From nobody Thu Sep 18 01:08:41 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A966CC4332F for ; Tue, 13 Dec 2022 10:35:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234858AbiLMKfP (ORCPT ); Tue, 13 Dec 2022 05:35:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234568AbiLMKfH (ORCPT ); Tue, 13 Dec 2022 05:35:07 -0500 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 789BA9FD2 for ; Tue, 13 Dec 2022 02:35:06 -0800 (PST) Received: by mail-wr1-x432.google.com with SMTP id bx10so15153181wrb.0 for ; Tue, 13 Dec 2022 02:35:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kGg6vKEauhotkhfwwbX9Xfm94/pFIlBLO+fx3udphtY=; b=JhWIj6CxmlQiKSRetwUPFg+xHtVNbxntjGh3uTjAz9yNDyP+tLWyhXZW2Nmg5ffzK/ /3wlEjsUA4TFVsykrLXpBJFwKvYMcCNJM6G7/aESArLp3YWR+nKfuD2NfqWaYcisVSMB F3oaPgX4+0ZctJF/+4DTS3VrUMujWoO+NqLM4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kGg6vKEauhotkhfwwbX9Xfm94/pFIlBLO+fx3udphtY=; b=4Cx/J7uN/4Kf8Q1AL0wilhN+r96kfuq4u1f2Yaka/24iGwMvqmvhiQUaSmM3gvDGHo HGV6zXD5eJ2wQkIaMX795pBPO0Q4lfT6TEne9ntvSsbKSQ+2V//B/ZjSaWzJckjeZ8jU UZdoIffJ9KnRIyjquAnRK4YpBQDD1YlTvt6uppZvIFNWgjGTULsibq8hAvOhgVdI+2nc u/ve8r5M8dZ+ksX2hG7uy0iq62sXhN/zwo6b+VaSu2ERUI9RT4m6B+ytT2+fZbUn9xiu UsdxC2wcCfUUN063wVnzZeQRBQPI0rjbrYqzt9xuEjlg2JYD9VZ6eAOcMunWGISVRIlJ 9s7g== X-Gm-Message-State: ANoB5plChubYRvJ+o9DlPUbBK6rztlNXGfoNSxz8UhNA9BhlFUhK2qPV KtvtntSX8OFkMYVvpoeKozFqRo2VYHHRaLQ+k296+ycxHXa1jU3ey1tzMD4+BRKy6nMHGOC1m8w 2+PEYknNBq8ArKKv6zzBsCZQ0JcX6A2tiiFNM6H+OTHuosmrLU51fnV4kSQkfE65aC21ZukCoP3 8kg8wjryzUgPJllp/fNsxw5Ww= X-Google-Smtp-Source: AA0mqf6m4tyjpmFogihcw4BU5HrvCx3i3vS1FDPgEZ2EFD4dhkuQ9Dn3Q0dBoHeYB1wYTVXTHeIsMQ== X-Received: by 2002:adf:aa81:0:b0:242:242b:67a7 with SMTP id h1-20020adfaa81000000b00242242b67a7mr11137471wrc.70.1670927704814; Tue, 13 Dec 2022 02:35:04 -0800 (PST) Received: from MacBook-Pro-6.lan ([2a0d:6fc2:218c:1a00:a0bd:cef2:7a82:b529]) by smtp.gmail.com with ESMTPSA id v15-20020a5d6b0f000000b002366553eca7sm11295813wrw.83.2022.12.13.02.35.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 02:35:04 -0800 (PST) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org, Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: David , aksecurity@gmail.com, ilay.bahat1@gmail.com, linux-mm@kvack.org Subject: [PATCH v2 1/3] Replace invocation of weak PRNG in mm/slab.c Date: Tue, 13 Dec 2022 12:34:57 +0200 Message-Id: <4925f0fe15e9cda5f9d90d75c6e15acdc413ef9e.1670890407.git.david.keisarschm@mail.huji.ac.il> X-Mailer: git-send-email 2.38.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: David We changed the invocation of prandom_u32_state to get_random_u32. We also changed the freelist_init_state to struct instead of a union, since the rnd_state is not needed anymore - get_random_u32 maintains its own state. This change it important since it is make the slab allocator randomization stronger. Signed-off-by: David --- mm/slab.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/mm/slab.c b/mm/slab.c index 92d6b1d48..1476104f4 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -2360,20 +2360,17 @@ static void cache_init_objs_debug(struct kmem_cache= *cachep, struct slab *slab) =20 #ifdef CONFIG_SLAB_FREELIST_RANDOM /* Hold information during a freelist initialization */ -union freelist_init_state { - struct { - unsigned int pos; - unsigned int *list; - unsigned int count; - }; - struct rnd_state rnd_state; +struct freelist_init_state { + unsigned int pos; + unsigned int *list; + unsigned int count; }; =20 /* * Initialize the state based on the randomization method available. * return true if the pre-computed list is available, false otherwise. */ -static bool freelist_state_initialize(union freelist_init_state *state, +static bool freelist_state_initialize(struct freelist_init_state *state, struct kmem_cache *cachep, unsigned int count) { @@ -2385,7 +2382,6 @@ static bool freelist_state_initialize(union freelist_= init_state *state, =20 /* Use a random state if the pre-computed list is not available */ if (!cachep->random_seq) { - prandom_seed_state(&state->rnd_state, rand); ret =3D false; } else { state->list =3D cachep->random_seq; @@ -2397,7 +2393,7 @@ static bool freelist_state_initialize(union freelist_= init_state *state, } =20 /* Get the next entry on the list and randomize it using a random shift */ -static freelist_idx_t next_random_slot(union freelist_init_state *state) +static freelist_idx_t next_random_slot(struct freelist_init_state *state) { if (state->pos >=3D state->count) state->pos =3D 0; @@ -2418,7 +2414,7 @@ static void swap_free_obj(struct slab *slab, unsigned= int a, unsigned int b) static bool shuffle_freelist(struct kmem_cache *cachep, struct slab *slab) { unsigned int objfreelist =3D 0, i, rand, count =3D cachep->num; - union freelist_init_state state; + struct freelist_init_state state; bool precomputed; =20 if (count < 2) @@ -2447,7 +2443,7 @@ static bool shuffle_freelist(struct kmem_cache *cache= p, struct slab *slab) =20 /* Fisher-Yates shuffle */ for (i =3D count - 1; i > 0; i--) { - rand =3D prandom_u32_state(&state.rnd_state); + rand =3D get_random_u32(); rand %=3D (i + 1); swap_free_obj(slab, i, rand); } --=20 2.38.0 From nobody Thu Sep 18 01:08:41 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94D56C4332F for ; Tue, 13 Dec 2022 10:35:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229689AbiLMKfV (ORCPT ); Tue, 13 Dec 2022 05:35:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235030AbiLMKfK (ORCPT ); Tue, 13 Dec 2022 05:35:10 -0500 Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F0662AE3 for ; Tue, 13 Dec 2022 02:35:08 -0800 (PST) Received: by mail-wr1-x434.google.com with SMTP id i7so497953wrv.8 for ; Tue, 13 Dec 2022 02:35:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bcm81snaAvsLgdPsKbqh9RbYafXEgWwHDgXsAc2f2dA=; b=jhlNuQYySQvQvL6Uv1lSZ1IMINg0FK79EDN0CV5OUD+BLwZapAItJRultyEITusAjH dY5WpCO+yByRUG/aNyv6HazOkqMJxVeOAbq6IMZI3bgSI5UEIetWJVfvHBZo3uSVc757 sajsfcwtGfJObeL7woSMY69Ge4dEJDzzbT8EA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bcm81snaAvsLgdPsKbqh9RbYafXEgWwHDgXsAc2f2dA=; b=Mwjpavuw9C9RGdg/gTLabTcpuAXPPN/7thPP5oDpa/VG8oDKZJ0qIx4RnMYAEIlKpr WpA1QRW84tV3UzmqSzdb04iBxE+c4ZZtqwePIvmUe7js+4HY3PqaP8NTJgg30R1nt6+h U40UeOqDrIewTRkcwNsiblEnBmym5Y6GclsatvtmyyIZydrh7TGcl7PCa8333xmo2Lf1 oW6ay3Ujsfae/ED4p/EG5h2EmoCvy3j0KyFsoQaNzF6romzrB4anUUPyXUCY/7B4PfOa dQDo15dq+fBdQeE+Z6dOS5/9NRL1SCrY9VlEibsMzcXCINZYx8etuKJbIh5S/30KIax+ 5dTg== X-Gm-Message-State: ANoB5pkuKh4Otxgd41RBnsqZs3Cptr12qFgLO+ggG3yUz+8qzk8r+MGD 0YNi27aoHeGAvRWGP6kuBAnjBKYAAwM7D/yeIOu1CC/AQ0Y21APxYBnR8fxOvzemY8v/gNFapSF X6oudfsl/VVj3lilYa4503G98adyc6jhQtYg12gY2m0kOfSr9IctyYnRyXXn9+AbDuvAagW6Des Aat31Vx/rfz7tImA0slOnidIY= X-Google-Smtp-Source: AA0mqf7XC1U0EGA3KEebTysApwcRsMqQYYuE8Pmznid50KwZQJWfwQ27ESlhE+0f4xjfKtcIeeIEwQ== X-Received: by 2002:a5d:4888:0:b0:232:be5c:ec7e with SMTP id g8-20020a5d4888000000b00232be5cec7emr12347268wrq.58.1670927706896; Tue, 13 Dec 2022 02:35:06 -0800 (PST) Received: from MacBook-Pro-6.lan ([2a0d:6fc2:218c:1a00:a0bd:cef2:7a82:b529]) by smtp.gmail.com with ESMTPSA id v15-20020a5d6b0f000000b002366553eca7sm11295813wrw.83.2022.12.13.02.35.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 02:35:06 -0800 (PST) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org, Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: David , aksecurity@gmail.com, ilay.bahat1@gmail.com, linux-mm@kvack.org Subject: [PATCH v2 2/3] Replace invocation of weak PRNG inside mm/slab_common.c Date: Tue, 13 Dec 2022 12:34:58 +0200 Message-Id: X-Mailer: git-send-email 2.38.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: David We changed the invocation of prandom_u32_state to get_random_u32. We also omitted the initial seeding for the state, since get_random_u32 maintains its own, so there is no need to keep storing the state of prandom_u32_state here. Signed-off-by: David --- mm/slab_common.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/mm/slab_common.c b/mm/slab_common.c index b79755716..6ac68b9a6 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1130,7 +1130,7 @@ EXPORT_SYMBOL(kmalloc_large_node); =20 #ifdef CONFIG_SLAB_FREELIST_RANDOM /* Randomize a generic freelist */ -static void freelist_randomize(struct rnd_state *state, unsigned int *list, +static void freelist_randomize(unsigned int *list, unsigned int count) { unsigned int rand; @@ -1141,7 +1141,7 @@ static void freelist_randomize(struct rnd_state *stat= e, unsigned int *list, =20 /* Fisher-Yates shuffle */ for (i =3D count - 1; i > 0; i--) { - rand =3D prandom_u32_state(state); + rand =3D get_random_u32(); rand %=3D (i + 1); swap(list[i], list[rand]); } @@ -1151,7 +1151,6 @@ static void freelist_randomize(struct rnd_state *stat= e, unsigned int *list, int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, gfp_t gfp) { - struct rnd_state state; =20 if (count < 2 || cachep->random_seq) return 0; @@ -1160,10 +1159,7 @@ int cache_random_seq_create(struct kmem_cache *cache= p, unsigned int count, if (!cachep->random_seq) return -ENOMEM; =20 - /* Get best entropy at this stage of boot */ - prandom_seed_state(&state, get_random_long()); - - freelist_randomize(&state, cachep->random_seq, count); + freelist_randomize(cachep->random_seq, count); return 0; } =20 --=20 2.38.0 From nobody Thu Sep 18 01:08:41 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB71EC4332F for ; Tue, 13 Dec 2022 10:35:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234791AbiLMKf2 (ORCPT ); Tue, 13 Dec 2022 05:35:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235103AbiLMKfL (ORCPT ); Tue, 13 Dec 2022 05:35:11 -0500 Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A391EE13 for ; Tue, 13 Dec 2022 02:35:10 -0800 (PST) Received: by mail-wr1-x42e.google.com with SMTP id h12so15102135wrv.10 for ; Tue, 13 Dec 2022 02:35:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.huji.ac.il; s=mailhuji; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kJM6rNGnsSsKkdiUVZXoWgZhZ1P+6n693//gXJy6sCg=; b=ImrOxdJZ4ry+gv05nHH385ZDSpbyw6yNwCyHb9Ouf1tAsDnAoEC7NE/Pkf9xzcajDF 1WC2rtDOARBqEHm0IBk8BC507qvOFgIz+ISubOBvngpH82Wnx7G+Y2y+pcB8lKibMFYB wzP3lPcUuuFXvypAulFIxjUxaO6y+Ww8TNGUs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kJM6rNGnsSsKkdiUVZXoWgZhZ1P+6n693//gXJy6sCg=; b=CBfmBoBLkQP7tyuz7dFK1dZ++r6wpwbQ3tP0pIILUFGx2BY3M5mBp93AmaS9ruZoMg fIIhP5NIEz1BZnnNKnbJ9+/5kbU58/+RIesqs7N4zK6FOftPfMgb6uuwBtKGJGSoApuU TffWPESeyk10fkdXKQWF4ch/DAjF3OWLY+cXmIkNqPMe2e7nL29Iwaus9XAELYKKTVyZ qkP5F8Oc7aDs5SvURGGtF/1IBmFtduvuomYEKMqiAMHgBZhzJ6SznuGZ49fX/buuGpWR +EjENn8k2o2i9ugguVPX6YHydJoWkJ9RZDEpai+1oXWj5paEidvN7j5I7MjSXVx0EVCm On3w== X-Gm-Message-State: ANoB5pn6z/rJU3rZCNRmgQOyz3/gCSbVEybhBSEo1P0Rs8ylQskAaRn+ 8fmHFIG3MIoJYUanmuiThxffTPGsbwj3ApwnrxjJdTWQAyO8eSj2Z52wwkf/kgArDhARhQkRsbJ cCuJZZPcelrOtx9Ztp6miQCsLLntHRRucNup6Vl/yl3pCxsMQBLOfZJ3UZbO+jMaTGmcfrTZYHU +N2vQwUzM7NWWXpSXPL3IiYjI= X-Google-Smtp-Source: AA0mqf5+7prvxB1ns5rL2RiclPDy4aLD/HkJ3wtquHbTwD+WQBoIDzHHAJ58XXdcenOUDVB6CEdPOA== X-Received: by 2002:a5d:6a46:0:b0:242:149c:6d29 with SMTP id t6-20020a5d6a46000000b00242149c6d29mr10543782wrw.16.1670927708804; Tue, 13 Dec 2022 02:35:08 -0800 (PST) Received: from MacBook-Pro-6.lan ([2a0d:6fc2:218c:1a00:a0bd:cef2:7a82:b529]) by smtp.gmail.com with ESMTPSA id v15-20020a5d6b0f000000b002366553eca7sm11295813wrw.83.2022.12.13.02.35.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 02:35:08 -0800 (PST) From: david.keisarschm@mail.huji.ac.il To: linux-kernel@vger.kernel.org, Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Cc: David , aksecurity@gmail.com, ilay.bahat1@gmail.com Subject: [PATCH v2 3/3] Replace invocation of weak PRNG in arch/x86/mm/kaslr.c Date: Tue, 13 Dec 2022 12:34:59 +0200 Message-Id: X-Mailer: git-send-email 2.38.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: David We changed the invocation of prandom_bytes_state which is considered weak to get_random_bytes. We also omitted the call to the seeding function, since get_random_bytes matintains its own state, so there is no need for seeding here anymore. This is important for the memory initial state randomization. Signed-off-by: David --- arch/x86/mm/kaslr.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 0bb083979..9ef8993d5 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -66,7 +66,6 @@ void __init kernel_randomize_memory(void) size_t i; unsigned long vaddr_start, vaddr; unsigned long rand, memory_tb; - struct rnd_state rand_state; unsigned long remain_entropy; unsigned long vmemmap_size; =20 @@ -113,8 +112,6 @@ void __init kernel_randomize_memory(void) for (i =3D 0; i < ARRAY_SIZE(kaslr_regions); i++) remain_entropy -=3D get_padding(&kaslr_regions[i]); =20 - prandom_seed_state(&rand_state, kaslr_get_random_long("Memory")); - for (i =3D 0; i < ARRAY_SIZE(kaslr_regions); i++) { unsigned long entropy; =20 @@ -123,7 +120,7 @@ void __init kernel_randomize_memory(void) * available. */ entropy =3D remain_entropy / (ARRAY_SIZE(kaslr_regions) - i); - prandom_bytes_state(&rand_state, &rand, sizeof(rand)); + get_random_bytes(&rand, sizeof(rand)); entropy =3D (rand % (entropy + 1)) & PUD_MASK; vaddr +=3D entropy; *kaslr_regions[i].base =3D vaddr; --=20 2.38.0