From: Andrew Morton <akpm@linux-foundation.org>
To: Jeff Liu <jeff.liu@oracle.com>
Cc: "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Andreas Dilger <aedilger@gmail.com>,
"arnd@arndb.de" <arnd@arndb.de>,
"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
Alan Cox <alan@linux.intel.com>, "Ted Ts'o" <tytso@mit.edu>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
James Morris <james.l.morris@oracle.com>,
John Sobecki <john.sobecki@oracle.com>,
Jakub Jelinek <jakub@redhat.com>,
Ulrich Drepper <drepper@redhat.com>
Subject: Re: [PATCH V2] binfmt_elf.c: Introduce a wrapper of get_random_int() to fix entropy depleting
Date: Tue, 6 Nov 2012 16:09:21 -0800 [thread overview]
Message-ID: <20121106160921.bb3834f3.akpm@linux-foundation.org> (raw)
In-Reply-To: <5092234B.80405@oracle.com>
On Thu, 01 Nov 2012 15:22:51 +0800
Jeff Liu <jeff.liu@oracle.com> wrote:
> Hello,
>
> Entropy quickly depleting under normal I/O operations like ls(1), cat(1), etc...
> between 2.6.30 to current mainline,
Well that's bad. Let's cc Kees, who broke it ;)
> for instance:
>
> $ cat /proc/sys/kernel/random/entropy_avail
> 3428
> $ cat /proc/sys/kernel/random/entropy_avail
> 2911
> $cat /proc/sys/kernel/random/entropy_avail
> 2620
>
> We observed this problem has been occurred with fs/binfmt_elf.c: create_elf_tables()->get_random_bytes()
> was introduced began at 2.6.30.
> /*
> * Generate 16 random bytes for userspace PRNG seeding.
> */
> get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
>
> This proposal patch is trying to introduce a wrapper of get_random_int() which has lower overhead
> than calling get_random_bytes() directly.
>
> With this patch applied:
> $ cat /proc/sys/kernel/random/entropy_avail
> 2731
> $ cat /proc/sys/kernel/random/entropy_avail
> 2802
> $ cat /proc/sys/kernel/random/entropy_avail
> 2878
>
> ...
>
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -48,6 +48,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
> static int load_elf_library(struct file *);
> static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
> int, int, unsigned long);
> +static void randomize_stack_user(unsigned char *buf, size_t nbytes);
>
> /*
> * If we don't support core dumping, then supply a NULL so we
> @@ -200,7 +201,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
> /*
> * Generate 16 random bytes for userspace PRNG seeding.
> */
> - get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
> + randomize_stack_user(k_rand_bytes, sizeof(k_rand_bytes));
> u_rand_bytes = (elf_addr_t __user *)
> STACK_ALLOC(p, sizeof(k_rand_bytes));
> if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
> @@ -558,6 +559,29 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
> #endif
> }
>
> +/*
> + * A wrapper of get_random_int() to generate random bytes which has lower
> + * overhead than call get_random_bytes() directly.
> + * create_elf_tables() call this function to generate 16 random bytes for
> + * userspace PRNG seeding.
> + */
> +static void randomize_stack_user(unsigned char *buf, size_t nbytes)
> +{
> + unsigned char *p = buf;
> +
> + while (nbytes) {
> + unsigned int random_variable;
> + size_t chunk = min(nbytes, sizeof(unsigned int));
> +
> + random_variable = get_random_int() & STACK_RND_MASK;
> + random_variable <<= PAGE_SHIFT;
> +
> + memcpy(p, &random_variable, chunk);
> + p += chunk;
> + nbytes -= chunk;
> + }
> +}
Prior to f06295b44c296 ("ELF: implement AT_RANDOM for glibc PRNG
seeding"), glibc was opening and using /dev/urandom for this. So
presumably the urandom level of security was sufficient.
Or perhaps it wasn't and the stronger get_random_bytes() works better -
I don't know?
>From my reading of the source, get_random_int() is weaker even than
/dev/urandom?
So my bottom line is: I don't know! Kees? Ted? Ulrich?
next prev parent reply other threads:[~2012-11-07 0:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-25 7:53 [PATCH] binfmt_elf.c: Introduce a wrapper of get_random_int() to fix entropy depleting Jeff Liu
2012-10-26 18:52 ` Andreas Dilger
2012-10-27 5:00 ` Jeff Liu
2012-11-01 7:22 ` [PATCH V2] " Jeff Liu
2012-11-07 0:09 ` Andrew Morton [this message]
2012-11-07 3:01 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121106160921.bb3834f3.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=aedilger@gmail.com \
--cc=alan@linux.intel.com \
--cc=arnd@arndb.de \
--cc=drepper@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jakub@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=jeff.liu@oracle.com \
--cc=john.sobecki@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.