From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2519FC77B73 for ; Sat, 15 Apr 2023 17:35:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4601F6B0072; Sat, 15 Apr 2023 13:35:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 40FF96B0075; Sat, 15 Apr 2023 13:35:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D77A6B0078; Sat, 15 Apr 2023 13:35:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1EAE76B0072 for ; Sat, 15 Apr 2023 13:35:58 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id E2107AB3B3 for ; Sat, 15 Apr 2023 17:35:57 +0000 (UTC) X-FDA: 80684328354.17.F77852A Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by imf08.hostedemail.com (Postfix) with ESMTP id 4B314160016 for ; Sat, 15 Apr 2023 17:35:55 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b=BZSqQJv3; dmarc=pass (policy=none) header.from=huji.ac.il; spf=pass (imf08.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.221.46 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681580156; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=8YLwTQZZnbXOgemqdrps8fA9Gldg2HuKE0/7cxnQpFQ=; b=QOfEKPe3BnR/DLdtv6WSf1jQGmImES+pvysznJXK/qjn8IZBB5WF7GeezGFnJV6F3ZkyUM XTgcNIzj5HF0CbuQETI/GfguQ9+wYacHX91oB5VTrBp83bmkvhJJOpGus+dDjEROKEmqY1 TIqdo9oamAroUR1dJVqnmVQ8b+ChvMo= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=mail.huji.ac.il header.s=mailhuji header.b=BZSqQJv3; dmarc=pass (policy=none) header.from=huji.ac.il; spf=pass (imf08.hostedemail.com: domain of david.keisarschm@mail.huji.ac.il designates 209.85.221.46 as permitted sender) smtp.mailfrom=david.keisarschm@mail.huji.ac.il ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681580156; a=rsa-sha256; cv=none; b=FFSCUAokcmTX2b5hnmXo3y3UCTMYNJvNpZMMJe+GbqQmQqTr23ttVCzUwd66HpyEEt7fqx y835vRIJ1YyZnt6lQUHUItreM3Xo35h0384Ak3mH/bLCxeUYYZt3a3ECXIW6Dz/qB82/hG QuNOZ/Zbyf+Z8kywEV3RUiGYN86gR6Y= Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-2f4214b430aso280035f8f.0 for ; Sat, 15 Apr 2023 10:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; t=1681580153; x=1684172153; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8YLwTQZZnbXOgemqdrps8fA9Gldg2HuKE0/7cxnQpFQ=; b=BZSqQJv3XnqFbncHNAUnIbrnEZTazUXyXqnQBodiqdv6Sc8AvKh0+EypVUwcQa8/HB zmKaE6zO5hijvjrc6LQZdaaUAIdLp0EGebp6fbEOCMlkqQYfVD/NuZxAlKoUNeOKeSee fvuRkiWClqmEPh8+uXZtR5D6Jkj5O2nIAuum0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681580153; x=1684172153; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8YLwTQZZnbXOgemqdrps8fA9Gldg2HuKE0/7cxnQpFQ=; b=XvS/5bUoQYpTNyj27BNPcd9LVrTpgSBp7qFQS/hGLmshmiFqu4lZ7+7xjMS/l+e90w 1C2ep8f8DgVsrm4U/rVLJEmSaA9Ffyf/+I7n9iL/I2q9NyIDIszbRp08M+7C30s5T2CK jT0X1CapPuTHj5nLSYKNXlnwq3A/JYphzoNlc01U9i558SGAj9waDleqRlgmR2JK5HBv wEq4g5iGC8iR4L68RwCYfDgqp5BT2HoAicGzGY13MC/nn4GdTZYlbRvDIBwyRfdTwKho rFB62LW+gQQaEWH56NF4oljlCeyJVALqJHiMtQgn9jML4PSThnAnY9uRHLeZAvedi7cb J/RA== X-Gm-Message-State: AAQBX9cy5jYH9aM/rCMiNCbg2TvPf+v24/GLwyikeyOD9JdDorKzE1CA xKR6Iy9Z0r8kDJ2syZaO119ptw== X-Google-Smtp-Source: AKy350YbXzxUdBpmSye2FEZzRGDHVLP+Xq2ULJ4U8fGtYPvpRQYHtI710wIppnaJCfw5+p6ySvF/uA== X-Received: by 2002:a5d:4c45:0:b0:2f9:4fe9:74df with SMTP id n5-20020a5d4c45000000b002f94fe974dfmr288262wrt.17.1681580153223; Sat, 15 Apr 2023 10:35:53 -0700 (PDT) Received: from localhost.localdomain ([94.159.161.55]) by smtp.gmail.com with ESMTPSA id m4-20020a5d6a04000000b002f0442a2d3asm6174805wru.48.2023.04.15.10.35.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Apr 2023 10:35:52 -0700 (PDT) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org Cc: Jason@zx2c4.com, linux-mm@kvack.org, akpm@linux-foundation.org, vbabka@suse.cz, 42.hyeyoo@gmail.com, mingo@redhat.com, hpa@zytor.com, keescook@chromium.org, David Keisar Schmidt , ilay.bahat1@gmail.com, aksecurity@gmail.com Subject: [PATCH v5 0/3] Replace invocations of prandom_u32() with get_random_u32() Date: Sat, 15 Apr 2023 20:35:49 +0300 Message-Id: <20230415173549.5345-1-david.keisarschm@mail.huji.ac.il> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 4B314160016 X-Stat-Signature: sei47cazxw7ocnq6g34eanjuhmbqt69p X-HE-Tag: 1681580155-12653 X-HE-Meta: U2FsdGVkX18tUaxLTcpuxGtWKt11OmtHUE3H6aAg4RwV98CjXmlQQirTSeDVDXyffwHMeODC/6mRudWDNgv5FImg1YP76m2MJTeagFBqZyKsMnUK08F2jAyU2aE4Xy/EOrdpZdrVbzWbRVfR5Et6WA6VI1eSfjRGECnXWTyQCqbH0Q9RcF6w4B+tMDCMY1OoB9fk5J6Hz+Cg9KUMFjL9+yKksUtwktAYjIKyKguxWdt7lqCero8VMfnyW3WXRObBYyNmHk+dLcCwBrio6J5n1eAhLQBt4JuR8Mwizko7EymS6aQxiSEzZ+fY28TZCw9j4Xkgdi+MZPky63x3tfb/iQWdSCY1DwDTndGfU0mI8TB/SuOTwfgb1XIbforMCw05jvWGs62/25lBAqr3GTAReClQyMQDU2eybw/ySM7M8L9tMoeJ6hYkjlIpQ6qGVOk+gqYFuzo7WbReqciID7MVb5xvKcu/a1ecSV1mg00mpO6TZ3Zyn9xCKV1LUnhA4RyIV+TF9M5mXI+vK9kRWoTUm4bKUaWtZNiwChTwwTPPIRkfQ4tk7icxrSAFMWWNcHxcCgt+2vOrhH8yPYGSBlv1VXZwl3+aDBrkOd9KCNIVnYbS0/FYvKHJfpLxMRoo6fuaQbO3u9jvjjbRf92/b3RB5ALA3D5FX05Fh6Mj4bNyhvT1aM05gjoej92SmTsWBfd8m7YOC+95T8D7UO1Lx/ECQp+AMrz7lR6eF5mW+KMv4DtIA0YJXQf2EaxZ3lr2W01OJuHXVH6J20rPoXShlkyMMQn4np+8/kSB/BgxD8scUgktsd2pVRG1o+AvtEacN4IYH9RJnihZgwvZuCvyYPyNLRHHIByNf7g29DxUqgK8+3O4DdwbCgZfi/PcodQ1CYJOq5ujpWPZcuEqBuhVfN2g78urQycUgkTVgY8q/GhMBi9c9JOXARGp8pTJq/CAaJAE76zsqJFGVcLps2fUkCJ RrIzT7Kx 96bB8LoY+gtdxoYwC1U+uxNK/ONXf5bwBhWMJLMsW7q2BHOPgmN1bHiec1wN8N/CEJn1YhwMKjcfMXO/fkUX9k359/w6oNhiMJwKBxwPjttIEkE71kZaPNmKXQpxo/Dn17viHVxvfuHZxG5ebnvC+GeaPuYIv5A/IBIDGTb6tBt4Xo2vXi7YAQaQ9RGAD7jFM9OM5sp+dv5JaJsyVwVZZXw7bHyzC/VuQ6zVCRJlI6DvbZaYujHEElM7dpTQIqildXCL3Vu6gtOrKn7p9+7blZKLHdXRXGuJebZWQO9J7LQPv/Tplz7Kvj/tp+VD8atcdwYkgy+NanzgIlyZwD+1YC2TKYW2Frvw5PK5tyySS67RUM1vH0DnncdvEn927PLHmymLZ0+JZE0xy78Q0rpGKYpQsg9x8enhlilVOar1mkqhdt+3uBZctzj01RheCd0QPBYefQ75dLNkitw9KYEtsNzr1gBQkEjrAepER+x20M9IY8hEoxHQ5V0DlSg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: David Keisar Schmidt Hi, The security improvements for prandom_u32 done in commits c51f8f88d705 from October 2020 and d4150779e60f from May 2022 didn't handle the cases when prandom_bytes_state() and prandom_u32_state() are used. Specifically, this weak randomization takes place in three cases: 1. mm/slab.c 2. mm/slab_common.c 3. arch/x86/mm/kaslr.c The first two invocations (mm/slab.c, mm/slab_common.c) are used to create randomization in the slab allocator freelists. This is done to make sure attackers can’t obtain information on the heap state. The last invocation, inside arch/x86/mm/kaslr.c, randomizes the virtual address space of kernel memory regions. Hence, we have added the necessary changes to make those randomizations stronger, switching prandom_u32 instance to siphash. Changes since v4: * This fifth series changes only the arch/x86/mm/kaslr patch. In particular, we replaced the use of prandom_bytes_state and prandom_seed_state with siphash inside arch/x86/mm/kaslr.c. Changes since v3: * edited commit messages Changes since v2: * edited commit message. * replaced instances of get_random_u32 with get_random_u32_below in mm/slab.c, mm/slab_common.c Regards, David Keisar Schmidt (3): Replace invocation of weak PRNG in mm/slab.c Replace invocation of weak PRNG inside mm/slab_common.c Replace invocation of weak PRNG in arch/x86/mm/kaslr.c arch/x86/mm/kaslr.c | 18 +- include/uapi/linux/netfilter/xt_connmark.h | 40 +- include/uapi/linux/netfilter/xt_dscp.h | 27 +- include/uapi/linux/netfilter/xt_mark.h | 17 +- include/uapi/linux/netfilter/xt_rateest.h | 38 +- include/uapi/linux/netfilter/xt_tcpmss.h | 13 +- include/uapi/linux/netfilter_ipv4/ipt_ecn.h | 40 +- include/uapi/linux/netfilter_ipv4/ipt_ttl.h | 14 +- include/uapi/linux/netfilter_ipv6/ip6t_hl.h | 14 +- mm/slab.c | 25 +- mm/slab_common.c | 11 +- net/netfilter/xt_dscp.c | 149 ++++--- net/netfilter/xt_hl.c | 164 +++++--- net/netfilter/xt_rateest.c | 282 ++++++++----- net/netfilter/xt_tcpmss.c | 378 ++++++++++++++---- ...Z6.0+pooncelock+pooncelock+pombonce.litmus | 12 +- 16 files changed, 815 insertions(+), 427 deletions(-) -- 2.37.3