lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <cover.1673470326.git.david.keisarschm@mail.huji.ac.il>
Date:   Fri, 13 Jan 2023 23:33:10 +0200
From:   david.keisarschm@...l.huji.ac.il
To:     linux-kernel@...r.kernel.org
Cc:     Jason@...c4.com, linux-mm@...ck.org, akpm@...ux-foundation.org,
        vbabka@...e.cz, 42.hyeyoo@...il.com, mingo@...hat.com,
        hpa@...or.com, keescook@...omium.org,
        David Keisar Schmidt <david.keisarschm@...l.huji.ac.il>,
        aksecurity@...il.com, ilay.bahat1@...il.com
Subject: [PATCH v4 0/3] Secure prandom_u32 invocations

From: David Keisar Schmidt <david.keisarschm@...l.huji.ac.il>

Hi,

The security improvements for prandom_u32 done in commits c51f8f88d705
from October 2020 and d4150779e60f from May 2022 didn't handle the cases
when prandom_bytes_state() and prandom_u32_state() are used.

Specifically, this weak randomization takes place in three cases:
    1.	mm/slab.c
    2.	mm/slab_common.c
    3.	arch/x86/mm/kaslr.c

The first two invocations (mm/slab.c, mm/slab_common.c) are used to create
randomization in the slab allocator freelists.
This is done to make sure attackers can’t obtain information on the heap state.

The last invocation, inside arch/x86/mm/kaslr.c,
randomizes the virtual address space of kernel memory regions.
The use of prandom_bytes_state() is justified since it has a dedicated
state and draws only 3 pseudo random values, but the seeding state takes advantage
of only 32 bits out of 64 bits of the seed.
Hence, we have added the necessary changes to make those randomizations stronger,
switching the invocation of prandom_seed_state to a more secure version, which
we implemented inside kaslr.c.
---
Changes since v3:
* arch/x86/mm/kaslr.c: secure the way the region offsets are generated in the
  seeding state - Adding a revised version of prandom_seed_state
* edited commit messages

Changes since v2:
* edited commit message.
* replaced instances of get_random_u32 with get_random_u32_below
      in mm/slab.c, mm/slab_common.c

Regards,

David Keisar Schmidt (3):
  Replace invocation of weak PRNG in mm/slab.c
  Replace invocation of weak PRNG inside mm/slab_common.c
  Add 64bits prandom_seed_state to arch/x86/mm/kaslr.c

 arch/x86/mm/kaslr.c | 26 +++++++++++++++++++++++++-
 mm/slab.c           | 25 ++++++++++---------------
 mm/slab_common.c    | 11 +++--------
 3 files changed, 38 insertions(+), 24 deletions(-)

-- 
2.38.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ