lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <202003281643.02SGhN9T020186@sdf.org>
Date:   Wed, 21 Aug 2019 20:21:45 -0400
From:   George Spelvin <lkml@....org>
To:     linux-kernel@...r.kernel.org, lkml@....org
Cc:     Doug Ledford <dledford@...hat.com>,
        Jason Gunthorpe <jgg@...lanox.com>, linux-rdma@...r.kernel.org,
        Faisal Latif <faisal.latif@...el.com>,
        Shiraz Saleem <shiraz.saleem@...el.com>,
        Bart Van Assche <bvanassche@....org>,
        Bernard Metzler <bmt@...ich.ibm.com>
Subject: [RFC PATCH v1 42/50] drivers/ininiband: Use get_random_u32()

There's no need to get_random_bytes() into a temporary buffer.

This is not a no-brainer change; get_random_u32() has slightly weaker
security guarantees, but code like this is the classic example of when
it's appropriate: the random value is stored in the kernel for as long
as it's valuable.

TODO: Could any of the call sites be further weakened to prandom_u32()?
If we're randomizing to avoid collisions with a *cooperating* (as opposed
to malicious) partner, we don't need cryptographic strength.

Signed-off-by: George Spelvin <lkml@....org>
Cc: Doug Ledford <dledford@...hat.com>
Cc: Jason Gunthorpe <jgg@...lanox.com>
Cc: linux-rdma@...r.kernel.org
Cc: Faisal Latif <faisal.latif@...el.com>
Cc: Shiraz Saleem <shiraz.saleem@...el.com>
Cc: Bart Van Assche <bvanassche@....org>
Cc: Bernard Metzler <bmt@...ich.ibm.com>
---
 drivers/infiniband/core/cm.c              | 2 +-
 drivers/infiniband/core/cma.c             | 3 +--
 drivers/infiniband/core/sa_query.c        | 2 +-
 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 +-
 drivers/infiniband/sw/siw/siw_mem.c       | 9 ++-------
 drivers/infiniband/sw/siw/siw_verbs.c     | 2 +-
 drivers/infiniband/ulp/srp/ib_srp.c       | 3 +--
 7 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
index 4decc1d4cc997..8af4368faf8ee 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -4449,7 +4449,7 @@ static int __init ib_cm_init(void)
 	cm.remote_qp_table = RB_ROOT;
 	cm.remote_sidr_table = RB_ROOT;
 	xa_init_flags(&cm.local_id_table, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ);
-	get_random_bytes(&cm.random_id_operand, sizeof cm.random_id_operand);
+	cm.random_id_operand = (__force __be32)get_random_u32();
 	INIT_LIST_HEAD(&cm.timewait_list);
 
 	ret = class_register(&cm_class);
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index a5874d2fac54e..1fce71e625c15 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -873,9 +873,8 @@ struct rdma_cm_id *__rdma_create_id(struct net *net,
 	mutex_init(&id_priv->handler_mutex);
 	INIT_LIST_HEAD(&id_priv->listen_list);
 	INIT_LIST_HEAD(&id_priv->mc_list);
-	get_random_bytes(&id_priv->seq_num, sizeof id_priv->seq_num);
+	id_priv->seq_num = get_random_u32() & 0x00ffffff;
 	id_priv->id.route.addr.dev_addr.net = get_net(net);
-	id_priv->seq_num &= 0x00ffffff;
 
 	return &id_priv->id;
 }
diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c
index 30d4c126a2db0..0db882e247234 100644
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -2426,7 +2426,7 @@ int ib_sa_init(void)
 {
 	int ret;
 
-	get_random_bytes(&tid, sizeof tid);
+	tid = get_random_u32();
 
 	atomic_set(&ib_nl_sa_request_seq, 0);
 
diff --git a/drivers/infiniband/hw/i40iw/i40iw_verbs.c b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
index dbd96d029d8bd..4c62b3a4f4233 100644
--- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
@@ -1262,7 +1262,7 @@ static u32 i40iw_create_stag(struct i40iw_device *iwdev)
 	u8 consumer_key;
 	int ret;
 
-	get_random_bytes(&random, sizeof(random));
+	random = get_random_u32();
 	consumer_key = (u8)random;
 
 	driver_key = random & ~iwdev->mr_stagmask;
diff --git a/drivers/infiniband/sw/siw/siw_mem.c b/drivers/infiniband/sw/siw/siw_mem.c
index e99983f076631..50c84f6a98e51 100644
--- a/drivers/infiniband/sw/siw/siw_mem.c
+++ b/drivers/infiniband/sw/siw/siw_mem.c
@@ -21,10 +21,7 @@
 int siw_mem_add(struct siw_device *sdev, struct siw_mem *m)
 {
 	struct xa_limit limit = XA_LIMIT(1, 0x00ffffff);
-	u32 id, next;
-
-	get_random_bytes(&next, 4);
-	next &= 0x00ffffff;
+	u32 id, next = get_random_u32() & 0x00ffffff;
 
 	if (xa_alloc_cyclic(&sdev->mem_xa, &id, m, limit, &next,
 	    GFP_KERNEL) < 0)
@@ -107,9 +104,7 @@ int siw_mr_add_mem(struct siw_mr *mr, struct ib_pd *pd, void *mem_obj,
 	kref_init(&mem->ref);
 
 	mr->mem = mem;
-
-	get_random_bytes(&next, 4);
-	next &= 0x00ffffff;
+	next = get_random_u32() & 0x00ffffff;
 
 	if (xa_alloc_cyclic(&sdev->mem_xa, &id, mem, limit, &next,
 	    GFP_KERNEL) < 0) {
diff --git a/drivers/infiniband/sw/siw/siw_verbs.c b/drivers/infiniband/sw/siw/siw_verbs.c
index 5fd6d6499b3d7..42f3ced4ca7c7 100644
--- a/drivers/infiniband/sw/siw/siw_verbs.c
+++ b/drivers/infiniband/sw/siw/siw_verbs.c
@@ -1139,7 +1139,7 @@ int siw_create_cq(struct ib_cq *base_cq, const struct ib_cq_init_attr *attr,
 		rv = -ENOMEM;
 		goto err_out;
 	}
-	get_random_bytes(&cq->id, 4);
+	cq->id = get_random_u32();
 	siw_dbg(base_cq->device, "new CQ [%u]\n", cq->id);
 
 	spin_lock_init(&cq->lock);
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index cd1181c39ed29..2a954db0d6b55 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -903,8 +903,7 @@ static int srp_send_req(struct srp_rdma_ch *ch, uint32_t max_iu_len,
 		req->ib_param.primary_path = &ch->ib_cm.path;
 		req->ib_param.alternate_path = NULL;
 		req->ib_param.service_id = target->ib_cm.service_id;
-		get_random_bytes(&req->ib_param.starting_psn, 4);
-		req->ib_param.starting_psn &= 0xffffff;
+		req->ib_param.starting_psn = get_random_u32() & 0xffffff;
 		req->ib_param.qp_num = ch->qp->qp_num;
 		req->ib_param.qp_type = ch->qp->qp_type;
 		req->ib_param.local_cm_response_timeout = subnet_timeout + 2;
-- 
2.26.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ