[PATCH v3 0/3] Replace invocations of prandom_u32() with get_random_u32()
From: david . keisarschm
Date: Sun Dec 18 2022 - 13:31:19 EST
From: David Keisar Schmidt <david.keisarschm@xxxxxxxxxxxxxxx>
Hi,
This third series add some changes to the commit messages,
and also replaces get_random_u32 with get_random_u32_below,
in a case a modulo operation is done on the result.
The security improvements for prandom_u32 done in commits c51f8f88d705
from October 2020 and d4150779e60f from May 2022 didn't handle the cases
when prandom_bytes_state() and prandom_u32_state() are used.
Specifically, this weak randomization takes place in three cases:
1. mm/slab.c
2. mm/slab_common.c
3. arch/x86/mm/kaslr.c
The first two invocations (mm/slab.c, mm/slab_common.c) are used to create
randomization in the slab allocator freelists.
This is done to make sure attackers can’t obtain information on the heap state.
The last invocation, inside arch/x86/mm/kaslr.c,
randomizes the virtual address space of kernel memory regions.
Hence, we have added the necessary changes to make those randomizations stronger,
switching prandom_u32 instances to get_random_u32.
# Changes since v2
* edited commit message in all three patches.
* replaced instances of get_random_u32 with get_random_u32_below
in mm/slab.c, mm/slab_common.c
# Changes since v1
* omitted the renaming patch, per the feedback we received
* omitted the replace of prandom_u32_state with get_random_u32 in bpf/core.c
as it turned out to be a duplicate of a patch suggested earlier by Jason Donenfeld
Regards,
David Keisar Schmidt (3):
Replace invocation of weak PRNG in mm/slab.c
Replace invocation of weak PRNG inside mm/slab_common.c
Replace invocation of weak PRNG in arch/x86/mm/kaslr.c
arch/x86/mm/kaslr.c | 5 +----
mm/slab.c | 25 ++++++++++---------------
mm/slab_common.c | 11 +++--------
3 files changed, 14 insertions(+), 27 deletions(-)
--
2.38.0