From patchwork Thu Jul 28 20:47:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Cooper X-Patchwork-Id: 9251703 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7F4826075F for ; Thu, 28 Jul 2016 21:25:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6E65A27E71 for ; Thu, 28 Jul 2016 21:25:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 61EB227F0B; Thu, 28 Jul 2016 21:25:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5D44827E71 for ; Thu, 28 Jul 2016 21:25:55 +0000 (UTC) Received: (qmail 32540 invoked by uid 550); 28 Jul 2016 21:25:50 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 32496 invoked from network); 28 Jul 2016 21:25:49 -0000 X-MHO-User: fc30a325-5509-11e6-8929-8ded99d5e9d7 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 74.99.77.15 X-Mail-Handler: DuoCircle Outbound SMTP From: Jason Cooper To: william.c.roberts@intel.com, Yann Droneaud , linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Cc: linux@arm.linux.org.uk, akpm@linux-foundation.org, keescook@chromium.org, tytso@mit.edu, arnd@arndb.de, gregkh@linuxfoundation.org, catalin.marinas@arm.com, will.deacon@arm.com, ralf@linux-mips.org, benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, viro@zeniv.linux.org.uk, nnk@google.com, jeffv@google.com, dcashman@android.com, Jason Cooper Date: Thu, 28 Jul 2016 20:47:24 +0000 Message-Id: <20160728204730.27453-2-jason@lakedaemon.net> X-Mailer: git-send-email 2.9.2 In-Reply-To: <20160728204730.27453-1-jason@lakedaemon.net> References: <20160728204730.27453-1-jason@lakedaemon.net> Subject: [kernel-hardening] [PATCH 1/7] random: Simplify API for random address requests X-Virus-Scanned: ClamAV using ClamSMTP To date, all callers of randomize_range() have set the length to 0, and check for a zero return value. For the current callers, the only way to get zero returned is if end <= start. Since they are all adding a constant to the start address, this is unnecessary. We can remove a bunch of needless checks by simplifying the API to do just what everyone wants, return an address between [start, start + range). While we're here, s/get_random_int/get_random_long/. No current call site is adversely affected by get_random_int(), since all current range requests are < UINT_MAX. However, we should match caller expectations to avoid coming up short (ha!) in the future. Address generation within [start, start + range) behavior is preserved. All current callers to randomize_range() chose to use the start address if randomize_range() failed. Therefore, we simplify things by just returning the start address on error. randomize_range() will be removed once all callers have been converted over to randomize_addr(). Signed-off-by: Jason Cooper --- drivers/char/random.c | 26 ++++++++++++++++++++++++++ include/linux/random.h | 1 + 2 files changed, 27 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 0158d3bff7e5..3610774bcc53 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1840,6 +1840,32 @@ randomize_range(unsigned long start, unsigned long end, unsigned long len) return PAGE_ALIGN(get_random_int() % range + start); } +/** + * randomize_addr - Generate a random, page aligned address + * @start: The smallest acceptable address the caller will take. + * @range: The size of the area, starting at @start, within which the + * random address must fall. + * + * Before page alignment, the random address generated can be any value from + * @start, to @start + @range - 1 inclusive. + * + * If @start + @range would overflow, @range is capped. + * + * Return: A page aligned address within [start, start + range). On error, + * @start is returned. + */ +unsigned long +randomize_addr(unsigned long start, unsigned long range) +{ + if (range == 0) + return start; + + if (start > ULONG_MAX - range) + range = ULONG_MAX - start; + + return PAGE_ALIGN(get_random_long() % range + start); +} + /* Interface for in-kernel drivers of true hardware RNGs. * Those devices may produce endless random bits and will be throttled * when our pool is full. diff --git a/include/linux/random.h b/include/linux/random.h index e47e533742b5..f1ca2fa4c071 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -35,6 +35,7 @@ extern const struct file_operations random_fops, urandom_fops; unsigned int get_random_int(void); unsigned long get_random_long(void); unsigned long randomize_range(unsigned long start, unsigned long end, unsigned long len); +unsigned long randomize_addr(unsigned long start, unsigned long range); u32 prandom_u32(void); void prandom_bytes(void *buf, size_t nbytes);