From: Jason Cooper <jason@lakedaemon.net>
To: william.c.roberts@intel.com, Yann Droneaud <ydroneaud@opteya.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Cc: linux@arm.linux.org.uk, akpm@linux-foundation.org,
keescook@chromium.org, tytso@mit.edu, arnd@arndb.de,
gregkh@linuxfoundation.org, catalin.marinas@arm.com,
will.deacon@arm.com, ralf@linux-mips.org,
benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au,
davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com,
hpa@zytor.com, x86@kernel.org, viro@zeniv.linux.org.uk,
nnk@google.com, jeffv@google.com, dcashman@android.com,
Jason Cooper <jason@lakedaemon.net>
Subject: [PATCH v2 1/7] random: Simplify API for random address requests
Date: Sat, 30 Jul 2016 15:42:38 +0000 [thread overview]
Message-ID: <20160730154244.403-2-jason@lakedaemon.net> (raw)
In-Reply-To: <20160730154244.403-1-jason@lakedaemon.net>
To date, all callers of randomize_range() have set the length to 0, and
check for a zero return value. For the current callers, the only way
to get zero returned is if end <= start. Since they are all adding a
constant to the start address, this is unnecessary.
We can remove a bunch of needless checks by simplifying the API to do
just what everyone wants, return an address between [start, start +
range).
While we're here, s/get_random_int/get_random_long/. No current call
site is adversely affected by get_random_int(), since all current range
requests are < UINT_MAX. However, we should match caller expectations
to avoid coming up short (ha!) in the future.
All current callers to randomize_range() chose to use the start address
if randomize_range() failed. Therefore, we simplify things by just
returning the start address on error.
randomize_range() will be removed once all callers have been converted
over to randomize_addr().
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
---
Changes from v1:
- Explicitly mention page_aligned start assumption (Yann Droneaud)
- pick random pages vice random addresses (Yann Droneaud)
- catch range=0 last
drivers/char/random.c | 28 ++++++++++++++++++++++++++++
include/linux/random.h | 1 +
2 files changed, 29 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 0158d3bff7e5..3bedf69546d6 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1840,6 +1840,34 @@ randomize_range(unsigned long start, unsigned long end, unsigned long len)
return PAGE_ALIGN(get_random_int() % range + start);
}
+/**
+ * randomize_addr - Generate a random, page aligned address
+ * @start: The smallest acceptable address the caller will take.
+ * @range: The size of the area, starting at @start, within which the
+ * random address must fall.
+ *
+ * If @start + @range would overflow, @range is capped.
+ *
+ * NOTE: Historical use of randomize_range, which this replaces, presumed that
+ * @start was already page aligned. This assumption still holds.
+ *
+ * Return: A page aligned address within [start, start + range). On error,
+ * @start is returned.
+ */
+unsigned long
+randomize_addr(unsigned long start, unsigned long range)
+{
+ if (start > ULONG_MAX - range)
+ range = ULONG_MAX - start;
+
+ range >>= PAGE_SHIFT;
+
+ if (range == 0)
+ return start;
+
+ return start + (get_random_long() % range << PAGE_SHIFT);
+}
+
/* Interface for in-kernel drivers of true hardware RNGs.
* Those devices may produce endless random bits and will be throttled
* when our pool is full.
diff --git a/include/linux/random.h b/include/linux/random.h
index e47e533742b5..f1ca2fa4c071 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -35,6 +35,7 @@ extern const struct file_operations random_fops, urandom_fops;
unsigned int get_random_int(void);
unsigned long get_random_long(void);
unsigned long randomize_range(unsigned long start, unsigned long end, unsigned long len);
+unsigned long randomize_addr(unsigned long start, unsigned long range);
u32 prandom_u32(void);
void prandom_bytes(void *buf, size_t nbytes);
--
2.9.2
WARNING: multiple messages have this Message-ID (diff)
From: Jason Cooper <jason@lakedaemon.net>
To: william.c.roberts@intel.com, Yann Droneaud <ydroneaud@opteya.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Cc: linux@arm.linux.org.uk, akpm@linux-foundation.org,
keescook@chromium.org, tytso@mit.edu, arnd@arndb.de,
gregkh@linuxfoundation.org, catalin.marinas@arm.com,
will.deacon@arm.com, ralf@linux-mips.org,
benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au,
davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com,
hpa@zytor.com, x86@kernel.org, viro@zeniv.linux.org.uk,
nnk@google.com, jeffv@google.com, dcashman@android.com,
Jason Cooper <jason@lakedaemon.net>
Subject: [PATCH v2 1/7] random: Simplify API for random address requests
Date: Sat, 30 Jul 2016 15:42:38 +0000 [thread overview]
Message-ID: <20160730154244.403-2-jason@lakedaemon.net> (raw)
In-Reply-To: <20160730154244.403-1-jason@lakedaemon.net>
To date, all callers of randomize_range() have set the length to 0, and
check for a zero return value. For the current callers, the only way
to get zero returned is if end <= start. Since they are all adding a
constant to the start address, this is unnecessary.
We can remove a bunch of needless checks by simplifying the API to do
just what everyone wants, return an address between [start, start +
range).
While we're here, s/get_random_int/get_random_long/. No current call
site is adversely affected by get_random_int(), since all current range
requests are < UINT_MAX. However, we should match caller expectations
to avoid coming up short (ha!) in the future.
All current callers to randomize_range() chose to use the start address
if randomize_range() failed. Therefore, we simplify things by just
returning the start address on error.
randomize_range() will be removed once all callers have been converted
over to randomize_addr().
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
---
Changes from v1:
- Explicitly mention page_aligned start assumption (Yann Droneaud)
- pick random pages vice random addresses (Yann Droneaud)
- catch range=0 last
drivers/char/random.c | 28 ++++++++++++++++++++++++++++
include/linux/random.h | 1 +
2 files changed, 29 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 0158d3bff7e5..3bedf69546d6 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1840,6 +1840,34 @@ randomize_range(unsigned long start, unsigned long end, unsigned long len)
return PAGE_ALIGN(get_random_int() % range + start);
}
+/**
+ * randomize_addr - Generate a random, page aligned address
+ * @start: The smallest acceptable address the caller will take.
+ * @range: The size of the area, starting at @start, within which the
+ * random address must fall.
+ *
+ * If @start + @range would overflow, @range is capped.
+ *
+ * NOTE: Historical use of randomize_range, which this replaces, presumed that
+ * @start was already page aligned. This assumption still holds.
+ *
+ * Return: A page aligned address within [start, start + range). On error,
+ * @start is returned.
+ */
+unsigned long
+randomize_addr(unsigned long start, unsigned long range)
+{
+ if (start > ULONG_MAX - range)
+ range = ULONG_MAX - start;
+
+ range >>= PAGE_SHIFT;
+
+ if (range == 0)
+ return start;
+
+ return start + (get_random_long() % range << PAGE_SHIFT);
+}
+
/* Interface for in-kernel drivers of true hardware RNGs.
* Those devices may produce endless random bits and will be throttled
* when our pool is full.
diff --git a/include/linux/random.h b/include/linux/random.h
index e47e533742b5..f1ca2fa4c071 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -35,6 +35,7 @@ extern const struct file_operations random_fops, urandom_fops;
unsigned int get_random_int(void);
unsigned long get_random_long(void);
unsigned long randomize_range(unsigned long start, unsigned long end, unsigned long len);
+unsigned long randomize_addr(unsigned long start, unsigned long range);
u32 prandom_u32(void);
void prandom_bytes(void *buf, size_t nbytes);
--
2.9.2
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Jason Cooper <jason@lakedaemon.net>
To: william.c.roberts@intel.com, Yann Droneaud <ydroneaud@opteya.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Cc: linux@arm.linux.org.uk, akpm@linux-foundation.org,
keescook@chromium.org, tytso@mit.edu, arnd@arndb.de,
gregkh@linuxfoundation.org, catalin.marinas@arm.com,
will.deacon@arm.com, ralf@linux-mips.org,
benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au,
davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com,
hpa@zytor.com, x86@kernel.org, viro@zeniv.linux.org.uk,
nnk@google.com, jeffv@google.com, dcashman@android.com,
Jason Cooper <jason@lakedaemon.net>
Subject: [kernel-hardening] [PATCH v2 1/7] random: Simplify API for random address requests
Date: Sat, 30 Jul 2016 15:42:38 +0000 [thread overview]
Message-ID: <20160730154244.403-2-jason@lakedaemon.net> (raw)
In-Reply-To: <20160730154244.403-1-jason@lakedaemon.net>
To date, all callers of randomize_range() have set the length to 0, and
check for a zero return value. For the current callers, the only way
to get zero returned is if end <= start. Since they are all adding a
constant to the start address, this is unnecessary.
We can remove a bunch of needless checks by simplifying the API to do
just what everyone wants, return an address between [start, start +
range).
While we're here, s/get_random_int/get_random_long/. No current call
site is adversely affected by get_random_int(), since all current range
requests are < UINT_MAX. However, we should match caller expectations
to avoid coming up short (ha!) in the future.
All current callers to randomize_range() chose to use the start address
if randomize_range() failed. Therefore, we simplify things by just
returning the start address on error.
randomize_range() will be removed once all callers have been converted
over to randomize_addr().
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
---
Changes from v1:
- Explicitly mention page_aligned start assumption (Yann Droneaud)
- pick random pages vice random addresses (Yann Droneaud)
- catch range=0 last
drivers/char/random.c | 28 ++++++++++++++++++++++++++++
include/linux/random.h | 1 +
2 files changed, 29 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 0158d3bff7e5..3bedf69546d6 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1840,6 +1840,34 @@ randomize_range(unsigned long start, unsigned long end, unsigned long len)
return PAGE_ALIGN(get_random_int() % range + start);
}
+/**
+ * randomize_addr - Generate a random, page aligned address
+ * @start: The smallest acceptable address the caller will take.
+ * @range: The size of the area, starting at @start, within which the
+ * random address must fall.
+ *
+ * If @start + @range would overflow, @range is capped.
+ *
+ * NOTE: Historical use of randomize_range, which this replaces, presumed that
+ * @start was already page aligned. This assumption still holds.
+ *
+ * Return: A page aligned address within [start, start + range). On error,
+ * @start is returned.
+ */
+unsigned long
+randomize_addr(unsigned long start, unsigned long range)
+{
+ if (start > ULONG_MAX - range)
+ range = ULONG_MAX - start;
+
+ range >>= PAGE_SHIFT;
+
+ if (range == 0)
+ return start;
+
+ return start + (get_random_long() % range << PAGE_SHIFT);
+}
+
/* Interface for in-kernel drivers of true hardware RNGs.
* Those devices may produce endless random bits and will be throttled
* when our pool is full.
diff --git a/include/linux/random.h b/include/linux/random.h
index e47e533742b5..f1ca2fa4c071 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -35,6 +35,7 @@ extern const struct file_operations random_fops, urandom_fops;
unsigned int get_random_int(void);
unsigned long get_random_long(void);
unsigned long randomize_range(unsigned long start, unsigned long end, unsigned long len);
+unsigned long randomize_addr(unsigned long start, unsigned long range);
u32 prandom_u32(void);
void prandom_bytes(void *buf, size_t nbytes);
--
2.9.2
next prev parent reply other threads:[~2016-07-30 15:43 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-28 20:47 [PATCH 0/7] char/random: Simplify random address requests Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-28 20:47 ` [PATCH 1/7] random: Simplify API for " Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-29 8:59 ` Yann Droneaud
2016-07-29 8:59 ` [kernel-hardening] " Yann Droneaud
2016-07-29 8:59 ` Yann Droneaud
2016-07-29 18:20 ` Jason Cooper
2016-07-29 18:20 ` [kernel-hardening] " Jason Cooper
2016-07-29 18:20 ` Jason Cooper
2016-07-28 20:47 ` [PATCH 2/7] x86: Use simpler " Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-28 20:47 ` [PATCH 3/7] ARM: " Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-28 20:47 ` [PATCH 4/7] arm64: " Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-29 13:48 ` Will Deacon
2016-07-29 13:48 ` [kernel-hardening] " Will Deacon
2016-07-29 13:48 ` Will Deacon
2016-07-28 20:47 ` [PATCH 5/7] tile: " Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-28 20:47 ` [PATCH 6/7] unicore32: " Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-28 20:47 ` [PATCH 7/7] random: Remove unused randomize_range() Jason Cooper
2016-07-28 20:47 ` [kernel-hardening] " Jason Cooper
2016-07-28 20:47 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 0/7] char/random: Simplify random address requests Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-30 15:42 ` Jason Cooper [this message]
2016-07-30 15:42 ` [kernel-hardening] [PATCH v2 1/7] random: Simplify API for " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-31 16:46 ` Kees Cook
2016-07-31 16:46 ` [kernel-hardening] " Kees Cook
2016-07-31 16:46 ` Kees Cook
2016-07-31 20:56 ` Jason Cooper
2016-07-31 20:56 ` [kernel-hardening] " Jason Cooper
2016-07-31 20:56 ` Jason Cooper
2016-08-01 19:47 ` Kees Cook
2016-08-01 19:47 ` [kernel-hardening] " Kees Cook
2016-08-01 19:47 ` Kees Cook
2016-08-01 23:17 ` Jason Cooper
2016-08-01 23:17 ` [kernel-hardening] " Jason Cooper
2016-08-01 23:17 ` Jason Cooper
2016-08-02 3:35 ` [kernel-hardening] " Michael Ellerman
2016-08-02 3:35 ` Michael Ellerman
2016-08-02 3:35 ` Michael Ellerman
2016-08-03 18:42 ` Jason Cooper
2016-08-03 18:42 ` Jason Cooper
2016-08-03 18:42 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 2/7] x86: Use simpler " Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 3/7] ARM: " Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 4/7] arm64: " Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 5/7] tile: " Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 6/7] unicore32: " Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-07-30 15:42 ` [PATCH v2 7/7] random: Remove unused randomize_range() Jason Cooper
2016-07-30 15:42 ` [kernel-hardening] " Jason Cooper
2016-07-30 15:42 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 0/7] char/random: Simplify random address requests Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 1/7] random: Simplify API for " Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-04 12:47 ` Yann Droneaud
2016-08-04 12:47 ` [kernel-hardening] " Yann Droneaud
2016-08-04 12:47 ` Yann Droneaud
2016-08-03 23:39 ` [PATCH v3 2/7] x86: Use simpler " Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 3/7] ARM: " Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 4/7] arm64: " Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 5/7] tile: " Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 6/7] unicore32: " Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:39 ` [PATCH v3 7/7] random: Remove unused randomize_range() Jason Cooper
2016-08-03 23:39 ` [kernel-hardening] " Jason Cooper
2016-08-03 23:39 ` Jason Cooper
2016-08-03 23:48 ` Andrew Morton
2016-08-03 23:48 ` [kernel-hardening] " Andrew Morton
2016-08-03 23:48 ` Andrew Morton
2016-08-04 0:19 ` Jason Cooper
2016-08-04 0:19 ` [kernel-hardening] " Jason Cooper
2016-08-04 0:19 ` Jason Cooper
2016-08-04 2:41 ` [PATCH v3 0/7] char/random: Simplify random address requests Kees Cook
2016-08-04 2:41 ` [kernel-hardening] " Kees Cook
2016-08-04 2:41 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160730154244.403-2-jason@lakedaemon.net \
--to=jason@lakedaemon.net \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=catalin.marinas@arm.com \
--cc=davem@davemloft.net \
--cc=dcashman@android.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jeffv@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@arm.linux.org.uk \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=nnk@google.com \
--cc=paulus@samba.org \
--cc=ralf@linux-mips.org \
--cc=tglx@linutronix.de \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
--cc=william.c.roberts@intel.com \
--cc=x86@kernel.org \
--cc=ydroneaud@opteya.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.