linux/net
Daniel Borkmann 3ad0040573 bpf: split state from prandom_u32() and consolidate {c, e}BPF prngs
While recently arguing on a seccomp discussion that raw prandom_u32()
access shouldn't be exposed to unpriviledged user space, I forgot the
fact that SKF_AD_RANDOM extension actually already does it for some time
in cBPF via commit 4cd3675ebf ("filter: added BPF random opcode").

Since prandom_u32() is being used in a lot of critical networking code,
lets be more conservative and split their states. Furthermore, consolidate
eBPF and cBPF prandom handlers to use the new internal PRNG. For eBPF,
bpf_get_prandom_u32() was only accessible for priviledged users, but
should that change one day, we also don't want to leak raw sequences
through things like eBPF maps.

One thought was also to have own per bpf_prog states, but due to ABI
reasons this is not easily possible, i.e. the program code currently
cannot access bpf_prog itself, and copying the rnd_state to/from the
stack scratch space whenever a program uses the prng seems not really
worth the trouble and seems too hacky. If needed, taus113 could in such
cases be implemented within eBPF using a map entry to keep the state
space, or get_random_bytes() could become a second helper in cases where
performance would not be critical.

Both sides can trigger a one-time late init via prandom_init_once() on
the shared state. Performance-wise, there should even be a tiny gain
as bpf_user_rnd_u32() saves one function call. The PRNG needs to live
inside the BPF core since kernels could have a NET-less config as well.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Cc: Chema Gonzalez <chema@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-08 05:26:39 -07:00
..
6lowpan ieee820154: 6lowpan: dispatch evaluation rework 2015-09-17 13:20:03 +02:00
9p net/9p: Remove ib_get_dma_mr calls 2015-08-30 18:12:36 -04:00
802
8021q net: 8021q: convert to using IFF_NO_QUEUE 2015-08-18 11:55:06 -07:00
appletalk
atm atm: deal with setting entry before mkip was called 2015-09-17 22:13:32 -07:00
ax25
batman-adv batman-adv: turn batadv_neigh_node_get() into local function 2015-08-27 20:15:34 +02:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-09-26 16:08:27 -07:00
bridge bridge: netlink: add support for port's multicast_router attribute 2015-10-07 04:49:34 -07:00
caif net: caif: convert to using IFF_NO_QUEUE 2015-08-18 11:55:07 -07:00
can
ceph libceph: don't access invalid memory in keepalive2 path 2015-09-17 20:14:15 +03:00
core bpf: split state from prandom_u32() and consolidate {c, e}BPF prngs 2015-10-08 05:26:39 -07:00
dcb
dccp tcp: avoid two atomic ops for syncookies 2015-10-05 02:45:27 -07:00
decnet dst: Pass net into dst->output 2015-10-08 04:27:03 -07:00
dns_resolver
dsa net: dsa: better error reporting 2015-10-07 02:58:49 -07:00
ethernet net: help compiler generate better code in eth_get_headlen 2015-09-28 22:51:15 -07:00
hsr net: hsr: convert to using IFF_NO_QUEUE 2015-08-18 11:55:07 -07:00
ieee802154 ieee802154: 6lowpan: use correct ESC value for dispatch 2015-09-17 13:20:04 +02:00
ipv4 net: Do not drop to make_route if oif is l3mdev 2015-10-08 05:18:47 -07:00
ipv6 dst: Pass net into dst->output 2015-10-08 04:27:03 -07:00
ipx
irda
iucv s390/iucv: do not use arrays as argument 2015-09-21 16:03:04 -07:00
key net: Fix RCU splat in af_key 2015-08-24 14:48:10 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-02 07:21:25 -07:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb
llc
mac80211 For the current cycle, we have the following right now: 2015-10-07 04:29:18 -07:00
mac802154 ieee802154: add ack request default handling 2015-08-10 20:43:06 +02:00
mpls dst: Pass net into dst->output 2015-10-08 04:27:03 -07:00
netfilter ipv4, ipv6: Pass net into ip_local_out and ip6_local_out 2015-10-08 04:27:02 -07:00
netlabel
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-09-26 16:08:27 -07:00
netrom
nfc nfc: netlink: Add capability to reply to vendor_cmd with data 2015-08-20 22:00:11 +02:00
openvswitch openvswitch: netlink attributes for IPv6 tunneling 2015-10-07 04:18:00 -07:00
packet bpf, seccomp: prepare for upcoming criu support 2015-10-05 06:47:05 -07:00
phonet
rds Merge branch 'net/rds/4.3-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/ssantosh/linux 2015-10-08 04:38:37 -07:00
rfkill rfkill: Copy "all" global state to other types 2015-09-04 14:26:56 +02:00
rose
rxrpc rxrpc: Replace get_seconds with ktime_get_seconds 2015-09-20 21:53:56 -07:00
sched sched, bpf: add helper for retrieving routing realms 2015-10-03 05:02:41 -07:00
sctp net: sctp: avoid incorrect time_t use 2015-10-05 03:16:48 -07:00
sunrpc Changes for 4.3-rc4 2015-10-01 16:38:52 -04:00
switchdev switchdev: push object ID back to object structure 2015-10-03 04:49:40 -07:00
tipc tipc: reinitialize pointer after skb linearize 2015-09-20 22:31:20 -07:00
unix af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag 2015-09-29 13:47:08 -07:00
vmw_vsock
wimax net:wimax: Fix doucble word "the the" in networking.xml 2015-08-09 22:43:52 -07:00
wireless For the current cycle, we have the following right now: 2015-10-07 04:29:18 -07:00
x25
xfrm dst: Pass net into dst->output 2015-10-08 04:27:03 -07:00
compat.c
Kconfig net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
Makefile net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
socket.c
sysctl_net.c