:23:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 53AFA6B0075 for ; Sun, 16 Apr 2023 13:23:02 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 1A4154026C for ; Sun, 16 Apr 2023 17:23:02 +0000 (UTC) X-FDA: 80687924604.06.D3D42CB Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by imf14.hostedemail.com (Postfix) with ESMTP id 483CF100003 for ; Sun, 16 Apr 2023 17:23:00 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b=HMNxx0bK; dmarc=pass (policy=none) header.from=huji.ac.il; spf=pass (imf14.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.221.50 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681665780; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=U0BT2ZCpYUPI7E6k1EPzMhD2H/202NbXqQPGTFxDDWw=; b=1/thTNAxcY2NLJpFhoRmln6P5SswnzkrbwTDWhegTZYoRB67ues55zjccowm1+50HfB90U EEhPGBtEUEb3ahHmiSqLyNvPH25vTMNrbN4/gmyyL7a6Asc7P1BOCDAV7LiX/bJtceW36q ee6RVZ9b2/gNSlZvyYbKGku7vOgbACc= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b=HMNxx0bK; dmarc=pass (policy=none) header.from=huji.ac.il; spf=pass (imf14.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.221.50 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681665780; a=rsa-sha256; cv=none; b=pdc05BZ8QIlyFSVQGRTaWlRMWBM+gtTnCd6weeTUawTHFVKgVYKv6vxO9cj/ptKpPMseLa Ar9iiVm1K4JALk0x3/KF/3JE1D5HGYd6q378qIzRL/pFzU01eKw/hDp5/cGJD+MqMRG4kv UAKpk4ncTN4nL2c/r/B5ZAWJig2uFcY= Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-2f62b1385e3so520083f8f.2 for ; Sun, 16 Apr 2023 10:22:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; t=1681665779; x=1684257779; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=U0BT2ZCpYUPI7E6k1EPzMhD2H/202NbXqQPGTFxDDWw=; b=HMNxx0bK8hE31ibxZod45AEUjfKqhx9YDLC48pJhkMHdpeNrV8gsXpCH4t3VdWc7f7 NO+QQSFXNSxZYmUT8a3dwyG4YUOQSLXm9uVMqIE99zUNgvEpcSfTN40xLJEfYEgMTZ+E LnuWAhr7jTuYFMEuaC/1J5u7m7UMk4YTGUWnU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681665779; x=1684257779; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=U0BT2ZCpYUPI7E6k1EPzMhD2H/202NbXqQPGTFxDDWw=; b=j+GL1lFdbRTuCG5Itg/aEGV2+BCKkGOy5TAYYrhlB8YCf31i5rMr99/9ziDc+WwHgc zp83SXyKMwC2DFEaZkGydqp7fBpQ0qBhXrpFFa3jIpBfA0+HcgcTK/XFrtlw4K4AvGuC MSkQu8UsFcEYCFczgmR1Hh6ZYc7dzaOpQqQ7ODW65QCO9C3kp+XXKMRXw+WDKOPim/XB RvcKizUBPdpF/zYy+Zl5wAdFTJf3y2FloAOd11l8fVncuOqBC5OL7IkVxYuyIUvoR/Gu eLxWa6CYlLH3q27EijoARuaZ5ORK+8XktBAYAiPROK15oSWXVAtdCbLDeVfXltszGgxL YybA== X-Gm-Message-State: AAQBX9c18lP1AND15QrojaSg9n50ze3zoS8D0z0WDyXDcNVgipf0I+2/ SjkJpfhhZoBwAvchEok7vGnZHg== X-Google-Smtp-Source: AKy350bPNKCeKNVOGxJ1Fcmr0RUi9jCk9TaIvQPpHxxXIsnAjpcnqa58E03BbCwO8sNPm8TqqU2oFA== X-Received: by 2002:a05:6000:1047:b0:2d1:9c50:5746 with SMTP id c7-20020a056000104700b002d19c505746mr3878699wrx.12.1681665778922; Sun, 16 Apr 2023 10:22:58 -0700 (PDT) Received: from localhost.localdomain ([94.159.161.55]) by smtp.gmail.com with ESMTPSA id f16-20020a05600c155000b003f0a1c18128sm10695660wmg.29.2023.04.16.10.22.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Apr 2023 10:22:58 -0700 (PDT) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org, Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Jason@zx2c4.com, linux-mm@kvack.org, David Keisar Schmidt , ilay.bahat1@gmail.com, aksecurity@gmail.com Subject: [PATCH v6 2/3] mm/slab_common: Replace invocation of weak PRNG Date: Sun, 16 Apr 2023 20:22:55 +0300 Message-Id: <20230416172256.13220-1-david.keisarschm@mail.huji.ac.il> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 483CF100003 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: 4xb9zdtnw7pjexxrwouzd5myehowtxng X-HE-Tag: 1681665780-437161 X-HE-Meta: U2FsdGVkX1831wicbrotfEKyGYhGVZxAswXaxrrzUC68x80OZESM1G2wl2jSUHHm0fiToO7sXyOhyiQrDZImDS/tiIByDtE2HuBEye8iV3RVM50cy2/8AWBMkU7W0Pd5FtENegISFqAmbU4icfTkxaL7+7kc2FS4Oof9Dp5rZwpsE8P9ZT3R9Gsp3HVMYBPw/aZAIjBY7D2ac0wdzdsQ/e5HVTPCnFu2GhsTIV0Q/VY/JSmNYdV4WtbzDFqaYn6WYq0l/kk2OS/lKd/aYBLJaT7EgcA/rxzK1ri1RwK9sL7zYC8FFyeLyu9ej53Zn+Ue9FKENeQetHaPte0VgNael4+dnazgLQEdf/ies0lCusNvzARlD6bA3nMaAnw9EYtXpPTr1ndYFSBOw9pIhnLotB9oxHtsx9qlZQA9z+jyt54O0ATSH3ZjggfheSepmu/ELaVTVjyc8uq3zUrBlylTD5gEKC5MRwWM9BNCEOH7IOUTVWTSy6M4oYxudO83xUlnbI5KTkGw+k+i6JbLbBGx7p48tXMHY8DOE6bhHNxccKBb7mH7pv1MsvDisYQ7rlmf/A8ME8xpoQC2bo8s2Gea/Wj6wlU3VTinyZoeT62iwcp3bOURPL8/aNAP/mUjc92824yViB0QvHd3qSEdhmjSjN0UKtONxGeTHmun3kvd+UsyoOAhp2Ky92r2BTquuWWY9YV/VtmWtDZXyfvJnMyGKzY0zZ9v2izDVkoo9zHgPRy1dMR8l2iSRxsCYjf9SeulD5pS59IhKqlXed8gG8R7qtvT5Itvlblh8e3Bcr3q2mhcavVWJVoEEKYuHR9lZTJZFqCH7USLaskIerdWei/5HjpT/6oW4mQ95cNQf5YDN2QgiWDGyag7B782sNFWFqKgmUu5c/7Xyv4opMH5vWlexxLQglV6VI45RGoZZ+8aE6fPB5nlcgw4JNng67nE7ZMBuYqLWXUR4DtCRto4ODd K5MZCpkS a0mZTnpFNdqEApp6Uirxm9uzXgbYlqjmOX8Dbm0mQmud+d08m5r18/NQKYqbgrEu7C8bkoaYVWbAJcw0L2l/IcANm7bmYbmt8txf7KMgumzVpuPxZMdkbnAb5ngYTm9VAvxMp5WmxAKa2kHbHbPwCFdH+peNGRhwrEu/hXVRLwukzBT6aHYq8C0v+BdJIZJX0r1CbnWuxaTvrAqM5wdcf3bm20IhkVKpU7/p2d4uGWvoBZiOrVnoo5BldE0VIy9Sj9NvSRRG+xq3/7vqCOewZTLOjiiijep1SezoS05uL4TW4NoP3Az2RLEzB91haPb6cZ3OMp4YQrLxyRAZAYjUeBrdtfj2Da5Iqj3NPS1/ENyw8KORM6zxIPHTD25BoYTKeH8N7Z+ie8KjRWivhu6ljBYZ+sX9xMVkR7CYz77B2p5271iou+gjlQ0Hen5DiXMFj8VPic6msQ6yOtoLI9+qXJCJ1byoHzxvz6D6C5ll8xL/FGII= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: David Keisar Schmidt The Slab allocator randomization inside slab_common.c uses the prandom_u32 PRNG. That was added to prevent attackers to obtain information on the heap state. However, this PRNG turned out to be weak, as noted in commit c51f8f88d705 To fix it, we have changed the invocation of prandom_u32_state to get_random_u32 to ensure the PRNG is strong. Since a modulo operation is applied right after that, in the Fisher-Yates shuffle, we used get_random_u32_below, to achieve uniformity. Signed-off-by: David Keisar Schmidt --- Changes since v5: * fixed coding style issues. Changes since v3: * edited commit message. Changes since v2: * replaced instances of get_random_u32 with get_random_u32_below in mm/slab_common.c. mm/slab_common.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/mm/slab_common.c b/mm/slab_common.c index bf4e777cf..25ca39f97 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1146,7 +1146,7 @@ EXPORT_SYMBOL(kmalloc_large_node); #ifdef CONFIG_SLAB_FREELIST_RANDOM /* Randomize a generic freelist */ -static void freelist_randomize(struct rnd_state *state, unsigned int *list, +static void freelist_randomize(unsigned int *list, unsigned int count) { unsigned int rand; @@ -1157,8 +1157,7 @@ static void freelist_randomize(struct rnd_state *state, unsigned int *list, /* Fisher-Yates shuffle */ for (i = count - 1; i > 0; i--) { - rand = prandom_u32_state(state); - rand %= (i + 1); + rand = get_random_u32_below(i + 1); swap(list[i], list[rand]); } } @@ -1167,7 +1166,6 @@ static void freelist_randomize(struct rnd_state *state, unsigned int *list, int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, gfp_t gfp) { - struct rnd_state state; if (count < 2 || cachep->random_seq) return 0; @@ -1176,10 +1174,7 @@ int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, if (!cachep->random_seq) return -ENOMEM; - /* Get best entropy at this stage of boot */ - prandom_seed_state(&state, get_random_long()); - - freelist_randomize(&state, cachep->random_seq, count); + freelist_randomize(cachep->random_seq, count); return 0; } -- 2.37.3