lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <cover.1671277662.git.david.keisarschm@mail.huji.ac.il>
Date:   Sun, 18 Dec 2022 20:18:57 +0200
From:   david.keisarschm@...l.huji.ac.il
To:     linux-kernel@...r.kernel.org
Cc:     Jason@...c4.com,
        David Keisar Schmidt <david.keisarschm@...l.huji.ac.il>,
        aksecurity@...il.com, ilay.bahat1@...il.com, bpf@...r.kernel.org
Subject: [PATCH v3 0/3] Replace invocations of prandom_u32() with get_random_u32()

From: David Keisar Schmidt <david.keisarschm@...l.huji.ac.il>

Hi,

This third series add some changes to the commit messages,
and also replaces get_random_u32 with get_random_u32_below,
in a case a modulo operation is done on the result.

The security improvements for prandom_u32 done in commits c51f8f88d705
from October 2020 and d4150779e60f from May 2022 didn't handle the cases
when prandom_bytes_state() and prandom_u32_state() are used.

Specifically, this weak randomization takes place in three cases:
    1.	mm/slab.c
    2.	mm/slab_common.c
    3.	arch/x86/mm/kaslr.c

The first two invocations (mm/slab.c, mm/slab_common.c) are used to create
randomization in the slab allocator freelists.
This is done to make sure attackers can’t obtain information on the heap state.

The last invocation, inside arch/x86/mm/kaslr.c,
randomizes the virtual address space of kernel memory regions.
Hence, we have added the necessary changes to make those randomizations stronger,
switching  prandom_u32 instances to get_random_u32.

# Changes since v2

* edited commit message in all three patches.
* replaced instances of get_random_u32 with get_random_u32_below
    in mm/slab.c, mm/slab_common.c

# Changes since v1

* omitted the renaming patch, per the feedback we received
* omitted the replace of prandom_u32_state with get_random_u32 in bpf/core.c
 as it turned out to be a duplicate of a patch suggested earlier by Jason Donenfeld

Regards,


David Keisar Schmidt (3):
  Replace invocation of weak PRNG in mm/slab.c
  Replace invocation of weak PRNG inside mm/slab_common.c
  Replace invocation of weak PRNG in arch/x86/mm/kaslr.c

 arch/x86/mm/kaslr.c |  5 +----
 mm/slab.c           | 25 ++++++++++---------------
 mm/slab_common.c    | 11 +++--------
 3 files changed, 14 insertions(+), 27 deletions(-)

-- 
2.38.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ