From: Jeff Liu <jeff.liu@oracle.com>
To: "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Cc: Andreas Dilger <aedilger@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"arnd@arndb.de" <arnd@arndb.de>,
"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
Alan Cox <alan@linux.intel.com>, "Ted Ts'o" <tytso@mit.edu>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
James Morris <james.l.morris@oracle.com>,
John Sobecki <john.sobecki@oracle.com>
Subject: [PATCH V2] binfmt_elf.c: Introduce a wrapper of get_random_int() to fix entropy depleting
Date: Thu, 01 Nov 2012 15:22:51 +0800 [thread overview]
Message-ID: <5092234B.80405@oracle.com> (raw)
In-Reply-To: <5088EFDF.7040505@oracle.com>
Hello,
Entropy quickly depleting under normal I/O operations like ls(1), cat(1), etc...
between 2.6.30 to current mainline, for instance:
$ cat /proc/sys/kernel/random/entropy_avail
3428
$ cat /proc/sys/kernel/random/entropy_avail
2911
$cat /proc/sys/kernel/random/entropy_avail
2620
We observed this problem has been occurred with fs/binfmt_elf.c: create_elf_tables()->get_random_bytes()
was introduced began at 2.6.30.
/*
* Generate 16 random bytes for userspace PRNG seeding.
*/
get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
This proposal patch is trying to introduce a wrapper of get_random_int() which has lower overhead
than calling get_random_bytes() directly.
With this patch applied:
$ cat /proc/sys/kernel/random/entropy_avail
2731
$ cat /proc/sys/kernel/random/entropy_avail
2802
$ cat /proc/sys/kernel/random/entropy_avail
2878
v2->v1:
-------
- Fix random copy to check up buffer length that are not 4-byte multiples according to Andreas's comments, thank you.
v1 can be found at:
http://www.spinics.net/lists/linux-fsdevel/msg59128.html
Any comments are more than welcome!
-Jeff
Signed-off-by: Jie Liu <jeff.liu@oracle.com>
Analyzed-by: John Sobecki <john.sobecki@oracle.com>
CC: Al Viro <viro@zeniv.linux.org.uk>
CC: Andreas Dilger <aedilger@gmail.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Alan Cox <alan@linux.intel.com>
CC: Arnd Bergmann <arnn@arndb.de>
CC: James Morris <james.l.morris@oracle.com>
CC: Ted Ts'o <tytso@mit.edu>
CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_elf.c | 26 +++++++++++++++++++++++++-
1 files changed, 25 insertions(+), 1 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index fbd9f60..2c8121f 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -48,6 +48,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
static int load_elf_library(struct file *);
static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
int, int, unsigned long);
+static void randomize_stack_user(unsigned char *buf, size_t nbytes);
/*
* If we don't support core dumping, then supply a NULL so we
@@ -200,7 +201,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
/*
* Generate 16 random bytes for userspace PRNG seeding.
*/
- get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
+ randomize_stack_user(k_rand_bytes, sizeof(k_rand_bytes));
u_rand_bytes = (elf_addr_t __user *)
STACK_ALLOC(p, sizeof(k_rand_bytes));
if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
@@ -558,6 +559,29 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
#endif
}
+/*
+ * A wrapper of get_random_int() to generate random bytes which has lower
+ * overhead than call get_random_bytes() directly.
+ * create_elf_tables() call this function to generate 16 random bytes for
+ * userspace PRNG seeding.
+ */
+static void randomize_stack_user(unsigned char *buf, size_t nbytes)
+{
+ unsigned char *p = buf;
+
+ while (nbytes) {
+ unsigned int random_variable;
+ size_t chunk = min(nbytes, sizeof(unsigned int));
+
+ random_variable = get_random_int() & STACK_RND_MASK;
+ random_variable <<= PAGE_SHIFT;
+
+ memcpy(p, &random_variable, chunk);
+ p += chunk;
+ nbytes -= chunk;
+ }
+}
+
static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
{
struct file *interpreter = NULL; /* to shut gcc up */
--
1.7.4.1
next prev parent reply other threads:[~2012-11-01 7:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-25 7:53 [PATCH] binfmt_elf.c: Introduce a wrapper of get_random_int() to fix entropy depleting Jeff Liu
2012-10-26 18:52 ` Andreas Dilger
2012-10-27 5:00 ` Jeff Liu
2012-11-01 7:22 ` Jeff Liu [this message]
2012-11-07 0:09 ` [PATCH V2] " Andrew Morton
2012-11-07 3:01 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5092234B.80405@oracle.com \
--to=jeff.liu@oracle.com \
--cc=aedilger@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alan@linux.intel.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=john.sobecki@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.