Re: [PATCH v3 00/19] random: Resolve circular include dependency and include
Hi Uros, Per your plan, I took this into random.git, and we'll now see if being in next unearths some problems over the next week or two. Jason
Re: [PATCH RESEND v2 00/19] random: Resolve circular include dependency and include
Hi Uros,
On Mon, Sep 09, 2024 at 09:30:06PM +0200, Uros Bizjak wrote:
> Besides GCC, clang can define various named address space via
> address_space attribute:
>
> --cut here--
> #define __as(N) __attribute__((address_space(N)))
>
> void *foo(void __as(1) *x) { return x; } // error
>
> void *bar(void __as(1) *x) { return (void *)x; } // fine
> --cut here--
>
> When compiling this, the compiler returns:
>
> clang-as.c:3:37: error: returning '__as(1) void *' from a function
> with result type 'void *' changes address space of pointer
Super cool. Looking forward to having it all wired up and the bugs we'll
find with it.
> I think that the best approach is to target this patchset for linux
> 6.13 via random.git tree. I will prepare a v3 after 6.12rc1, so when
> committed to random.git, the patchset will be able to spend some time
> in linux-next. This way, there will be plenty of time for CI robots to
> do additional checks also for some less popular targets (although
> individual patches are dead simple, removing these kinds of "legacy"
> includes can be tricky), and I will also be able to collect Acked-by:s
> in the meantime.
>
> While the patchset is an improvement by itself, its inclusion is not
> time sensitive. The follow up percpu named address checking
> functionality requires a very recent feature (__typeof_unqual__
> keyword), which is only supported in recent compilers (gcc-14 and
> clang-20). Besides compiler support, sparse doesn't know about
> __typeof_unqual__, resulting in broken type tracing and hundreds of
> sparse errors with C=1 due to unknown keyword.
>
> So, I think we are not in a hurry and can take the slow and safe path.
Okay, sure, that sounds good to me. I'll keep my eyes open for v3
in a few weeks then.
Jason
Re: [PATCH RESEND v2 00/19] random: Resolve circular include dependency and include
Hi Uros, On Mon, Sep 09, 2024 at 09:53:43AM +0200, Uros Bizjak wrote: > a) Substitutes the inclusion of with the > inclusion of where needed (patches 1 - 17). > > b) Removes legacy inclusion of from > (patch 18). > > c) Includes in (patch 19). Thanks for doing this. That seems like a fine initiative to me. (I'm also curious about the future percpu changes you've got planned.) Tree-wise, were you expecting me to take this through random.git? And if so, what timeframe did you have in mind? For 6.12 next week (can you poke folks for acks in time?), or punt it for 6.13? Or did you have a different tree in mind for treewide changes (in which case, I'll send you an ack for the [p]random.h changes). Regards, Jason
Re: [PATCH 1/5] Renaming weak prng invocations - prandom_bytes_state, prandom_u32_state
Please CC me on future revisions. As of 6.2, the prandom namespace is *only* for predictable randomness. There's no need to rename anything. So nack on this patch 1/5. With regards to the remaining patches in this series, if you want to move prandom_u32_state callers over to get_random_bytes() and get_random_u32(), that's fine from my perspective, but last I looked, there was much usage in places where being repeatable was actually the goal - test suites and such, where you want to be able to redo your tests with the same seed. So you'll have to look at each instance case by case and convince whoever maintains that code that they don't need predictability. However, if you do that, the right functions to use are get_random_bytes() and get_random_u32(). Jason
Re: [PATCH] drm/atomic: do not branch based on the value of current->comm[0]
Hey again,
On Wed, Nov 16, 2022 at 01:36:00AM +0100, Jason A. Donenfeld wrote:
> I'm a bit surprised that this patch was ignored. I had sort of assumed
Mystery solved: this message to you bounced from this linux.ie address I
somehow wound up with in the recipients list. Fixing now by using the
one in MAINTAINERS. Sorry about that.
Jason
> On Sat, Nov 05, 2022 at 11:20:12PM +0100, Jason A. Donenfeld wrote:
> > This reverts 26b1d3b527e7 ("drm/atomic: Take the atomic toys away from
> > X"), a rootkit-like kludge that has no business being inside of a
> > general purpose kernel. It's the type of debugging hack I'll use
> > momentarily but never commit, or a sort of babbies-first-process-hider
> > malware trick.
> >
> > The backstory is that some userspace code -- xorg-server -- has a
> > modesetting DDX that isn't really coded right. With nobody wanting to
> > maintain X11 anymore, rather than fixing the buggy code, the kernel was
> > adjusted to avoid having to touch X11. A bummer, but fair enough: if the
> > kernel doesn't want to support some userspace API any more, the right
> > thing to do is to arrange for a graceful fallback where userspace thinks
> > it's not available in a manageable way.
> >
> > However, the *way* it goes about doing that is just to check
> > `current->comm[0] == 'X'`, and disable it for only that case. So that
> > means it's *not* simply a matter of the kernel not wanting to support a
> > particular userspace API anymore, but rather it's the kernel not wanting
> > to support xorg-server, in theory, but actually, it turns out, that's
> > all processes that begin with 'X'.
> >
> > Playing games with current->comm like this is obviously wrong, and it's
> > pretty shocking that this ever got committed.
> >
> > Fortunately, since this was committed, somebody did actually disable
> > the userspace side by default in X11:
> > https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/180 and
> > this was three years ago. So userspace is mostly fine now for ordinary
> > default usage. And people who opt into this -- since it does actually
> > work fine for many use cases on i915 -- ostensibly know what they're
> > getting themselves into (my case).
> >
> > So let's just revert this `comm[0] == 'X'` business entirely, but still
> > allow for `value == 2`, in case anybody actually started working on that
> > part elsewhere.
> >
> > Fixes: 26b1d3b527e7 ("drm/atomic: Take the atomic toys away from X")
> > Cc: Daniel Vetter
> > Cc: Peter Zijlstra
> > Cc: Ilia Mirkin
> > Cc: Maarten Lankhorst
> > Cc: Nicholas Kazlauskas
> > Cc: Christian Brauner
> > Cc: Michel Dänzer
> > Cc: Alex Deucher
> > Cc: Adam Jackson
> > Cc: Greg Kroah-Hartman
> > Cc: Sean Paul
> > Cc: David Airlie
> > Cc: Rob Clark
> > Cc: Sultan Alsawaf
> > Signed-off-by: Jason A. Donenfeld
> > ---
> > drivers/gpu/drm/drm_ioctl.c | 5 -
> > 1 file changed, 5 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
> > index ca2a6e6101dc..017f31e67179 100644
> > --- a/drivers/gpu/drm/drm_ioctl.c
> > +++ b/drivers/gpu/drm/drm_ioctl.c
> > @@ -336,11 +336,6 @@ drm_setclientcap(struct drm_device *dev, void *data,
> > struct drm_file *file_priv)
> > case DRM_CLIENT_CAP_ATOMIC:
> > if (!drm_core_check_feature(dev, DRIVER_ATOMIC))
> > return -EOPNOTSUPP;
> > - /* The modesetting DDX has a totally broken idea of atomic. */
> > - if (current->comm[0] == 'X' && req->value == 1) {
> > - pr_info("broken atomic modeset userspace detected,
> > disabling atomic\n");
> > - return -EOPNOTSUPP;
> > - }
> > if (req->value > 2)
> > return -EINVAL;
> > file_priv->atomic = req->value;
> > --
> > 2.38.1
Re: [PATCH] drm/atomic: do not branch based on the value of current->comm[0]
Hi David,
I'm a bit surprised that this patch was ignored. I had sort of assumed
the response would be, "good god, I can't believe we're doing this.
Applied to drm-next!" rather than crickets, but maybe it just got buried
under a lot of other patches. So I thought I'd poke about this again.
The original message is reproduced in full below.
Regards,
Jason
On Sat, Nov 05, 2022 at 11:20:12PM +0100, Jason A. Donenfeld wrote:
> This reverts 26b1d3b527e7 ("drm/atomic: Take the atomic toys away from
> X"), a rootkit-like kludge that has no business being inside of a
> general purpose kernel. It's the type of debugging hack I'll use
> momentarily but never commit, or a sort of babbies-first-process-hider
> malware trick.
>
> The backstory is that some userspace code -- xorg-server -- has a
> modesetting DDX that isn't really coded right. With nobody wanting to
> maintain X11 anymore, rather than fixing the buggy code, the kernel was
> adjusted to avoid having to touch X11. A bummer, but fair enough: if the
> kernel doesn't want to support some userspace API any more, the right
> thing to do is to arrange for a graceful fallback where userspace thinks
> it's not available in a manageable way.
>
> However, the *way* it goes about doing that is just to check
> `current->comm[0] == 'X'`, and disable it for only that case. So that
> means it's *not* simply a matter of the kernel not wanting to support a
> particular userspace API anymore, but rather it's the kernel not wanting
> to support xorg-server, in theory, but actually, it turns out, that's
> all processes that begin with 'X'.
>
> Playing games with current->comm like this is obviously wrong, and it's
> pretty shocking that this ever got committed.
>
> Fortunately, since this was committed, somebody did actually disable
> the userspace side by default in X11:
> https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/180 and
> this was three years ago. So userspace is mostly fine now for ordinary
> default usage. And people who opt into this -- since it does actually
> work fine for many use cases on i915 -- ostensibly know what they're
> getting themselves into (my case).
>
> So let's just revert this `comm[0] == 'X'` business entirely, but still
> allow for `value == 2`, in case anybody actually started working on that
> part elsewhere.
>
> Fixes: 26b1d3b527e7 ("drm/atomic: Take the atomic toys away from X")
> Cc: Daniel Vetter
> Cc: Peter Zijlstra
> Cc: Ilia Mirkin
> Cc: Maarten Lankhorst
> Cc: Nicholas Kazlauskas
> Cc: Christian Brauner
> Cc: Michel Dänzer
> Cc: Alex Deucher
> Cc: Adam Jackson
> Cc: Greg Kroah-Hartman
> Cc: Sean Paul
> Cc: David Airlie
> Cc: Rob Clark
> Cc: Sultan Alsawaf
> Signed-off-by: Jason A. Donenfeld
> ---
> drivers/gpu/drm/drm_ioctl.c | 5 -
> 1 file changed, 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
> index ca2a6e6101dc..017f31e67179 100644
> --- a/drivers/gpu/drm/drm_ioctl.c
> +++ b/drivers/gpu/drm/drm_ioctl.c
> @@ -336,11 +336,6 @@ drm_setclientcap(struct drm_device *dev, void *data,
> struct drm_file *file_priv)
> case DRM_CLIENT_CAP_ATOMIC:
> if (!drm_core_check_feature(dev, DRIVER_ATOMIC))
> return -EOPNOTSUPP;
> - /* The modesetting DDX has a totally broken idea of atomic. */
> - if (current->comm[0] == 'X' && req->value == 1) {
> - pr_info("broken atomic modeset userspace detected,
> disabling atomic\n");
> - return -EOPNOTSUPP;
> - }
> if (req->value > 2)
> return -EINVAL;
> file_priv->atomic = req->value;
> --
> 2.38.1
>
[PATCH] drm/atomic: do not branch based on the value of current->comm[0]
This reverts 26b1d3b527e7 ("drm/atomic: Take the atomic toys away from
X"), a rootkit-like kludge that has no business being inside of a
general purpose kernel. It's the type of debugging hack I'll use
momentarily but never commit, or a sort of babbies-first-process-hider
malware trick.
The backstory is that some userspace code -- xorg-server -- has a
modesetting DDX that isn't really coded right. With nobody wanting to
maintain X11 anymore, rather than fixing the buggy code, the kernel was
adjusted to avoid having to touch X11. A bummer, but fair enough: if the
kernel doesn't want to support some userspace API any more, the right
thing to do is to arrange for a graceful fallback where userspace thinks
it's not available in a manageable way.
However, the *way* it goes about doing that is just to check
`current->comm[0] == 'X'`, and disable it for only that case. So that
means it's *not* simply a matter of the kernel not wanting to support a
particular userspace API anymore, but rather it's the kernel not wanting
to support xorg-server, in theory, but actually, it turns out, that's
all processes that begin with 'X'.
Playing games with current->comm like this is obviously wrong, and it's
pretty shocking that this ever got committed.
Fortunately, since this was committed, somebody did actually disable
the userspace side by default in X11:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/180 and
this was three years ago. So userspace is mostly fine now for ordinary
default usage. And people who opt into this -- since it does actually
work fine for many use cases on i915 -- ostensibly know what they're
getting themselves into (my case).
So let's just revert this `comm[0] == 'X'` business entirely, but still
allow for `value == 2`, in case anybody actually started working on that
part elsewhere.
Fixes: 26b1d3b527e7 ("drm/atomic: Take the atomic toys away from X")
Cc: Daniel Vetter
Cc: Peter Zijlstra
Cc: Ilia Mirkin
Cc: Maarten Lankhorst
Cc: Nicholas Kazlauskas
Cc: Christian Brauner
Cc: Michel Dänzer
Cc: Alex Deucher
Cc: Adam Jackson
Cc: Greg Kroah-Hartman
Cc: Sean Paul
Cc: David Airlie
Cc: Rob Clark
Cc: Sultan Alsawaf
Signed-off-by: Jason A. Donenfeld
---
drivers/gpu/drm/drm_ioctl.c | 5 -
1 file changed, 5 deletions(-)
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index ca2a6e6101dc..017f31e67179 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -336,11 +336,6 @@ drm_setclientcap(struct drm_device *dev, void *data,
struct drm_file *file_priv)
case DRM_CLIENT_CAP_ATOMIC:
if (!drm_core_check_feature(dev, DRIVER_ATOMIC))
return -EOPNOTSUPP;
- /* The modesetting DDX has a totally broken idea of atomic. */
- if (current->comm[0] == 'X' && req->value == 1) {
- pr_info("broken atomic modeset userspace detected,
disabling atomic\n");
- return -EOPNOTSUPP;
- }
if (req->value > 2)
return -EINVAL;
file_priv->atomic = req->value;
--
2.38.1
Re: [PATCH v4a 00/38] timers: Use timer_shutdown*() before freeing timers
On Sat, Nov 05, 2022 at 12:36:42PM -0400, Steven Rostedt wrote: > --8< > @@ > identifier ptr, timer, rfield, slab; > @@ > ( > - del_timer(&ptr->timer); > + timer_shutdown(&ptr->timer); > | > - del_timer_sync(&ptr->timer); > + timer_shutdown_sync(&ptr->timer); > ) > ... > ( > kfree_rcu(ptr, rfield); > | > kmem_cache_free(slab, ptr); > | > kfree(ptr); > ) > -->8 Something that might help here is changing the `...` into `... when exists` or into `... when != ptr` or similar. See this section of the manual: https://coccinelle.gitlabpages.inria.fr/website/docs/main_grammar004.html Jason
Re: [PATCH] video: fbdev: sis: use explicitly signed char
On Mon, Oct 24, 2022 at 8:29 PM Helge Deller wrote: > > On 10/24/22 18:29, Jason A. Donenfeld wrote: > > With char becoming unsigned by default, and with `char` alone being > > ambiguous and based on architecture, signed chars need to be marked > > explicitly as such. This fixes warnings like: > > > > drivers/video/fbdev/sis/init301.c:3549 SiS_GetCRT2Data301() warn: > > 'SiS_Pr->SiS_EModeIDTable[ModeIdIndex]->ROMMODEIDX661' is unsigned > > > > Cc: Thomas Winischhofer > > Cc: Greg Kroah-Hartman > > Cc: Helge Deller > > Cc: linux-...@vger.kernel.org > > Cc: linux-fb...@vger.kernel.org > > Cc: dri-devel@lists.freedesktop.org > > Signed-off-by: Jason A. Donenfeld > > Applied to linux-fbdev git tree. For 6.1 as a fix, right? Since this is already broken on, e.g., ARM. Jason
[PATCH] video: fbdev: sis: use explicitly signed char
With char becoming unsigned by default, and with `char` alone being
ambiguous and based on architecture, signed chars need to be marked
explicitly as such. This fixes warnings like:
drivers/video/fbdev/sis/init301.c:3549 SiS_GetCRT2Data301() warn:
'SiS_Pr->SiS_EModeIDTable[ModeIdIndex]->ROMMODEIDX661' is unsigned
Cc: Thomas Winischhofer
Cc: Greg Kroah-Hartman
Cc: Helge Deller
Cc: linux-...@vger.kernel.org
Cc: linux-fb...@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Jason A. Donenfeld
---
drivers/usb/misc/sisusbvga/sisusb_struct.h | 2 +-
drivers/video/fbdev/sis/vstruct.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/misc/sisusbvga/sisusb_struct.h
b/drivers/usb/misc/sisusbvga/sisusb_struct.h
index 3df64d2a9d43..a86032a26d36 100644
--- a/drivers/usb/misc/sisusbvga/sisusb_struct.h
+++ b/drivers/usb/misc/sisusbvga/sisusb_struct.h
@@ -91,7 +91,7 @@ struct SiS_Ext {
unsigned char VB_ExtTVYFilterIndex;
unsigned char VB_ExtTVYFilterIndexROM661;
unsigned char REFindex;
- char ROMMODEIDX661;
+ signed char ROMMODEIDX661;
};
struct SiS_Ext2 {
diff --git a/drivers/video/fbdev/sis/vstruct.h
b/drivers/video/fbdev/sis/vstruct.h
index ea94d214dcff..d7a14e63ba5a 100644
--- a/drivers/video/fbdev/sis/vstruct.h
+++ b/drivers/video/fbdev/sis/vstruct.h
@@ -148,7 +148,7 @@ struct SiS_Ext {
unsigned char VB_ExtTVYFilterIndex;
unsigned char VB_ExtTVYFilterIndexROM661;
unsigned char REFindex;
- char ROMMODEIDX661;
+ signed charROMMODEIDX661;
};
struct SiS_Ext2 {
--
2.38.1
Re: [PATCH v6 3/7] treewide: use get_random_{u8,u16}() when possible, part 1
On Tue, Oct 11, 2022 at 01:18:40AM +, Elliott, Robert (Servers) wrote: > > > diff --git a/crypto/testmgr.c b/crypto/testmgr.c > ... > > @@ -944,7 +944,7 @@ static void generate_random_bytes(u8 *buf, size_t count) > > default: > > /* Fully random bytes */ > > for (i = 0; i < count; i++) > > - buf[i] = (u8)prandom_u32(); > > + buf[i] = get_random_u8(); > > Should that whole for loop be replaced with this? > get_random_bytes(buf, count); Wow, that's kind of grotesque. Yea, it certainly should. But that's beyond the scope of this patchset. I'll send a follow-up patch just for this case to Herbert after this cleanup lands, though. Jason
[PATCH v6 7/7] prandom: remove unused functions
With no callers left of prandom_u32() and prandom_bytes(), as well as
get_random_int(), remove these deprecated wrappers, in favor of
get_random_u32() and get_random_bytes().
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
Reviewed-by: Yury Norov
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 11 +--
include/linux/prandom.h | 12
include/linux/random.h | 5 -
3 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 01acf235f263..2fe28eeb2f38 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -97,7 +97,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit
suppression");
* Returns whether or not the input pool has been seeded and thus guaranteed
* to supply cryptographically secure random numbers. This applies to: the
* /dev/urandom device, the get_random_bytes function, and the get_random_{u8,
- * u16,u32,u64,int,long} family of functions.
+ * u16,u32,u64,long} family of functions.
*
* Returns: true if the input pool has been seeded.
* false if the input pool has not been seeded.
@@ -161,15 +161,14 @@ EXPORT_SYMBOL(wait_for_random_bytes);
* u16 get_random_u16()
* u32 get_random_u32()
* u64 get_random_u64()
- * unsigned int get_random_int()
* unsigned long get_random_long()
*
* These interfaces will return the requested number of random bytes
* into the given buffer or as a return value. This is equivalent to
- * a read from /dev/urandom. The u8, u16, u32, u64, int, and long
- * family of functions may be higher performance for one-off random
- * integers, because they do a bit of buffering and do not invoke
- * reseeding until the buffer is emptied.
+ * a read from /dev/urandom. The u8, u16, u32, u64, long family of
+ * functions may be higher performance for one-off random integers,
+ * because they do a bit of buffering and do not invoke reseeding
+ * until the buffer is emptied.
*
*/
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index 78db003bc290..e0a0759dd09c 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -12,18 +12,6 @@
#include
#include
-/* Deprecated: use get_random_u32 instead. */
-static inline u32 prandom_u32(void)
-{
- return get_random_u32();
-}
-
-/* Deprecated: use get_random_bytes instead. */
-static inline void prandom_bytes(void *buf, size_t nbytes)
-{
- return get_random_bytes(buf, nbytes);
-}
-
struct rnd_state {
__u32 s1, s2, s3, s4;
};
diff --git a/include/linux/random.h b/include/linux/random.h
index 08322f700cdc..147a5e0d0b8e 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -42,10 +42,6 @@ u8 get_random_u8(void);
u16 get_random_u16(void);
u32 get_random_u32(void);
u64 get_random_u64(void);
-static inline unsigned int get_random_int(void)
-{
- return get_random_u32();
-}
static inline unsigned long get_random_long(void)
{
#if BITS_PER_LONG == 64
@@ -100,7 +96,6 @@ declare_get_random_var_wait(u8, u8)
declare_get_random_var_wait(u16, u16)
declare_get_random_var_wait(u32, u32)
declare_get_random_var_wait(u64, u32)
-declare_get_random_var_wait(int, unsigned int)
declare_get_random_var_wait(long, unsigned long)
#undef declare_get_random_var
--
2.37.3
[PATCH v6 6/7] treewide: use get_random_bytes() when possible
The prandom_bytes() function has been a deprecated inline wrapper around
get_random_bytes() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function. This was done as a basic find and replace.
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
Reviewed-by: Yury Norov
Reviewed-by: Christophe Leroy # powerpc
Signed-off-by: Jason A. Donenfeld
---
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
drivers/dma/dmatest.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/mtd/tests/mtd_nandecctest.c | 2 +-
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 12 ++--
fs/ubifs/debug.c| 2 +-
kernel/kcsan/selftest.c | 2 +-
lib/random32.c | 2 +-
lib/test_objagg.c | 2 +-
lib/uuid.c | 2 +-
net/ipv4/route.c| 2 +-
net/mac80211/rc80211_minstrel_ht.c | 2 +-
net/sched/sch_pie.c | 2 +-
19 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
b/arch/powerpc/crypto/crc-vpmsum_test.c
index c1c1ef9457fb..273c527868db 100644
--- a/arch/powerpc/crypto/crc-vpmsum_test.c
+++ b/arch/powerpc/crypto/crc-vpmsum_test.c
@@ -82,7 +82,7 @@ static int __init crc_test_init(void)
if (len <= offset)
continue;
- prandom_bytes(data, len);
+ get_random_bytes(data, len);
len -= offset;
crypto_shash_update(crct10dif_shash, data+offset, len);
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 621abd1b0e4d..ad9844c5b40c 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
if (blk_crypto_fallback_inited)
return 0;
- prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
+ get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
err = bioset_init(&crypto_bio_split, 64, 0, 0);
if (err)
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c9d218e53bcb..f74505f2baf0 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -37,7 +37,7 @@ static void makedata(int disks)
int i;
for (i = 0; i < disks; i++) {
- prandom_bytes(page_address(data[i]), PAGE_SIZE);
+ get_random_bytes(page_address(data[i]), PAGE_SIZE);
dataptrs[i] = data[i];
dataoffs[i] = 0;
}
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index 9fe2ae794316..ffe621695e47 100644
--- a/drivers/dma/dmatest.c
+++ b/drivers/dma/dmatest.c
@@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
{
unsigned long buf;
- prandom_bytes(&buf, sizeof(buf));
+ get_random_bytes(&buf, sizeof(buf));
return buf;
}
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index d211939c8bdd..672719023241 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
unsigned int page_no = ns->regs.row;
if (ns_read_error(page_no)) {
- prandom_bytes(ns->buf.byte, num);
+ get_random_bytes(ns->buf.byte, num);
NS_WARN("simulating read error in page %u\n", page_no);
return 1;
}
diff --git a/drivers/mtd/tests/mtd_nandecctest.c
b/drivers/mtd/tests/mtd_nandecctest.c
index 1c7201b0f372..440988562cfd 100644
--- a/drivers/mtd/tests/mtd_nandecctest.c
+++ b/drivers/mtd/tests/mtd_nandecctest.c
@@ -266,7 +266,7 @@ static int nand_ecc_test_run(const size_t size)
goto error;
}
- prandom_bytes(correct_data, size);
+ get_random_bytes(correct_data, size);
ecc_sw_hamming_calculate(correct_data, size, correct_ecc, sm_order);
for (i = 0; i < ARRAY_SIZE(nand_ecc_test); i++) {
nand_ecc_test[i].prepare(error_data, error_ecc,
diff --git a/drivers/mtd/tests/speedtest.c b/drivers/mtd/tests/speedtest.c
index c9ec7086bfa1..075bce32caa5 100644
--- a/drivers/mtd/tests/speedtest.c
+++ b/drivers/mtd/tests/speedtest.c
@@ -223,7 +223,7 @@ static int __init mtd_speedtest_init(void)
if (!iobuf)
goto out;
-
[PATCH v6 5/7] treewide: use get_random_u32() when possible
The prandom_u32() function has been a deprecated inline wrapper around get_random_u32() for several releases now, and compiles down to the exact same code. Replace the deprecated wrapper with a direct call to the real function. The same also applies to get_random_int(), which is just a wrapper around get_random_u32(). This was done as a basic find and replace. Reviewed-by: Greg Kroah-Hartman Reviewed-by: Kees Cook Reviewed-by: Yury Norov Acked-by: Toke Høiland-Jørgensen # for sch_cake Acked-by: Chuck Lever # for nfsd Reviewed-by: Jan Kara # for ext4 Acked-by: Mika Westerberg # for thunderbolt Acked-by: Darrick J. Wong # for xfs Signed-off-by: Jason A. Donenfeld --- Documentation/networking/filter.rst| 2 +- arch/parisc/kernel/process.c | 2 +- arch/parisc/kernel/sys_parisc.c| 4 ++-- arch/s390/mm/mmap.c| 2 +- arch/x86/kernel/cpu/amd.c | 2 +- drivers/gpu/drm/i915/i915_gem_gtt.c| 6 +++--- drivers/gpu/drm/i915/selftests/i915_selftest.c | 2 +- drivers/gpu/drm/tests/drm_buddy_test.c | 2 +- drivers/gpu/drm/tests/drm_mm_test.c| 2 +- drivers/infiniband/hw/cxgb4/cm.c | 4 ++-- drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c| 2 +- drivers/md/raid5-cache.c | 2 +- .../media/test-drivers/vivid/vivid-touch-cap.c | 4 ++-- drivers/misc/habanalabs/gaudi2/gaudi2.c| 2 +- drivers/net/bonding/bond_main.c| 2 +- drivers/net/ethernet/broadcom/cnic.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- drivers/net/ethernet/rocker/rocker_main.c | 6 +++--- .../wireless/broadcom/brcm80211/brcmfmac/pno.c | 2 +- .../net/wireless/marvell/mwifiex/cfg80211.c| 4 ++-- .../net/wireless/microchip/wilc1000/cfg80211.c | 2 +- .../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +- drivers/net/wireless/ti/wlcore/main.c | 2 +- drivers/nvme/common/auth.c | 2 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++-- drivers/target/iscsi/cxgbit/cxgbit_cm.c| 2 +- drivers/thunderbolt/xdomain.c | 2 +- drivers/video/fbdev/uvesafb.c | 2 +- fs/exfat/inode.c | 2 +- fs/ext4/ialloc.c | 2 +- fs/ext4/ioctl.c| 4 ++-- fs/ext4/mmp.c | 2 +- fs/f2fs/namei.c| 2 +- fs/fat/inode.c | 2 +- fs/nfsd/nfs4state.c| 4 ++-- fs/ntfs3/fslog.c | 6 +++--- fs/ubifs/journal.c | 2 +- fs/xfs/libxfs/xfs_ialloc.c | 2 +- fs/xfs/xfs_icache.c| 2 +- fs/xfs/xfs_log.c | 2 +- include/net/netfilter/nf_queue.h | 2 +- include/net/red.h | 2 +- include/net/sock.h | 2 +- kernel/bpf/bloom_filter.c | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/verifier.c | 2 +- kernel/kcsan/selftest.c| 2 +- lib/random32.c | 2 +- lib/reed_solomon/test_rslib.c | 6 +++--- lib/test_fprobe.c | 2 +- lib/test_kprobes.c | 2 +- lib/test_min_heap.c| 6 +++--- lib/test_rhashtable.c | 6 +++--- mm/shmem.c | 2 +- mm/slab.c | 2 +- net/core/pktgen.c | 4 ++-- net/ipv4/route.c | 2 +- net/ipv4/tcp_cdg.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/ip6_flowlabel.c | 2 +- net/ipv6/output_core.c | 2 +- net/netfilter/ipvs/ip_vs_conn.c| 2 +- net/netfilter/xt_statistic.c | 2 +- net/openvswitch/actions.c | 2 +- net/sched/sch_cake.c | 2 +- net/sched/sch_netem.c | 18 +- net/sunrpc/auth_gss/gss_krb5_wrap.c| 4 ++-- net/sunrpc/xprt.c | 2 +- net/unix/af_unix.c | 2 +- 72 files changed, 101 insertions(+), 101 deletions(-) diff --git a/Documentation/networking/filter.rst b/Documentation/networking/filter.rst index 43cdc4d34745..f69da5074860 100644 --- a/Documentation/networking
[PATCH v6 4/7] treewide: use get_random_{u8, u16}() when possible, part 2
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value. This was done by hand,
identifying all of the places where one of the random integer functions
was used in a non-32-bit context.
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
Reviewed-by: Yury Norov
Signed-off-by: Jason A. Donenfeld
---
arch/s390/kernel/process.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
lib/test_vmalloc.c | 2 +-
net/rds/bind.c | 2 +-
net/sched/sch_sfb.c| 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 5ec78555dd2e..42af4b3aa02b 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -230,7 +230,7 @@ unsigned long arch_align_stack(unsigned long sp)
static inline unsigned long brk_rnd(void)
{
- return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
+ return (get_random_u16() & BRK_RND_MASK) << PAGE_SHIFT;
}
unsigned long arch_randomize_brk(struct mm_struct *mm)
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index 50bcf745e816..d211939c8bdd 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1402,7 +1402,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
static void ns_do_bit_flips(struct nandsim *ns, int num)
{
- if (bitflips && prandom_u32() < (1 << 22)) {
+ if (bitflips && get_random_u16() < (1 << 6)) {
int flips = 1;
if (bitflips > 1)
flips = prandom_u32_max(bitflips) + 1;
diff --git a/lib/test_vmalloc.c b/lib/test_vmalloc.c
index a26bbbf20e62..cf7780572f5b 100644
--- a/lib/test_vmalloc.c
+++ b/lib/test_vmalloc.c
@@ -80,7 +80,7 @@ static int random_size_align_alloc_test(void)
int i;
for (i = 0; i < test_loop_count; i++) {
- rnd = prandom_u32();
+ rnd = get_random_u8();
/*
* Maximum 1024 pages, if PAGE_SIZE is 4096.
diff --git a/net/rds/bind.c b/net/rds/bind.c
index 5b5fb4ca8d3e..97a29172a8ee 100644
--- a/net/rds/bind.c
+++ b/net/rds/bind.c
@@ -104,7 +104,7 @@ static int rds_add_bound(struct rds_sock *rs, const struct
in6_addr *addr,
return -EINVAL;
last = rover;
} else {
- rover = max_t(u16, prandom_u32(), 2);
+ rover = max_t(u16, get_random_u16(), 2);
last = rover - 1;
}
diff --git a/net/sched/sch_sfb.c b/net/sched/sch_sfb.c
index e2389fa3cff8..0366a1a029a9 100644
--- a/net/sched/sch_sfb.c
+++ b/net/sched/sch_sfb.c
@@ -379,7 +379,7 @@ static int sfb_enqueue(struct sk_buff *skb, struct Qdisc
*sch,
goto enqueue;
}
- r = prandom_u32() & SFB_MAX_PROB;
+ r = get_random_u16() & SFB_MAX_PROB;
if (unlikely(r < p_min)) {
if (unlikely(p_min > SFB_MAX_PROB / 2)) {
--
2.37.3
[PATCH v6 3/7] treewide: use get_random_{u8, u16}() when possible, part 1
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value. This was done
mechanically with this coccinelle script:
@@
expression E;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u16;
typedef __be16;
typedef __le16;
typedef u8;
@@
(
- (get_random_u32() & 0x)
+ get_random_u16()
|
- (get_random_u32() & 0xff)
+ get_random_u8()
|
- (get_random_u32() % 65536)
+ get_random_u16()
|
- (get_random_u32() % 256)
+ get_random_u8()
|
- (get_random_u32() >> 16)
+ get_random_u16()
|
- (get_random_u32() >> 24)
+ get_random_u8()
|
- (u16)get_random_u32()
+ get_random_u16()
|
- (u8)get_random_u32()
+ get_random_u8()
|
- (__be16)get_random_u32()
+ (__be16)get_random_u16()
|
- (__le16)get_random_u32()
+ (__le16)get_random_u16()
|
- prandom_u32_max(65536)
+ get_random_u16()
|
- prandom_u32_max(256)
+ get_random_u8()
|
- E->inet_id = get_random_u32()
+ E->inet_id = get_random_u16()
)
@@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u16;
identifier v;
@@
- u16 v = get_random_u32();
+ u16 v = get_random_u16();
@@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u8;
identifier v;
@@
- u8 v = get_random_u32();
+ u8 v = get_random_u8();
@@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u16;
u16 v;
@@
- v = get_random_u32();
+ v = get_random_u16();
@@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u8;
u8 v;
@@
- v = get_random_u32();
+ v = get_random_u8();
// Find a potential literal
@literal_mask@
expression LITERAL;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
position p;
@@
((T)get_random_u32()@p & (LITERAL))
// Examine limits
@script:python add_one@
literal << literal_mask.LITERAL;
RESULT;
@@
value = None
if literal.startswith('0x'):
value = int(literal, 16)
elif literal[0] in '123456789':
value = int(literal, 10)
if value is None:
print("I don't know how to handle %s" % (literal))
cocci.include_match(False)
elif value < 256:
coccinelle.RESULT = cocci.make_ident("get_random_u8")
elif value < 65536:
coccinelle.RESULT = cocci.make_ident("get_random_u16")
else:
print("Skipping large mask of %s" % (literal))
cocci.include_match(False)
// Replace the literal mask with the calculated result.
@plus_one@
expression literal_mask.LITERAL;
position literal_mask.p;
identifier add_one.RESULT;
identifier FUNC;
@@
- (FUNC()@p & (LITERAL))
+ (RESULT() & LITERAL)
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
Reviewed-by: Yury Norov
Acked-by: Toke Høiland-Jørgensen # for sch_cake
Signed-off-by: Jason A. Donenfeld
---
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
crypto/testmgr.c | 8
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/test-drivers/vivid/vivid-radio-rx.c | 4 ++--
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/wireguard/selftest/allowedips.c | 4 ++--
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +++---
lib/cmdline_kunit.c | 4 ++--
net/dccp/ipv4.c | 4 ++--
net/ipv4/datagram.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 ++--
net/mac80211/scan.c | 2 +-
net/netfilter/nf_nat_core.c | 4 ++--
net/sched/sch_cake.c | 6 +++---
net/sctp/socket.c | 2 +-
21 files changed, 34 insertions(+), 34 deletions(-)
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index ea128e32e8ca..e07f359254c3 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -655,7 +655,7 @@ struct page *get_signal_page(void)
PAGE_SIZE / sizeof(u32));
/* Give the signal return code some randomness */
- offset = 0x200 + (get_random_int() & 0x7fc);
+ offset = 0x200 + (get_random_u16() & 0x7fc);
signal_return_offset = offs
[PATCH v6 2/7] treewide: use prandom_u32_max() when possible, part 2
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions. This was
done by hand, covering things that coccinelle could not do on its own.
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
Reviewed-by: Yury Norov
Reviewed-by: Jan Kara # for ext2, ext4, and sbitmap
Signed-off-by: Jason A. Donenfeld
---
fs/ext2/ialloc.c | 3 +--
fs/ext4/ialloc.c | 5 ++---
lib/sbitmap.c | 2 +-
lib/test_vmalloc.c | 17 -
4 files changed, 8 insertions(+), 19 deletions(-)
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c
index 998dd2ac8008..f4944c4dee60 100644
--- a/fs/ext2/ialloc.c
+++ b/fs/ext2/ialloc.c
@@ -277,8 +277,7 @@ static int find_group_orlov(struct super_block *sb, struct
inode *parent)
int best_ndir = inodes_per_group;
int best_group = -1;
- group = prandom_u32();
- parent_group = (unsigned)group % ngroups;
+ parent_group = prandom_u32_max(ngroups);
for (i = 0; i < ngroups; i++) {
group = (parent_group + i) % ngroups;
desc = ext2_get_group_desc (sb, group, NULL);
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 208b87ce8858..7575aa359675 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -463,10 +463,9 @@ static int find_group_orlov(struct super_block *sb, struct
inode *parent,
hinfo.hash_version = DX_HASH_HALF_MD4;
hinfo.seed = sbi->s_hash_seed;
ext4fs_dirhash(parent, qstr->name, qstr->len, &hinfo);
- grp = hinfo.hash;
+ parent_group = hinfo.hash % ngroups;
} else
- grp = prandom_u32();
- parent_group = (unsigned)grp % ngroups;
+ parent_group = prandom_u32_max(ngroups);
for (i = 0; i < ngroups; i++) {
g = (parent_group + i) % ngroups;
get_orlov_stats(sb, g, flex_size, &stats);
diff --git a/lib/sbitmap.c b/lib/sbitmap.c
index 055dac069afb..7280ae8ca88c 100644
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -21,7 +21,7 @@ static int init_alloc_hint(struct sbitmap *sb, gfp_t flags)
int i;
for_each_possible_cpu(i)
- *per_cpu_ptr(sb->alloc_hint, i) = prandom_u32() % depth;
+ *per_cpu_ptr(sb->alloc_hint, i) =
prandom_u32_max(depth);
}
return 0;
}
diff --git a/lib/test_vmalloc.c b/lib/test_vmalloc.c
index 4f2f2d1bac56..a26bbbf20e62 100644
--- a/lib/test_vmalloc.c
+++ b/lib/test_vmalloc.c
@@ -151,9 +151,7 @@ static int random_size_alloc_test(void)
int i;
for (i = 0; i < test_loop_count; i++) {
- n = prandom_u32();
- n = (n % 100) + 1;
-
+ n = prandom_u32_max(100) + 1;
p = vmalloc(n * PAGE_SIZE);
if (!p)
@@ -293,16 +291,12 @@ pcpu_alloc_test(void)
return -1;
for (i = 0; i < 35000; i++) {
- unsigned int r;
-
- r = prandom_u32();
- size = (r % (PAGE_SIZE / 4)) + 1;
+ size = prandom_u32_max(PAGE_SIZE / 4) + 1;
/*
* Maximum PAGE_SIZE
*/
- r = prandom_u32();
- align = 1 << ((r % 11) + 1);
+ align = 1 << (prandom_u32_max(11) + 1);
pcpu[i] = __alloc_percpu(size, align);
if (!pcpu[i])
@@ -393,14 +387,11 @@ static struct test_driver {
static void shuffle_array(int *arr, int n)
{
- unsigned int rnd;
int i, j;
for (i = n - 1; i > 0; i--) {
- rnd = prandom_u32();
-
/* Cut the range. */
- j = rnd % i;
+ j = prandom_u32_max(i);
/* Swap indexes. */
swap(arr[i], arr[j]);
--
2.37.3
[PATCH v6 1/7] treewide: use prandom_u32_max() when possible, part 1
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions. This was
done mechanically with this coccinelle script:
@basic@
expression E;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u64;
@@
(
- ((T)get_random_u32() % (E))
+ prandom_u32_max(E)
|
- ((T)get_random_u32() & ((E) - 1))
+ prandom_u32_max(E * XXX_MAKE_SURE_E_IS_POW2)
|
- ((u64)(E) * get_random_u32() >> 32)
+ prandom_u32_max(E)
|
- ((T)get_random_u32() & ~PAGE_MASK)
+ prandom_u32_max(PAGE_SIZE)
)
@multi_line@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
identifier RAND;
expression E;
@@
- RAND = get_random_u32();
... when != RAND
- RAND %= (E);
+ RAND = prandom_u32_max(E);
// Find a potential literal
@literal_mask@
expression LITERAL;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
position p;
@@
((T)get_random_u32()@p & (LITERAL))
// Add one to the literal.
@script:python add_one@
literal << literal_mask.LITERAL;
RESULT;
@@
value = None
if literal.startswith('0x'):
value = int(literal, 16)
elif literal[0] in '123456789':
value = int(literal, 10)
if value is None:
print("I don't know how to handle %s" % (literal))
cocci.include_match(False)
elif value == 2**32 - 1 or value == 2**31 - 1 or value == 2**24 - 1 or value ==
2**16 - 1 or value == 2**8 - 1:
print("Skipping 0x%x for cleanup elsewhere" % (value))
cocci.include_match(False)
elif value & (value + 1) != 0:
print("Skipping 0x%x because it's not a power of two minus one" %
(value))
cocci.include_match(False)
elif literal.startswith('0x'):
coccinelle.RESULT = cocci.make_expr("0x%x" % (value + 1))
else:
coccinelle.RESULT = cocci.make_expr("%d" % (value + 1))
// Replace the literal mask with the calculated result.
@plus_one@
expression literal_mask.LITERAL;
position literal_mask.p;
expression add_one.RESULT;
identifier FUNC;
@@
- (FUNC()@p & (LITERAL))
+ prandom_u32_max(RESULT)
@collapse_ret@
type T;
identifier VAR;
expression E;
@@
{
- T VAR;
- VAR = (E);
- return VAR;
+ return E;
}
@drop_var@
type T;
identifier VAR;
@@
{
- T VAR;
... when != VAR
}
Reviewed-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
Reviewed-by: Yury Norov
Reviewed-by: KP Singh
Reviewed-by: Jan Kara # for ext4 and sbitmap
Reviewed-by: Christoph Böhmwalder # for drbd
Acked-by: Ulf Hansson # for mmc
Acked-by: Darrick J. Wong # for xfs
Signed-off-by: Jason A. Donenfeld
---
arch/arm/kernel/process.c | 2 +-
arch/arm64/kernel/process.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c| 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/vdso.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
arch/s390/kernel/process.c| 2 +-
arch/s390/kernel/vdso.c | 2 +-
arch/sparc/vdso/vma.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
crypto/testmgr.c | 86 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
.../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/md/bcache/request.c | 2 +-
.../test-drivers/vivid/vivid-touch-cap.c | 2 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 4 +-
drivers/mtd/tests/mtd_nandecctest.c | 10 +--
drivers/mtd/tests/stresstest.c| 17 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/ethernet/broadcom/cnic.c | 3 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c
[PATCH v6 0/7] treewide cleanup of random integer usage
org
Cc: linux-...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: linuxppc-...@lists.ozlabs.org
Cc: loonga...@lists.linux.dev
Cc: net...@vger.kernel.org
Cc: sparcli...@vger.kernel.org
Cc: x...@kernel.org
Jason A. Donenfeld (7):
treewide: use prandom_u32_max() when possible, part 1
treewide: use prandom_u32_max() when possible, part 2
treewide: use get_random_{u8,u16}() when possible, part 1
treewide: use get_random_{u8,u16}() when possible, part 2
treewide: use get_random_u32() when possible
treewide: use get_random_bytes() when possible
prandom: remove unused functions
Documentation/networking/filter.rst | 2 +-
arch/arm/kernel/process.c | 2 +-
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/process.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c| 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/process.c | 2 +-
arch/parisc/kernel/sys_parisc.c | 4 +-
arch/parisc/kernel/vdso.c | 2 +-
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
arch/s390/kernel/process.c| 4 +-
arch/s390/kernel/vdso.c | 2 +-
arch/s390/mm/mmap.c | 2 +-
arch/sparc/vdso/vma.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/cpu/amd.c | 2 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
crypto/testmgr.c | 94 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
drivers/char/random.c | 11 +--
drivers/dma/dmatest.c | 2 +-
.../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +-
drivers/gpu/drm/i915/i915_gem_gtt.c | 6 +-
.../gpu/drm/i915/selftests/i915_selftest.c| 2 +-
drivers/gpu/drm/tests/drm_buddy_test.c| 2 +-
drivers/gpu/drm/tests/drm_mm_test.c | 2 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/cm.c | 4 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/hw/mlx4/mad.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/md/bcache/request.c | 2 +-
drivers/md/raid5-cache.c | 2 +-
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
.../media/test-drivers/vivid/vivid-radio-rx.c | 4 +-
.../test-drivers/vivid/vivid-touch-cap.c | 6 +-
drivers/misc/habanalabs/gaudi2/gaudi2.c | 2 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 8 +-
drivers/mtd/tests/mtd_nandecctest.c | 12 +--
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c| 19 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/broadcom/cnic.c | 5 +-
.../chelsio/inline_crypto/chtls/chtls_cm.c| 4 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/ethernet/rocker/rocker_main.c | 8 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 16 ++--
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../broadcom/brcm80211/brcmfmac/pno.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
.../net/wireless/marvell/mwifiex/cfg80211.c | 4 +-
.../wireless/microchip/wilc1000/cfg80211.c| 2 +-
.../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +-
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/net/wireless/ti/wlcore/main.c | 2 +-
drivers/nvme/common/auth.c| 2 +-
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c| 4 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 4 +-
drivers/scsi/lpfc/lpfc_hbadis
Re: [PATCH v5 0/7] treewide cleanup of random integer usage
On Sat, Oct 08, 2022 at 08:41:14PM -0700, Kees Cook wrote: > On Fri, Oct 07, 2022 at 11:53:52PM -0600, Jason A. Donenfeld wrote: > > This is a five part treewide cleanup of random integer handling. The > > rules for random integers are: > > Reviewing the delta between of my .cocci rules and your v5, everything > matches, except for get_random_int() conversions for files not in > your tree: > [...] > So, I guess I mean to say that "prandom: remove unused functions" is > going to cause some pain. :) Perhaps don't push that to -next, and do a > final pass next merge window to catch any new stuff, and then send those > updates and the removal before -rc1 closes? Ooof. Actually I think what I'll do is include a suggested diff for the merge commit that fixes up the remaining two thankfully trivial cases. Jason
Re: [PATCH v3 3/5] treewide: use get_random_u32() when possible
On Sat, Oct 08, 2022 at 09:53:33PM +, David Laight wrote:
> From: Jason A. Donenfeld
> > Sent: 07 October 2022 18:56
> ...
> > > Given these kinds of less mechanical changes, it may make sense to split
> > > these from the "trivial" conversions in a treewide patch. The chance of
> > > needing a revert from the simple 1:1 conversions is much lower than the
> > > need to revert by-hand changes.
> > >
> > > The Cocci script I suggested in my v1 review gets 80% of the first
> > > patch, for example.
> >
> > I'll split things up into a mechanical step and a non-mechanical step.
> > Good idea.
>
> I'd also do something about the 'get_random_int() & 3' cases.
> (ie remainder by 2^n-1)
> These can be converted to 'get_random_u8() & 3' (etc).
> So they only need one random byte (not 4) and no multiply.
>
> Possibly something based on (the quickly typed, and not C):
> #define get_random_below(val) [
> if (builtin_constant(val))
> BUILD_BUG_ON(!val || val > 0x1ull)
> if (!(val & (val - 1)) {
> if (val <= 0x100)
> return get_random_u8() & (val - 1);
> if (val <= 0x1)
> return get_random_u16() & (val - 1);
> return get_random_u32() & (val - 1);
> }
> }
> BUILD_BUG_ON(sizeof (val) > 4);
> return ((u64)get_random_u32() * val) >> 32;
This is already how the prandom_u32_max() implementation works, as
suggested in the cover letter. The multiplication by constants in it
reduces to bit shifts and you already get all the manual masking
possible.
> get_random_below() is a much better name than prandom_u32_max().
Yes, but that name is reserved for when I succeed at making a function
that bounds with a uniform distribution. prandom_u32_max()'s
distribution is non-uniform since it doesn't do rejection sampling. Work
in progress is on
https://git.zx2c4.com/linux-rng/commit/?h=jd/get_random_u32_below .
But out of common respect for this already huge thread with a massive
CC list, if you want to bikeshed my WIP stuff, please start a new thread
for that and not bog this one down. IOW, no need to reply here directly.
That'd annoy me.
Jason
Re: [PATCH v4 4/6] treewide: use get_random_u32() when possible
On Sat, Oct 8, 2022 at 4:37 PM Jason A. Donenfeld wrote:
>
> On Sat, Oct 08, 2022 at 10:18:45PM +, David Laight wrote:
> > From: Jason A. Donenfeld
> > > Sent: 07 October 2022 19:01
> > >
> > > The prandom_u32() function has been a deprecated inline wrapper around
> > > get_random_u32() for several releases now, and compiles down to the
> > > exact same code. Replace the deprecated wrapper with a direct call to
> > > the real function. The same also applies to get_random_int(), which is
> > > just a wrapper around get_random_u32().
> > >
> > ...
> > > diff --git a/net/802/garp.c b/net/802/garp.c
> > > index f6012f8e59f0..c1bb67e25430 100644
> > > --- a/net/802/garp.c
> > > +++ b/net/802/garp.c
> > > @@ -407,7 +407,7 @@ static void garp_join_timer_arm(struct garp_applicant
> > > *app)
> > > {
> > > unsigned long delay;
> > >
> > > - delay = (u64)msecs_to_jiffies(garp_join_time) * prandom_u32() >> 32;
> > > + delay = (u64)msecs_to_jiffies(garp_join_time) * get_random_u32() >>
> > > 32;
> > > mod_timer(&app->join_timer, jiffies + delay);
> > > }
> > >
> > > diff --git a/net/802/mrp.c b/net/802/mrp.c
> > > index 35e04cc5390c..3e9fe9f5d9bf 100644
> > > --- a/net/802/mrp.c
> > > +++ b/net/802/mrp.c
> > > @@ -592,7 +592,7 @@ static void mrp_join_timer_arm(struct mrp_applicant
> > > *app)
> > > {
> > > unsigned long delay;
> > >
> > > - delay = (u64)msecs_to_jiffies(mrp_join_time) * prandom_u32() >> 32;
> > > + delay = (u64)msecs_to_jiffies(mrp_join_time) * get_random_u32() >> 32;
> > > mod_timer(&app->join_timer, jiffies + delay);
> > > }
> > >
> >
> > Aren't those:
> > delay = prandom_u32_max(msecs_to_jiffies(xxx_join_time));
>
> Probably, but too involved and peculiar for this cleanup.
>
> Feel free to send a particular patch to that maintainer.
I guess the cocci patch looks like this, so maybe I'll put that in 1/7
if I respin this.
@@
expression E;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u64;
@@
- ((u64)(E) * get_random_u32() >> 32)
+ prandom_u32_max(E)
Re: [PATCH v4 4/6] treewide: use get_random_u32() when possible
On Sat, Oct 08, 2022 at 10:18:45PM +, David Laight wrote:
> From: Jason A. Donenfeld
> > Sent: 07 October 2022 19:01
> >
> > The prandom_u32() function has been a deprecated inline wrapper around
> > get_random_u32() for several releases now, and compiles down to the
> > exact same code. Replace the deprecated wrapper with a direct call to
> > the real function. The same also applies to get_random_int(), which is
> > just a wrapper around get_random_u32().
> >
> ...
> > diff --git a/net/802/garp.c b/net/802/garp.c
> > index f6012f8e59f0..c1bb67e25430 100644
> > --- a/net/802/garp.c
> > +++ b/net/802/garp.c
> > @@ -407,7 +407,7 @@ static void garp_join_timer_arm(struct garp_applicant
> > *app)
> > {
> > unsigned long delay;
> >
> > - delay = (u64)msecs_to_jiffies(garp_join_time) * prandom_u32() >> 32;
> > + delay = (u64)msecs_to_jiffies(garp_join_time) * get_random_u32() >> 32;
> > mod_timer(&app->join_timer, jiffies + delay);
> > }
> >
> > diff --git a/net/802/mrp.c b/net/802/mrp.c
> > index 35e04cc5390c..3e9fe9f5d9bf 100644
> > --- a/net/802/mrp.c
> > +++ b/net/802/mrp.c
> > @@ -592,7 +592,7 @@ static void mrp_join_timer_arm(struct mrp_applicant
> > *app)
> > {
> > unsigned long delay;
> >
> > - delay = (u64)msecs_to_jiffies(mrp_join_time) * prandom_u32() >> 32;
> > + delay = (u64)msecs_to_jiffies(mrp_join_time) * get_random_u32() >> 32;
> > mod_timer(&app->join_timer, jiffies + delay);
> > }
> >
>
> Aren't those:
> delay = prandom_u32_max(msecs_to_jiffies(xxx_join_time));
Probably, but too involved and peculiar for this cleanup.
Feel free to send a particular patch to that maintainer.
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1
> 1PT, UK
> Registration No: 1397386 (Wales)
Re: [PATCH v4 2/6] treewide: use prandom_u32_max() when possible
On Sat, Oct 08, 2022 at 10:08:03PM +, David Laight wrote: > From: Jason A. Donenfeld > > Sent: 07 October 2022 19:01 > > > > Rather than incurring a division or requesting too many random bytes for > > the given range, use the prandom_u32_max() function, which only takes > > the minimum required bytes from the RNG and avoids divisions. > > > ... > > --- a/lib/cmdline_kunit.c > > +++ b/lib/cmdline_kunit.c > > @@ -76,7 +76,7 @@ static void cmdline_test_lead_int(struct kunit *test) > > int rc = cmdline_test_values[i]; > > int offset; > > > > - sprintf(in, "%u%s", prandom_u32_max(256), str); > > + sprintf(in, "%u%s", get_random_int() % 256, str); > > /* Only first '-' after the number will advance the pointer */ > > offset = strlen(in) - strlen(str) + !!(rc == 2); > > cmdline_do_one_test(test, in, rc, offset); > > @@ -94,7 +94,7 @@ static void cmdline_test_tail_int(struct kunit *test) > > int rc = strcmp(str, "") ? (strcmp(str, "-") ? 0 : 1) : 1; > > int offset; > > > > - sprintf(in, "%s%u", str, prandom_u32_max(256)); > > + sprintf(in, "%s%u", str, get_random_int() % 256); > > /* > > * Only first and leading '-' not followed by integer > > * will advance the pointer. > > Something has gone backwards here > And get_random_u8() looks a better fit. Wrong patch version. > > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 > 1PT, UK > Registration No: 1397386 (Wales)
[PATCH v5 7/7] prandom: remove unused functions
With no callers left of prandom_u32() and prandom_bytes(), as well as
get_random_int(), remove these deprecated wrappers, in favor of
get_random_u32() and get_random_bytes().
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 11 +--
include/linux/prandom.h | 12
include/linux/random.h | 5 -
3 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 01acf235f263..2fe28eeb2f38 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -97,7 +97,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit
suppression");
* Returns whether or not the input pool has been seeded and thus guaranteed
* to supply cryptographically secure random numbers. This applies to: the
* /dev/urandom device, the get_random_bytes function, and the get_random_{u8,
- * u16,u32,u64,int,long} family of functions.
+ * u16,u32,u64,long} family of functions.
*
* Returns: true if the input pool has been seeded.
* false if the input pool has not been seeded.
@@ -161,15 +161,14 @@ EXPORT_SYMBOL(wait_for_random_bytes);
* u16 get_random_u16()
* u32 get_random_u32()
* u64 get_random_u64()
- * unsigned int get_random_int()
* unsigned long get_random_long()
*
* These interfaces will return the requested number of random bytes
* into the given buffer or as a return value. This is equivalent to
- * a read from /dev/urandom. The u8, u16, u32, u64, int, and long
- * family of functions may be higher performance for one-off random
- * integers, because they do a bit of buffering and do not invoke
- * reseeding until the buffer is emptied.
+ * a read from /dev/urandom. The u8, u16, u32, u64, long family of
+ * functions may be higher performance for one-off random integers,
+ * because they do a bit of buffering and do not invoke reseeding
+ * until the buffer is emptied.
*
*/
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index 78db003bc290..e0a0759dd09c 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -12,18 +12,6 @@
#include
#include
-/* Deprecated: use get_random_u32 instead. */
-static inline u32 prandom_u32(void)
-{
- return get_random_u32();
-}
-
-/* Deprecated: use get_random_bytes instead. */
-static inline void prandom_bytes(void *buf, size_t nbytes)
-{
- return get_random_bytes(buf, nbytes);
-}
-
struct rnd_state {
__u32 s1, s2, s3, s4;
};
diff --git a/include/linux/random.h b/include/linux/random.h
index 08322f700cdc..147a5e0d0b8e 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -42,10 +42,6 @@ u8 get_random_u8(void);
u16 get_random_u16(void);
u32 get_random_u32(void);
u64 get_random_u64(void);
-static inline unsigned int get_random_int(void)
-{
- return get_random_u32();
-}
static inline unsigned long get_random_long(void)
{
#if BITS_PER_LONG == 64
@@ -100,7 +96,6 @@ declare_get_random_var_wait(u8, u8)
declare_get_random_var_wait(u16, u16)
declare_get_random_var_wait(u32, u32)
declare_get_random_var_wait(u64, u32)
-declare_get_random_var_wait(int, unsigned int)
declare_get_random_var_wait(long, unsigned long)
#undef declare_get_random_var
--
2.37.3
[PATCH v5 6/7] treewide: use get_random_bytes when possible
The prandom_bytes() function has been a deprecated inline wrapper around
get_random_bytes() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function. This was done as a basic find and replace.
Reviewed-by: Kees Cook
Reviewed-by: Christophe Leroy # powerpc
Signed-off-by: Jason A. Donenfeld
---
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
drivers/dma/dmatest.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/mtd/tests/mtd_nandecctest.c | 2 +-
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 12 ++--
fs/ubifs/debug.c| 2 +-
kernel/kcsan/selftest.c | 2 +-
lib/random32.c | 2 +-
lib/test_objagg.c | 2 +-
lib/uuid.c | 2 +-
net/ipv4/route.c| 2 +-
net/mac80211/rc80211_minstrel_ht.c | 2 +-
net/sched/sch_pie.c | 2 +-
19 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
b/arch/powerpc/crypto/crc-vpmsum_test.c
index c1c1ef9457fb..273c527868db 100644
--- a/arch/powerpc/crypto/crc-vpmsum_test.c
+++ b/arch/powerpc/crypto/crc-vpmsum_test.c
@@ -82,7 +82,7 @@ static int __init crc_test_init(void)
if (len <= offset)
continue;
- prandom_bytes(data, len);
+ get_random_bytes(data, len);
len -= offset;
crypto_shash_update(crct10dif_shash, data+offset, len);
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 621abd1b0e4d..ad9844c5b40c 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
if (blk_crypto_fallback_inited)
return 0;
- prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
+ get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
err = bioset_init(&crypto_bio_split, 64, 0, 0);
if (err)
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c9d218e53bcb..f74505f2baf0 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -37,7 +37,7 @@ static void makedata(int disks)
int i;
for (i = 0; i < disks; i++) {
- prandom_bytes(page_address(data[i]), PAGE_SIZE);
+ get_random_bytes(page_address(data[i]), PAGE_SIZE);
dataptrs[i] = data[i];
dataoffs[i] = 0;
}
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index 9fe2ae794316..ffe621695e47 100644
--- a/drivers/dma/dmatest.c
+++ b/drivers/dma/dmatest.c
@@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
{
unsigned long buf;
- prandom_bytes(&buf, sizeof(buf));
+ get_random_bytes(&buf, sizeof(buf));
return buf;
}
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index 4bdaf4aa7007..c941a5a41ea6 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
unsigned int page_no = ns->regs.row;
if (ns_read_error(page_no)) {
- prandom_bytes(ns->buf.byte, num);
+ get_random_bytes(ns->buf.byte, num);
NS_WARN("simulating read error in page %u\n", page_no);
return 1;
}
diff --git a/drivers/mtd/tests/mtd_nandecctest.c
b/drivers/mtd/tests/mtd_nandecctest.c
index 1c7201b0f372..440988562cfd 100644
--- a/drivers/mtd/tests/mtd_nandecctest.c
+++ b/drivers/mtd/tests/mtd_nandecctest.c
@@ -266,7 +266,7 @@ static int nand_ecc_test_run(const size_t size)
goto error;
}
- prandom_bytes(correct_data, size);
+ get_random_bytes(correct_data, size);
ecc_sw_hamming_calculate(correct_data, size, correct_ecc, sm_order);
for (i = 0; i < ARRAY_SIZE(nand_ecc_test); i++) {
nand_ecc_test[i].prepare(error_data, error_ecc,
diff --git a/drivers/mtd/tests/speedtest.c b/drivers/mtd/tests/speedtest.c
index c9ec7086bfa1..075bce32caa5 100644
--- a/drivers/mtd/tests/speedtest.c
+++ b/drivers/mtd/tests/speedtest.c
@@ -223,7 +223,7 @@ static int __init mtd_speedtest_init(void)
if (!iobuf)
goto out;
- prandom_bytes(iobuf, mtd->erasesize);
+ get_random_bytes(iobu
[PATCH v5 5/7] treewide: use get_random_u32() when possible
The prandom_u32() function has been a deprecated inline wrapper around get_random_u32() for several releases now, and compiles down to the exact same code. Replace the deprecated wrapper with a direct call to the real function. The same also applies to get_random_int(), which is just a wrapper around get_random_u32(). This was done as a basic find and replace. Reviewed-by: Kees Cook Acked-by: Toke Høiland-Jørgensen # for sch_cake Acked-by: Chuck Lever # for nfsd Reviewed-by: Jan Kara # for ext4 Acked-by: Mika Westerberg # for thunderbolt Acked-by: Darrick J. Wong # for xfs Signed-off-by: Jason A. Donenfeld --- Documentation/networking/filter.rst| 2 +- arch/parisc/kernel/process.c | 2 +- arch/parisc/kernel/sys_parisc.c| 4 ++-- arch/s390/mm/mmap.c| 2 +- arch/x86/kernel/cpu/amd.c | 2 +- drivers/gpu/drm/i915/i915_gem_gtt.c| 6 +++--- drivers/gpu/drm/i915/selftests/i915_selftest.c | 2 +- drivers/gpu/drm/selftests/test-drm_buddy.c | 2 +- drivers/gpu/drm/selftests/test-drm_mm.c| 2 +- drivers/infiniband/hw/cxgb4/cm.c | 4 ++-- drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c| 2 +- drivers/md/raid5-cache.c | 2 +- .../media/test-drivers/vivid/vivid-touch-cap.c | 4 ++-- drivers/misc/habanalabs/gaudi2/gaudi2.c| 2 +- drivers/mtd/nand/raw/nandsim.c | 2 +- drivers/net/bonding/bond_main.c| 2 +- drivers/net/ethernet/broadcom/cnic.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- drivers/net/ethernet/rocker/rocker_main.c | 6 +++--- .../wireless/broadcom/brcm80211/brcmfmac/pno.c | 2 +- .../net/wireless/marvell/mwifiex/cfg80211.c| 4 ++-- .../net/wireless/microchip/wilc1000/cfg80211.c | 2 +- .../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +- drivers/net/wireless/ti/wlcore/main.c | 2 +- drivers/nvme/common/auth.c | 2 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++-- drivers/target/iscsi/cxgbit/cxgbit_cm.c| 2 +- drivers/thunderbolt/xdomain.c | 2 +- drivers/video/fbdev/uvesafb.c | 2 +- fs/exfat/inode.c | 2 +- fs/ext4/ialloc.c | 2 +- fs/ext4/ioctl.c| 4 ++-- fs/ext4/mmp.c | 2 +- fs/f2fs/namei.c| 2 +- fs/fat/inode.c | 2 +- fs/nfsd/nfs4state.c| 4 ++-- fs/ntfs3/fslog.c | 6 +++--- fs/ubifs/journal.c | 2 +- fs/xfs/libxfs/xfs_ialloc.c | 2 +- fs/xfs/xfs_icache.c| 2 +- fs/xfs/xfs_log.c | 2 +- include/net/netfilter/nf_queue.h | 2 +- include/net/red.h | 2 +- include/net/sock.h | 2 +- kernel/bpf/bloom_filter.c | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/verifier.c | 2 +- kernel/kcsan/selftest.c| 2 +- lib/random32.c | 2 +- lib/reed_solomon/test_rslib.c | 6 +++--- lib/test_fprobe.c | 2 +- lib/test_kprobes.c | 2 +- lib/test_min_heap.c| 6 +++--- lib/test_rhashtable.c | 6 +++--- mm/shmem.c | 2 +- mm/slab.c | 2 +- net/802/garp.c | 2 +- net/802/mrp.c | 2 +- net/core/pktgen.c | 4 ++-- net/ipv4/route.c | 2 +- net/ipv4/tcp_cdg.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/ip6_flowlabel.c | 2 +- net/ipv6/output_core.c | 2 +- net/netfilter/ipvs/ip_vs_conn.c| 2 +- net/netfilter/xt_statistic.c | 2 +- net/openvswitch/actions.c | 2 +- net/sched/sch_cake.c | 2 +- net/sched/sch_netem.c | 18 +- net/sunrpc/auth_gss/gss_krb5_wrap.c| 4 ++-- net/sunrpc/xprt.c | 2 +- net/unix/af_unix.c | 2 +- 75 files changed, 104 insertions(+), 104 deletions(-) diff --git a/Documentation/networking/filter.rst b
[PATCH v5 4/7] treewide: use get_random_{u8, u16}() when possible, part 2
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value. This was done by hand,
identifying all of the places where one of the random integer functions
was used in a non-32-bit context.
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
arch/s390/kernel/process.c | 2 +-
lib/test_vmalloc.c | 2 +-
net/ipv4/ip_output.c| 2 +-
net/netfilter/nf_nat_core.c | 4 ++--
net/rds/bind.c | 2 +-
net/sched/sch_sfb.c | 2 +-
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 5ec78555dd2e..42af4b3aa02b 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -230,7 +230,7 @@ unsigned long arch_align_stack(unsigned long sp)
static inline unsigned long brk_rnd(void)
{
- return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
+ return (get_random_u16() & BRK_RND_MASK) << PAGE_SHIFT;
}
unsigned long arch_randomize_brk(struct mm_struct *mm)
diff --git a/lib/test_vmalloc.c b/lib/test_vmalloc.c
index a26bbbf20e62..cf7780572f5b 100644
--- a/lib/test_vmalloc.c
+++ b/lib/test_vmalloc.c
@@ -80,7 +80,7 @@ static int random_size_align_alloc_test(void)
int i;
for (i = 0; i < test_loop_count; i++) {
- rnd = prandom_u32();
+ rnd = get_random_u8();
/*
* Maximum 1024 pages, if PAGE_SIZE is 4096.
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 04e2034f2f8e..a4fbdbff14b3 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -172,7 +172,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, const struct
sock *sk,
* Avoid using the hashed IP ident generator.
*/
if (sk->sk_protocol == IPPROTO_TCP)
- iph->id = (__force __be16)prandom_u32();
+ iph->id = (__force __be16)get_random_u16();
else
__ip_select_ident(net, iph, 1);
}
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 7981be526f26..57c7686ac485 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -468,7 +468,7 @@ static void nf_nat_l4proto_unique_tuple(struct
nf_conntrack_tuple *tuple,
if (range->flags & NF_NAT_RANGE_PROTO_OFFSET)
off = (ntohs(*keyptr) - ntohs(range->base_proto.all));
else
- off = prandom_u32();
+ off = get_random_u16();
attempts = range_size;
if (attempts > max_attempts)
@@ -490,7 +490,7 @@ static void nf_nat_l4proto_unique_tuple(struct
nf_conntrack_tuple *tuple,
if (attempts >= range_size || attempts < 16)
return;
attempts /= 2;
- off = prandom_u32();
+ off = get_random_u16();
goto another_round;
}
diff --git a/net/rds/bind.c b/net/rds/bind.c
index 5b5fb4ca8d3e..97a29172a8ee 100644
--- a/net/rds/bind.c
+++ b/net/rds/bind.c
@@ -104,7 +104,7 @@ static int rds_add_bound(struct rds_sock *rs, const struct
in6_addr *addr,
return -EINVAL;
last = rover;
} else {
- rover = max_t(u16, prandom_u32(), 2);
+ rover = max_t(u16, get_random_u16(), 2);
last = rover - 1;
}
diff --git a/net/sched/sch_sfb.c b/net/sched/sch_sfb.c
index 2829455211f8..7eb70acb4d58 100644
--- a/net/sched/sch_sfb.c
+++ b/net/sched/sch_sfb.c
@@ -379,7 +379,7 @@ static int sfb_enqueue(struct sk_buff *skb, struct Qdisc
*sch,
goto enqueue;
}
- r = prandom_u32() & SFB_MAX_PROB;
+ r = get_random_u16() & SFB_MAX_PROB;
if (unlikely(r < p_min)) {
if (unlikely(p_min > SFB_MAX_PROB / 2)) {
--
2.37.3
[PATCH v5 3/7] treewide: use get_random_{u8, u16}() when possible, part 1
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value. This was done
mechanically with this coccinelle script:
@@
expression E;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u16;
typedef u8;
@@
(
- (get_random_u32() & 0x)
+ get_random_u16()
|
- (get_random_u32() & 0xff)
+ get_random_u8()
|
- (get_random_u32() % 65536)
+ get_random_u16()
|
- (get_random_u32() % 256)
+ get_random_u8()
|
- (get_random_u32() >> 16)
+ get_random_u16()
|
- (get_random_u32() >> 24)
+ get_random_u8()
|
- (u16)get_random_u32()
+ get_random_u16()
|
- (u8)get_random_u32()
+ get_random_u8()
|
- prandom_u32_max(65536)
+ get_random_u16()
|
- prandom_u32_max(256)
+ get_random_u8()
|
- E->inet_id = get_random_u32()
+ E->inet_id = get_random_u16()
)
@@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u16;
identifier v;
@@
- u16 v = get_random_u32();
+ u16 v = get_random_u16();
@@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u8;
identifier v;
@@
- u8 v = get_random_u32();
+ u8 v = get_random_u8();
// Find a potential literal
@literal_mask@
expression LITERAL;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
position p;
@@
((T)get_random_u32()@p & (LITERAL))
// Examine limits
@script:python add_one@
literal << literal_mask.LITERAL;
RESULT;
@@
value = None
if literal.startswith('0x'):
value = int(literal, 16)
elif literal[0] in '123456789':
value = int(literal, 10)
if value is None:
print("I don't know how to handle %s" % (literal))
cocci.include_match(False)
elif value < 256:
coccinelle.RESULT = cocci.make_ident("get_random_u8")
elif value < 65536:
coccinelle.RESULT = cocci.make_ident("get_random_u16")
else:
print("Skipping large mask of %s" % (literal))
cocci.include_match(False)
// Replace the literal mask with the calculated result.
@plus_one@
expression literal_mask.LITERAL;
position literal_mask.p;
identifier add_one.RESULT;
identifier FUNC;
@@
- (FUNC()@p & (LITERAL))
+ (RESULT() & LITERAL)
Reviewed-by: Kees Cook
Acked-by: Toke Høiland-Jørgensen # for sch_cake
Signed-off-by: Jason A. Donenfeld
---
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
crypto/testmgr.c | 8
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/test-drivers/vivid/vivid-radio-rx.c | 4 ++--
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/wireguard/selftest/allowedips.c | 4 ++--
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +++---
lib/cmdline_kunit.c | 4 ++--
net/dccp/ipv4.c | 4 ++--
net/ipv4/datagram.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 ++--
net/mac80211/scan.c | 2 +-
net/sched/sch_cake.c | 6 +++---
net/sctp/socket.c | 2 +-
19 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index ea128e32e8ca..e07f359254c3 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -655,7 +655,7 @@ struct page *get_signal_page(void)
PAGE_SIZE / sizeof(u32));
/* Give the signal return code some randomness */
- offset = 0x200 + (get_random_int() & 0x7fc);
+ offset = 0x200 + (get_random_u16() & 0x7fc);
signal_return_offset = offset;
/* Copy signal return handlers into the page */
diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c
index 733451fe7e41..d72e8f23422d 100644
--- a/arch/arm64/kernel/syscall.c
+++ b/arch/arm64/kernel/syscall.c
@@ -67,7 +67,7 @@ static void invoke_syscall(struct pt_regs *regs, unsigned int
scno,
*
* The resulting 5 bits of entropy is seen in SP[8:4].
*/
- choose_random_kstack_offset(get_random_int() & 0x1FF);
+ choose_random_kstack_offset(get_random_u16() & 0x1FF);
}
static inline bool has_syscall_work(unsigned long flags)
diff --git a/crypto/testmgr.c b/crypto/
[PATCH v5 2/7] treewide: use prandom_u32_max() when possible, part 2
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions. This was
done by hand, covering things that coccinelle could not do on its own.
Reviewed-by: Kees Cook
Reviewed-by: Jan Kara # for ext2, ext4, and sbitmap
Signed-off-by: Jason A. Donenfeld
---
fs/ext2/ialloc.c | 3 +--
fs/ext4/ialloc.c | 5 ++---
lib/sbitmap.c | 2 +-
lib/test_vmalloc.c | 17 -
4 files changed, 8 insertions(+), 19 deletions(-)
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c
index 998dd2ac8008..f4944c4dee60 100644
--- a/fs/ext2/ialloc.c
+++ b/fs/ext2/ialloc.c
@@ -277,8 +277,7 @@ static int find_group_orlov(struct super_block *sb, struct
inode *parent)
int best_ndir = inodes_per_group;
int best_group = -1;
- group = prandom_u32();
- parent_group = (unsigned)group % ngroups;
+ parent_group = prandom_u32_max(ngroups);
for (i = 0; i < ngroups; i++) {
group = (parent_group + i) % ngroups;
desc = ext2_get_group_desc (sb, group, NULL);
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index f73e5eb43eae..36d5bc595cc2 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -463,10 +463,9 @@ static int find_group_orlov(struct super_block *sb, struct
inode *parent,
hinfo.hash_version = DX_HASH_HALF_MD4;
hinfo.seed = sbi->s_hash_seed;
ext4fs_dirhash(parent, qstr->name, qstr->len, &hinfo);
- grp = hinfo.hash;
+ parent_group = hinfo.hash % ngroups;
} else
- grp = prandom_u32();
- parent_group = (unsigned)grp % ngroups;
+ parent_group = prandom_u32_max(ngroups);
for (i = 0; i < ngroups; i++) {
g = (parent_group + i) % ngroups;
get_orlov_stats(sb, g, flex_size, &stats);
diff --git a/lib/sbitmap.c b/lib/sbitmap.c
index c4f04edf3ee9..ef0661504561 100644
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -21,7 +21,7 @@ static int init_alloc_hint(struct sbitmap *sb, gfp_t flags)
int i;
for_each_possible_cpu(i)
- *per_cpu_ptr(sb->alloc_hint, i) = prandom_u32() % depth;
+ *per_cpu_ptr(sb->alloc_hint, i) =
prandom_u32_max(depth);
}
return 0;
}
diff --git a/lib/test_vmalloc.c b/lib/test_vmalloc.c
index 4f2f2d1bac56..a26bbbf20e62 100644
--- a/lib/test_vmalloc.c
+++ b/lib/test_vmalloc.c
@@ -151,9 +151,7 @@ static int random_size_alloc_test(void)
int i;
for (i = 0; i < test_loop_count; i++) {
- n = prandom_u32();
- n = (n % 100) + 1;
-
+ n = prandom_u32_max(100) + 1;
p = vmalloc(n * PAGE_SIZE);
if (!p)
@@ -293,16 +291,12 @@ pcpu_alloc_test(void)
return -1;
for (i = 0; i < 35000; i++) {
- unsigned int r;
-
- r = prandom_u32();
- size = (r % (PAGE_SIZE / 4)) + 1;
+ size = prandom_u32_max(PAGE_SIZE / 4) + 1;
/*
* Maximum PAGE_SIZE
*/
- r = prandom_u32();
- align = 1 << ((r % 11) + 1);
+ align = 1 << (prandom_u32_max(11) + 1);
pcpu[i] = __alloc_percpu(size, align);
if (!pcpu[i])
@@ -393,14 +387,11 @@ static struct test_driver {
static void shuffle_array(int *arr, int n)
{
- unsigned int rnd;
int i, j;
for (i = n - 1; i > 0; i--) {
- rnd = prandom_u32();
-
/* Cut the range. */
- j = rnd % i;
+ j = prandom_u32_max(i);
/* Swap indexes. */
swap(arr[i], arr[j]);
--
2.37.3
[PATCH v5 1/7] treewide: use prandom_u32_max() when possible, part 1
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions. This was
done mechanically with this coccinelle script:
@basic@
expression E;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
@@
(
- ((T)get_random_u32() % (E))
+ prandom_u32_max(E)
|
- ((T)get_random_u32() & ((E) - 1))
+ prandom_u32_max(E * XXX_MAKE_SURE_E_IS_POW2)
|
- ((T)get_random_u32() & ~PAGE_MASK)
+ prandom_u32_max(PAGE_SIZE)
)
@multi_line@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
identifier RAND;
expression E;
@@
- RAND = get_random_u32();
... when != RAND
- RAND %= (E);
+ RAND = prandom_u32_max(E);
// Find a potential literal
@literal_mask@
expression LITERAL;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
position p;
@@
((T)get_random_u32()@p & (LITERAL))
// Add one to the literal.
@script:python add_one@
literal << literal_mask.LITERAL;
RESULT;
@@
value = None
if literal.startswith('0x'):
value = int(literal, 16)
elif literal[0] in '123456789':
value = int(literal, 10)
if value is None:
print("I don't know how to handle %s" % (literal))
cocci.include_match(False)
elif value == 2**32 - 1 or value == 2**31 - 1 or value == 2**24 - 1 or value ==
2**16 - 1 or value == 2**8 - 1:
print("Skipping 0x%x for cleanup elsewhere" % (value))
cocci.include_match(False)
elif value & (value + 1) != 0:
print("Skipping 0x%x because it's not a power of two minus one" %
(value))
cocci.include_match(False)
elif literal.startswith('0x'):
coccinelle.RESULT = cocci.make_expr("0x%x" % (value + 1))
else:
coccinelle.RESULT = cocci.make_expr("%d" % (value + 1))
// Replace the literal mask with the calculated result.
@plus_one@
expression literal_mask.LITERAL;
position literal_mask.p;
expression add_one.RESULT;
identifier FUNC;
@@
- (FUNC()@p & (LITERAL))
+ prandom_u32_max(RESULT)
@collapse_ret@
type T;
identifier VAR;
expression E;
@@
{
- T VAR;
- VAR = (E);
- return VAR;
+ return E;
}
@drop_var@
type T;
identifier VAR;
@@
{
- T VAR;
... when != VAR
}
Reviewed-by: Kees Cook
Reviewed-by: KP Singh
Reviewed-by: Jan Kara # for ext4 and sbitmap
Reviewed-by: Christoph Böhmwalder # for drbd
Acked-by: Ulf Hansson # for mmc
Acked-by: Darrick J. Wong # for xfs
Signed-off-by: Jason A. Donenfeld
---
arch/arm/kernel/process.c | 2 +-
arch/arm64/kernel/process.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c| 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/vdso.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
arch/s390/kernel/process.c| 2 +-
arch/s390/kernel/vdso.c | 2 +-
arch/sparc/vdso/vma.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
crypto/testmgr.c | 86 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
.../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/md/bcache/request.c | 2 +-
.../test-drivers/vivid/vivid-touch-cap.c | 2 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 4 +-
drivers/mtd/tests/mtd_nandecctest.c | 10 +--
drivers/mtd/tests/stresstest.c| 17 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/ethernet/broadcom/cnic.c | 3 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
drivers/scsi/fcoe/fcoe_ctl
[PATCH v5 0/7] treewide cleanup of random integer usage
@vger.kernel.org
Cc: linux-m...@vger.kernel.org
Cc: linux...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: linux-...@lists.infradead.org
Cc: linux-n...@lists.infradead.org
Cc: linux-par...@vger.kernel.org
Cc: linux-r...@vger.kernel.org
Cc: linux-s...@vger.kernel.org
Cc: linux...@lists.infradead.org
Cc: linux-...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: linuxppc-...@lists.ozlabs.org
Cc: loonga...@lists.linux.dev
Cc: net...@vger.kernel.org
Cc: sparcli...@vger.kernel.org
Cc: x...@kernel.org
Jason A. Donenfeld (7):
treewide: use prandom_u32_max() when possible, part 1
treewide: use prandom_u32_max() when possible, part 2
treewide: use get_random_{u8,u16}() when possible, part 1
treewide: use get_random_{u8,u16}() when possible, part 2
treewide: use get_random_u32() when possible
treewide: use get_random_bytes when possible
prandom: remove unused functions
Documentation/networking/filter.rst | 2 +-
arch/arm/kernel/process.c | 2 +-
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/process.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c| 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/process.c | 2 +-
arch/parisc/kernel/sys_parisc.c | 4 +-
arch/parisc/kernel/vdso.c | 2 +-
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
arch/s390/kernel/process.c| 4 +-
arch/s390/kernel/vdso.c | 2 +-
arch/s390/mm/mmap.c | 2 +-
arch/sparc/vdso/vma.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/cpu/amd.c | 2 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
crypto/testmgr.c | 94 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
drivers/char/random.c | 11 +--
drivers/dma/dmatest.c | 2 +-
.../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +-
drivers/gpu/drm/i915/i915_gem_gtt.c | 6 +-
.../gpu/drm/i915/selftests/i915_selftest.c| 2 +-
drivers/gpu/drm/selftests/test-drm_buddy.c| 2 +-
drivers/gpu/drm/selftests/test-drm_mm.c | 2 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/cm.c | 4 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/hw/mlx4/mad.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/md/bcache/request.c | 2 +-
drivers/md/raid5-cache.c | 2 +-
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
.../media/test-drivers/vivid/vivid-radio-rx.c | 4 +-
.../test-drivers/vivid/vivid-touch-cap.c | 6 +-
drivers/misc/habanalabs/gaudi2/gaudi2.c | 2 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 8 +-
drivers/mtd/tests/mtd_nandecctest.c | 12 +--
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c| 19 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/broadcom/cnic.c | 5 +-
.../chelsio/inline_crypto/chtls/chtls_cm.c| 4 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/ethernet/rocker/rocker_main.c | 8 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 16 ++--
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../broadcom/brcm80211/brcmfmac/pno.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
.../net/wireless/marvell/mwifiex/cfg80211.c | 4 +-
.../wireless/microchip/wilc1000/cfg80211.c| 2 +-
.../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +-
drivers/
Re: [PATCH v4 2/6] treewide: use prandom_u32_max() when possible
On Fri, Oct 07, 2022 at 03:47:44PM -0700, Kees Cook wrote:
> > diff --git a/lib/test_vmalloc.c b/lib/test_vmalloc.c
> > index 4f2f2d1bac56..56ffaa8dd3f6 100644
> > --- a/lib/test_vmalloc.c
> > +++ b/lib/test_vmalloc.c
> > @@ -151,9 +151,7 @@ static int random_size_alloc_test(void)
> > int i;
> >
> > for (i = 0; i < test_loop_count; i++) {
> > - n = prandom_u32();
> > - n = (n % 100) + 1;
> > -
> > + n = prandom_u32_max(n % 100) + 1;
> > p = vmalloc(n * PAGE_SIZE);
> >
> > if (!p)
>
> This looks wrong. Cocci says:
>
> - n = prandom_u32();
> - n = (n % 100) + 1;
> + n = prandom_u32_max(100) + 1;
I agree that's wrong, but what rule did you use to make Cocci generate
that?
Jason
Re: [PATCH v4 2/6] treewide: use prandom_u32_max() when possible
On Fri, Oct 07, 2022 at 03:47:44PM -0700, Kees Cook wrote:
> On Fri, Oct 07, 2022 at 12:01:03PM -0600, Jason A. Donenfeld wrote:
> > Rather than incurring a division or requesting too many random bytes for
> > the given range, use the prandom_u32_max() function, which only takes
> > the minimum required bytes from the RNG and avoids divisions.
>
> I actually meant splitting the by-hand stuff by subsystem, but nearly
> all of these can be done mechanically too, so it shouldn't be bad. Notes
> below...
Oh, cool, more coccinelle. You're basically giving me a class on these
recipes. Much appreciated.
> > [...]
> > diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> > index 92bcc1768f0b..87203429f802 100644
> > --- a/arch/arm64/kernel/process.c
> > +++ b/arch/arm64/kernel/process.c
> > @@ -595,7 +595,7 @@ unsigned long __get_wchan(struct task_struct *p)
> > unsigned long arch_align_stack(unsigned long sp)
> > {
> > if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
> > - sp -= get_random_int() & ~PAGE_MASK;
> > + sp -= prandom_u32_max(PAGE_SIZE);
> > return sp & ~0xf;
> > }
> >
>
> @mask@
> expression MASK;
> @@
>
> - (get_random_int() & ~(MASK))
> + prandom_u32_max(MASK)
Not quite! PAGE_MASK != PAGE_SIZE. In this case, things get a litle
more complicated where you can do:
get_random_int() & MASK == prandom_u32_max(MASK + 1)
*only if all the top bits of MASK are set* That is, if MASK one less
than a power of two. Or if MASK & (MASK + 1) == 0.
(If those top bits aren't set, you can technically do
prandom_u32_max(MASK >> n + 1) << n. That'd be a nice thing to work out.
But yeesh, maybe a bit much for the time being and probably a bit beyond
coccinelle.)
This case here, though, is a bit more special, where we can just rely on
an obvious given kernel identity. Namely, PAGE_MASK == ~(PAGE_SIZE - 1).
So ~PAGE_MASK == PAGE_SIZE - 1.
So get_random_int() & ~PAGE_MASK == prandom_u32_max(PAGE_SIZE - 1 + 1).
So get_random_int() & ~PAGE_MASK == prandom_u32_max(PAGE_SIZE).
And most importantly, this makes the code more readable, since everybody
knows what bounding by PAGE_SIZE means, where as what on earth is
happening with the &~PAGE_MASK thing. So it's a good change. I'll try to
teach coccinelle about that special case.
> > diff --git a/arch/loongarch/kernel/vdso.c b/arch/loongarch/kernel/vdso.c
> > index f32c38abd791..8c9826062652 100644
> > --- a/arch/loongarch/kernel/vdso.c
> > +++ b/arch/loongarch/kernel/vdso.c
> > @@ -78,7 +78,7 @@ static unsigned long vdso_base(void)
> > unsigned long base = STACK_TOP;
> >
> > if (current->flags & PF_RANDOMIZE) {
> > - base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1);
> > + base += prandom_u32_max(VDSO_RANDOMIZE_SIZE);
> > base = PAGE_ALIGN(base);
> > }
> >
>
> @minus_one@
> expression FULL;
> @@
>
> - (get_random_int() & ((FULL) - 1)
> + prandom_u32_max(FULL)
Ahh, well, okay, this is the example I mentioned above. Only works if
FULL is saturated. Any clever way to get coccinelle to prove that? Can
it look at the value of constants?
>
> > diff --git a/arch/parisc/kernel/vdso.c b/arch/parisc/kernel/vdso.c
> > index 63dc44c4c246..47e5960a2f96 100644
> > --- a/arch/parisc/kernel/vdso.c
> > +++ b/arch/parisc/kernel/vdso.c
> > @@ -75,7 +75,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm,
> >
> > map_base = mm->mmap_base;
> > if (current->flags & PF_RANDOMIZE)
> > - map_base -= (get_random_int() & 0x1f) * PAGE_SIZE;
> > + map_base -= prandom_u32_max(0x20) * PAGE_SIZE;
> >
> > vdso_text_start = get_unmapped_area(NULL, map_base, vdso_text_len, 0,
> > 0);
> >
>
> These are more fun, but Coccinelle can still do them with a little
> Pythonic help:
>
> // Find a potential literal
> @literal_mask@
> expression LITERAL;
> identifier randfunc =~ "get_random_int|prandom_u32|get_random_u32";
> position p;
> @@
>
> (randfunc()@p & (LITERAL))
>
> // Add one to the literal.
> @script:python add_one@
> literal << literal_mask.LITERAL;
> RESULT;
> @@
>
> if literal.startswith('0x'):
> value = int(literal, 16) + 1
> coccinelle.RESULT = cocci.make_expr("0x%x" % (value))
> elif literal[0] in '123456789':
> value = int(literal, 10) + 1
> coccinelle.RESULT = cocci.make_expr("%d" % (value))
>
Re: [PATCH v4 4/6] treewide: use get_random_u32() when possible
On Fri, Oct 07, 2022 at 10:34:47PM +0200, Rolf Eike Beer wrote:
> > diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c
> > index 7c37e09c92da..18c4f0e3e906 100644
> > --- a/arch/parisc/kernel/process.c
> > +++ b/arch/parisc/kernel/process.c
> > @@ -288,7 +288,7 @@ __get_wchan(struct task_struct *p)
> >
> > static inline unsigned long brk_rnd(void)
> > {
> > - return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
> > + return (get_random_u32() & BRK_RND_MASK) << PAGE_SHIFT;
> > }
>
> Can't this be
>
> prandom_u32_max(BRK_RND_MASK + 1) << PAGE_SHIFT
>
> ? More similar code with other masks follows below.
I guess it can, because BRK_RND_MASK happens to have all its lower bits
set. But as a "_MASK" maybe this isn't a given, and I don't want to
change intended semantics in this patchset. It's also not more
efficient, because BRK_RND_MASK is actually an expression:
#define BRK_RND_MASK(is_32bit_task() ? 0x07ffUL : 0x3UL)
So at compile-time, the compiler can't prove that it's <= U16_MAX, since
it isn't always the case, so it'll use get_random_u32() anyway.
[Side note: maybe that compile-time check should become a runtime check,
but I'll need to do some benchmarking before changing that and
introducing two added branches to every non-constant invocation, so for
now it's a compile-time check. Fortunately the vast majority of uses
are done on inputs the compiler can prove something about.]
>
> > diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c
> > b/drivers/gpu/drm/i915/i915_gem_gtt.c index 329ff75b80b9..7bd1861ddbdf
> > 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > @@ -137,12 +137,12 @@ static u64 random_offset(u64 start, u64 end, u64 len,
> > u64 align) range = round_down(end - len, align) - round_up(start, align);
> > if (range) {
> > if (sizeof(unsigned long) == sizeof(u64)) {
> > - addr = get_random_long();
> > + addr = get_random_u64();
> > } else {
> > - addr = get_random_int();
> > + addr = get_random_u32();
> > if (range > U32_MAX) {
> > addr <<= 32;
> > - addr |= get_random_int();
> > + addr |= get_random_u32();
> > }
> > }
> > div64_u64_rem(addr, range, &addr);
>
> How about
>
> if (sizeof(unsigned long) == sizeof(u64) || range >
> U32_MAX)
> addr = get_random_u64();
> else
> addr = get_random_u32();
>
Yes, maybe, probably, indeed... But I don't want to go wild and start
fixing all the weird algorithms everywhere. My goal is to only make
changes that are "obviously right". But maybe after this lands this is
something that you or I can submit to the i915 people as an
optimization.
> > diff --git a/drivers/infiniband/hw/cxgb4/cm.c
> > b/drivers/infiniband/hw/cxgb4/cm.c index 14392c942f49..499a425a3379 100644
> > --- a/drivers/infiniband/hw/cxgb4/cm.c
> > +++ b/drivers/infiniband/hw/cxgb4/cm.c
> > @@ -734,7 +734,7 @@ static int send_connect(struct c4iw_ep *ep)
> >&ep->com.remote_addr;
> > int ret;
> > enum chip_type adapter_type = ep->com.dev->rdev.lldi.adapter_type;
> > - u32 isn = (prandom_u32() & ~7UL) - 1;
> > + u32 isn = (get_random_u32() & ~7UL) - 1;
> > struct net_device *netdev;
> > u64 params;
> >
> > @@ -2469,7 +2469,7 @@ static int accept_cr(struct c4iw_ep *ep, struct
> > sk_buff *skb, }
> >
> > if (!is_t4(adapter_type)) {
> > - u32 isn = (prandom_u32() & ~7UL) - 1;
> > + u32 isn = (get_random_u32() & ~7UL) - 1;
>
> u32 isn = get_random_u32() | 0x7;
Again, maybe so, but same rationale as above.
> > static void ns_do_bit_flips(struct nandsim *ns, int num)
> > {
> > - if (bitflips && prandom_u32() < (1 << 22)) {
> > + if (bitflips && get_random_u32() < (1 << 22)) {
>
> Doing "get_random_u16() < (1 << 6)" should have the same probability with
> only
> 2 bytes of random, no?
That's very clever. (1<<22)/(1<<32) == (1<<6)/(1<<16). But also, same
rationale as above for not doing that.
Anyway, I realize this is probably disappointing to read. But also, we
can come back to those optimization cases later pretty easily.
Jason
Re: [PATCH v4 2/6] treewide: use prandom_u32_max() when possible
On Fri, Oct 07, 2022 at 02:17:22PM -0700, Darrick J. Wong wrote:
> On Fri, Oct 07, 2022 at 12:01:03PM -0600, Jason A. Donenfeld wrote:
> > Rather than incurring a division or requesting too many random bytes for
> > the given range, use the prandom_u32_max() function, which only takes
> > the minimum required bytes from the RNG and avoids divisions.
> >
> > Reviewed-by: Kees Cook
> > Reviewed-by: KP Singh
> > Reviewed-by: Christoph Böhmwalder # for
> > drbd
> > Reviewed-by: Jan Kara # for ext2, ext4, and sbitmap
> > Signed-off-by: Jason A. Donenfeld
> > ---
>
>
>
> > diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
> > index e2bdf089c0a3..6261599bb389 100644
> > --- a/fs/xfs/libxfs/xfs_alloc.c
> > +++ b/fs/xfs/libxfs/xfs_alloc.c
> > @@ -1520,7 +1520,7 @@ xfs_alloc_ag_vextent_lastblock(
> >
> > #ifdef DEBUG
> > /* Randomly don't execute the first algorithm. */
> > - if (prandom_u32() & 1)
> > + if (prandom_u32_max(2))
>
> I wonder if these usecases (picking 0 or 1 randomly) ought to have a
> trivial wrapper to make it more obvious that we want boolean semantics:
>
> static inline bool prandom_bool(void)
> {
> return prandom_u32_max(2);
> }
>
> if (prandom_bool())
> use_crazy_algorithm(...);
>
Yea, I've had a lot of similar ideas there. Part of doing this (initial)
patchset is to get an intuitive sense of what's actually used and how
often. On my list for investigation are a get_random_u32_max() to return
uniform numbers by rejection sampling (prandom_u32_max() doesn't do
that uniformly) and adding a function for booleans or bits < 8. Possible
ideas for the latter include:
bool get_random_bool(void);
bool get_random_bool(unsigned int probability);
bool get_random_bits(u8 bits_less_than_eight);
With the core of all of those involving the same batching as the current
get_random_u{8,16,32,64}() functions, but also buffering the latest byte
and managing how many bits are left in it that haven't been shifted out
yet.
So API-wise, there are a few ways to go, so hopefully this series will
start to give a good picture of what's needed.
One thing I've noticed is that most of the prandom_u32_max(2)
invocations are in debug or test code, so that doesn't need to be
optimized. But kfence does that too in its hot path, so a
get_random_bool() function there would in theory lead to an 8x speed-up.
But I guess I just have to try some things and see.
Anyway, that is a long way to say, I share you curiosity on the matter
and I'm looking into it.
Jason
[PATCH v4 6/6] prandom: remove unused functions
With no callers left of prandom_u32() and prandom_bytes(), as well as
get_random_int(), remove these deprecated wrappers, in favor of
get_random_u32() and get_random_bytes().
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 11 +--
include/linux/prandom.h | 12
include/linux/random.h | 5 -
3 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 01acf235f263..2fe28eeb2f38 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -97,7 +97,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit
suppression");
* Returns whether or not the input pool has been seeded and thus guaranteed
* to supply cryptographically secure random numbers. This applies to: the
* /dev/urandom device, the get_random_bytes function, and the get_random_{u8,
- * u16,u32,u64,int,long} family of functions.
+ * u16,u32,u64,long} family of functions.
*
* Returns: true if the input pool has been seeded.
* false if the input pool has not been seeded.
@@ -161,15 +161,14 @@ EXPORT_SYMBOL(wait_for_random_bytes);
* u16 get_random_u16()
* u32 get_random_u32()
* u64 get_random_u64()
- * unsigned int get_random_int()
* unsigned long get_random_long()
*
* These interfaces will return the requested number of random bytes
* into the given buffer or as a return value. This is equivalent to
- * a read from /dev/urandom. The u8, u16, u32, u64, int, and long
- * family of functions may be higher performance for one-off random
- * integers, because they do a bit of buffering and do not invoke
- * reseeding until the buffer is emptied.
+ * a read from /dev/urandom. The u8, u16, u32, u64, long family of
+ * functions may be higher performance for one-off random integers,
+ * because they do a bit of buffering and do not invoke reseeding
+ * until the buffer is emptied.
*
*/
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index 78db003bc290..e0a0759dd09c 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -12,18 +12,6 @@
#include
#include
-/* Deprecated: use get_random_u32 instead. */
-static inline u32 prandom_u32(void)
-{
- return get_random_u32();
-}
-
-/* Deprecated: use get_random_bytes instead. */
-static inline void prandom_bytes(void *buf, size_t nbytes)
-{
- return get_random_bytes(buf, nbytes);
-}
-
struct rnd_state {
__u32 s1, s2, s3, s4;
};
diff --git a/include/linux/random.h b/include/linux/random.h
index 08322f700cdc..147a5e0d0b8e 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -42,10 +42,6 @@ u8 get_random_u8(void);
u16 get_random_u16(void);
u32 get_random_u32(void);
u64 get_random_u64(void);
-static inline unsigned int get_random_int(void)
-{
- return get_random_u32();
-}
static inline unsigned long get_random_long(void)
{
#if BITS_PER_LONG == 64
@@ -100,7 +96,6 @@ declare_get_random_var_wait(u8, u8)
declare_get_random_var_wait(u16, u16)
declare_get_random_var_wait(u32, u32)
declare_get_random_var_wait(u64, u32)
-declare_get_random_var_wait(int, unsigned int)
declare_get_random_var_wait(long, unsigned long)
#undef declare_get_random_var
--
2.37.3
[PATCH v4 5/6] treewide: use get_random_bytes when possible
The prandom_bytes() function has been a deprecated inline wrapper around
get_random_bytes() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function.
Reviewed-by: Kees Cook
Reviewed-by: Christophe Leroy # powerpc
Signed-off-by: Jason A. Donenfeld
---
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
drivers/dma/dmatest.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/mtd/tests/mtd_nandecctest.c | 2 +-
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 12 ++--
fs/ubifs/debug.c| 2 +-
kernel/kcsan/selftest.c | 2 +-
lib/random32.c | 2 +-
lib/test_objagg.c | 2 +-
lib/uuid.c | 2 +-
net/ipv4/route.c| 2 +-
net/mac80211/rc80211_minstrel_ht.c | 2 +-
net/sched/sch_pie.c | 2 +-
19 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
b/arch/powerpc/crypto/crc-vpmsum_test.c
index c1c1ef9457fb..273c527868db 100644
--- a/arch/powerpc/crypto/crc-vpmsum_test.c
+++ b/arch/powerpc/crypto/crc-vpmsum_test.c
@@ -82,7 +82,7 @@ static int __init crc_test_init(void)
if (len <= offset)
continue;
- prandom_bytes(data, len);
+ get_random_bytes(data, len);
len -= offset;
crypto_shash_update(crct10dif_shash, data+offset, len);
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 621abd1b0e4d..ad9844c5b40c 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
if (blk_crypto_fallback_inited)
return 0;
- prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
+ get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
err = bioset_init(&crypto_bio_split, 64, 0, 0);
if (err)
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c9d218e53bcb..f74505f2baf0 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -37,7 +37,7 @@ static void makedata(int disks)
int i;
for (i = 0; i < disks; i++) {
- prandom_bytes(page_address(data[i]), PAGE_SIZE);
+ get_random_bytes(page_address(data[i]), PAGE_SIZE);
dataptrs[i] = data[i];
dataoffs[i] = 0;
}
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index 9fe2ae794316..ffe621695e47 100644
--- a/drivers/dma/dmatest.c
+++ b/drivers/dma/dmatest.c
@@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
{
unsigned long buf;
- prandom_bytes(&buf, sizeof(buf));
+ get_random_bytes(&buf, sizeof(buf));
return buf;
}
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index 4bdaf4aa7007..c941a5a41ea6 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
unsigned int page_no = ns->regs.row;
if (ns_read_error(page_no)) {
- prandom_bytes(ns->buf.byte, num);
+ get_random_bytes(ns->buf.byte, num);
NS_WARN("simulating read error in page %u\n", page_no);
return 1;
}
diff --git a/drivers/mtd/tests/mtd_nandecctest.c
b/drivers/mtd/tests/mtd_nandecctest.c
index 1c7201b0f372..440988562cfd 100644
--- a/drivers/mtd/tests/mtd_nandecctest.c
+++ b/drivers/mtd/tests/mtd_nandecctest.c
@@ -266,7 +266,7 @@ static int nand_ecc_test_run(const size_t size)
goto error;
}
- prandom_bytes(correct_data, size);
+ get_random_bytes(correct_data, size);
ecc_sw_hamming_calculate(correct_data, size, correct_ecc, sm_order);
for (i = 0; i < ARRAY_SIZE(nand_ecc_test); i++) {
nand_ecc_test[i].prepare(error_data, error_ecc,
diff --git a/drivers/mtd/tests/speedtest.c b/drivers/mtd/tests/speedtest.c
index c9ec7086bfa1..075bce32caa5 100644
--- a/drivers/mtd/tests/speedtest.c
+++ b/drivers/mtd/tests/speedtest.c
@@ -223,7 +223,7 @@ static int __init mtd_speedtest_init(void)
if (!iobuf)
goto out;
- prandom_bytes(iobuf, mtd->erasesize);
+ get_random_bytes(iobuf, mtd->erasesize);
bbt = kzal
[PATCH v4 4/6] treewide: use get_random_u32() when possible
The prandom_u32() function has been a deprecated inline wrapper around get_random_u32() for several releases now, and compiles down to the exact same code. Replace the deprecated wrapper with a direct call to the real function. The same also applies to get_random_int(), which is just a wrapper around get_random_u32(). Reviewed-by: Kees Cook Acked-by: Toke Høiland-Jørgensen # for sch_cake Acked-by: Chuck Lever # for nfsd Reviewed-by: Jan Kara # for ext4 Acked-by: Mika Westerberg # for thunderbolt Signed-off-by: Jason A. Donenfeld --- Documentation/networking/filter.rst| 2 +- arch/parisc/kernel/process.c | 2 +- arch/parisc/kernel/sys_parisc.c| 4 ++-- arch/s390/mm/mmap.c| 2 +- arch/x86/kernel/cpu/amd.c | 2 +- drivers/gpu/drm/i915/i915_gem_gtt.c| 6 +++--- drivers/gpu/drm/i915/selftests/i915_selftest.c | 2 +- drivers/gpu/drm/selftests/test-drm_buddy.c | 2 +- drivers/gpu/drm/selftests/test-drm_mm.c| 2 +- drivers/infiniband/hw/cxgb4/cm.c | 4 ++-- drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c| 2 +- drivers/md/raid5-cache.c | 2 +- .../media/test-drivers/vivid/vivid-touch-cap.c | 4 ++-- drivers/misc/habanalabs/gaudi2/gaudi2.c| 2 +- drivers/mtd/nand/raw/nandsim.c | 2 +- drivers/net/bonding/bond_main.c| 2 +- drivers/net/ethernet/broadcom/cnic.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- drivers/net/ethernet/rocker/rocker_main.c | 6 +++--- .../wireless/broadcom/brcm80211/brcmfmac/pno.c | 2 +- .../net/wireless/marvell/mwifiex/cfg80211.c| 4 ++-- .../net/wireless/microchip/wilc1000/cfg80211.c | 2 +- .../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +- drivers/net/wireless/ti/wlcore/main.c | 2 +- drivers/nvme/common/auth.c | 2 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++-- drivers/target/iscsi/cxgbit/cxgbit_cm.c| 2 +- drivers/thunderbolt/xdomain.c | 2 +- drivers/video/fbdev/uvesafb.c | 2 +- fs/exfat/inode.c | 2 +- fs/ext4/ialloc.c | 2 +- fs/ext4/ioctl.c| 4 ++-- fs/ext4/mmp.c | 2 +- fs/f2fs/namei.c| 2 +- fs/fat/inode.c | 2 +- fs/nfsd/nfs4state.c| 4 ++-- fs/ntfs3/fslog.c | 6 +++--- fs/ubifs/journal.c | 2 +- fs/xfs/libxfs/xfs_ialloc.c | 2 +- fs/xfs/xfs_icache.c| 2 +- fs/xfs/xfs_log.c | 2 +- include/net/netfilter/nf_queue.h | 2 +- include/net/red.h | 2 +- include/net/sock.h | 2 +- kernel/bpf/bloom_filter.c | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/verifier.c | 2 +- kernel/kcsan/selftest.c| 2 +- lib/random32.c | 2 +- lib/reed_solomon/test_rslib.c | 6 +++--- lib/test_fprobe.c | 2 +- lib/test_kprobes.c | 2 +- lib/test_min_heap.c| 6 +++--- lib/test_rhashtable.c | 6 +++--- mm/shmem.c | 2 +- mm/slab.c | 2 +- net/802/garp.c | 2 +- net/802/mrp.c | 2 +- net/core/pktgen.c | 4 ++-- net/ipv4/route.c | 2 +- net/ipv4/tcp_cdg.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/ip6_flowlabel.c | 2 +- net/ipv6/output_core.c | 2 +- net/netfilter/ipvs/ip_vs_conn.c| 2 +- net/netfilter/xt_statistic.c | 2 +- net/openvswitch/actions.c | 2 +- net/rds/bind.c | 2 +- net/sched/sch_cake.c | 2 +- net/sched/sch_netem.c | 18 +- net/sunrpc/auth_gss/gss_krb5_wrap.c| 4 ++-- net/sunrpc/xprt.c | 2 +- net/unix/af_unix.c | 2 +- 76 files changed, 105 insertions(+), 105 deletions(-) diff --git a/Documentation/networking/filter.rst b/Documentation/networking
[PATCH v4 3/6] treewide: use get_random_{u8,u16}() when possible
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value.
Reviewed-by: Kees Cook
Acked-by: Toke Høiland-Jørgensen # for sch_cake
Signed-off-by: Jason A. Donenfeld
---
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
arch/s390/kernel/process.c| 2 +-
arch/sparc/vdso/vma.c | 2 +-
crypto/testmgr.c | 8
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/test-drivers/vivid/vivid-radio-rx.c | 4 ++--
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/wireguard/selftest/allowedips.c | 4 ++--
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +++---
lib/cmdline_kunit.c | 4 ++--
lib/test_vmalloc.c| 2 +-
net/dccp/ipv4.c | 4 ++--
net/ipv4/datagram.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 ++--
net/mac80211/scan.c | 2 +-
net/netfilter/nf_nat_core.c | 4 ++--
net/sched/sch_cake.c | 6 +++---
net/sched/sch_sfb.c | 2 +-
net/sctp/socket.c | 2 +-
25 files changed, 38 insertions(+), 38 deletions(-)
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index ea128e32e8ca..e07f359254c3 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -655,7 +655,7 @@ struct page *get_signal_page(void)
PAGE_SIZE / sizeof(u32));
/* Give the signal return code some randomness */
- offset = 0x200 + (get_random_int() & 0x7fc);
+ offset = 0x200 + (get_random_u16() & 0x7fc);
signal_return_offset = offset;
/* Copy signal return handlers into the page */
diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c
index 733451fe7e41..d72e8f23422d 100644
--- a/arch/arm64/kernel/syscall.c
+++ b/arch/arm64/kernel/syscall.c
@@ -67,7 +67,7 @@ static void invoke_syscall(struct pt_regs *regs, unsigned int
scno,
*
* The resulting 5 bits of entropy is seen in SP[8:4].
*/
- choose_random_kstack_offset(get_random_int() & 0x1FF);
+ choose_random_kstack_offset(get_random_u16() & 0x1FF);
}
static inline bool has_syscall_work(unsigned long flags)
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 5ec78555dd2e..42af4b3aa02b 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -230,7 +230,7 @@ unsigned long arch_align_stack(unsigned long sp)
static inline unsigned long brk_rnd(void)
{
- return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
+ return (get_random_u16() & BRK_RND_MASK) << PAGE_SHIFT;
}
unsigned long arch_randomize_brk(struct mm_struct *mm)
diff --git a/arch/sparc/vdso/vma.c b/arch/sparc/vdso/vma.c
index cc19e09b0fa1..04ee726859ca 100644
--- a/arch/sparc/vdso/vma.c
+++ b/arch/sparc/vdso/vma.c
@@ -354,7 +354,7 @@ static unsigned long vdso_addr(unsigned long start,
unsigned int len)
unsigned int offset;
/* This loses some more bits than a modulo, but is cheaper */
- offset = get_random_int() & (PTRS_PER_PTE - 1);
+ offset = get_random_u16() & (PTRS_PER_PTE - 1);
return start + (offset << PAGE_SHIFT);
}
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index be45217acde4..981c637fa2ed 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -927,7 +927,7 @@ static void generate_random_bytes(u8 *buf, size_t count)
b = 0xff;
break;
default:
- b = (u8)prandom_u32();
+ b = get_random_u8();
break;
}
memset(buf, b, count);
@@ -935,8 +935,8 @@ static void generate_random_bytes(u8 *buf, size_t count)
break;
case 2:
/* Ascending or descending bytes, plus optional mutations */
- increment = (u8)prandom_u32();
- b = (u8)prandom_u32();
+ increment = get_random_u8();
+ b = get_random_u8();
[PATCH v4 2/6] treewide: use prandom_u32_max() when possible
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions.
Reviewed-by: Kees Cook
Reviewed-by: KP Singh
Reviewed-by: Christoph Böhmwalder # for drbd
Reviewed-by: Jan Kara # for ext2, ext4, and sbitmap
Signed-off-by: Jason A. Donenfeld
---
arch/arm64/kernel/process.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c | 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/vdso.c| 2 +-
arch/powerpc/kernel/process.c| 2 +-
arch/s390/kernel/process.c | 2 +-
drivers/block/drbd/drbd_receiver.c | 4 ++--
drivers/md/bcache/request.c | 2 +-
drivers/mtd/tests/stresstest.c | 17 -
drivers/mtd/ubi/debug.h | 6 +++---
drivers/net/ethernet/broadcom/cnic.c | 3 +--
fs/ext2/ialloc.c | 3 +--
fs/ext4/ialloc.c | 5 ++---
fs/ubifs/lpt_commit.c| 2 +-
fs/ubifs/tnc_commit.c| 2 +-
fs/xfs/libxfs/xfs_alloc.c| 2 +-
fs/xfs/libxfs/xfs_ialloc.c | 2 +-
include/linux/nodemask.h | 2 +-
lib/cmdline_kunit.c | 4 ++--
lib/kobject.c| 2 +-
lib/reed_solomon/test_rslib.c| 2 +-
lib/sbitmap.c| 2 +-
lib/test_hexdump.c | 2 +-
lib/test_vmalloc.c | 17 -
net/core/pktgen.c| 4 ++--
net/ipv4/inet_hashtables.c | 2 +-
net/sunrpc/cache.c | 2 +-
net/sunrpc/xprtsock.c| 2 +-
30 files changed, 42 insertions(+), 63 deletions(-)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 92bcc1768f0b..87203429f802 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -595,7 +595,7 @@ unsigned long __get_wchan(struct task_struct *p)
unsigned long arch_align_stack(unsigned long sp)
{
if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
- sp -= get_random_int() & ~PAGE_MASK;
+ sp -= prandom_u32_max(PAGE_SIZE);
return sp & ~0xf;
}
diff --git a/arch/loongarch/kernel/process.c b/arch/loongarch/kernel/process.c
index 660492f064e7..1256e3582475 100644
--- a/arch/loongarch/kernel/process.c
+++ b/arch/loongarch/kernel/process.c
@@ -293,7 +293,7 @@ unsigned long stack_top(void)
unsigned long arch_align_stack(unsigned long sp)
{
if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
- sp -= get_random_int() & ~PAGE_MASK;
+ sp -= prandom_u32_max(PAGE_SIZE);
return sp & STACK_ALIGN;
}
diff --git a/arch/loongarch/kernel/vdso.c b/arch/loongarch/kernel/vdso.c
index f32c38abd791..8c9826062652 100644
--- a/arch/loongarch/kernel/vdso.c
+++ b/arch/loongarch/kernel/vdso.c
@@ -78,7 +78,7 @@ static unsigned long vdso_base(void)
unsigned long base = STACK_TOP;
if (current->flags & PF_RANDOMIZE) {
- base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1);
+ base += prandom_u32_max(VDSO_RANDOMIZE_SIZE);
base = PAGE_ALIGN(base);
}
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index 35b912bce429..bbe9ce471791 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -711,7 +711,7 @@ unsigned long mips_stack_top(void)
unsigned long arch_align_stack(unsigned long sp)
{
if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
- sp -= get_random_int() & ~PAGE_MASK;
+ sp -= prandom_u32_max(PAGE_SIZE);
return sp & ALMASK;
}
diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c
index b2cc2c2dd4bf..5fd9bf1d596c 100644
--- a/arch/mips/kernel/vdso.c
+++ b/arch/mips/kernel/vdso.c
@@ -79,7 +79,7 @@ static unsigned long vdso_base(void)
}
if (current->flags & PF_RANDOMIZE) {
- base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1);
+ base += prandom_u32_max(VDSO_RANDOMIZE_SIZE);
base = PAGE_ALIGN(base);
}
diff --git a/arch/parisc/kernel/vdso.c b/arch/parisc/kernel/vdso.c
index 63dc44c4c246..47e5960a2f96 100644
--- a/arch/parisc/kernel/vdso.c
+++ b/arch/parisc/kernel/vdso.c
@@ -75,7 +75,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm,
map_base = mm->mmap_base;
if (current->flags & PF_RANDOMIZE)
- map_base -= (get_random_int() & 0x1f) * PAGE_SIZE;
+ map_base -= prandom_u32_max(0x20) * PAGE_SIZE;
vdso_text_start = get_unmapped_area(NULL, map_base,
[PATCH v4 1/6] treewide: use prandom_u32_max() when possible, mechanically
Rather than incurring a division or requesting too many random bytes for the given range, use the prandom_u32_max() function, which only takes the minimum required bytes from the RNG and avoids divisions. This was done mechanically with these coccinelle scripts: @no_modulo@ expression E; @@ - (prandom_u32() % (E)) + prandom_u32_max(E) @no_modulo@ expression E; @@ - (get_random_u32() % (E)) + prandom_u32_max(E) @no_modulo@ expression E; @@ - (get_random_int() % (E)) + prandom_u32_max(E) Reviewed-by: Kees Cook Reviewed-by: KP Singh Reviewed-by: Jan Kara # for ext4 and sbitmap Acked-by: Ulf Hansson # for mmc Signed-off-by: Jason A. Donenfeld --- arch/arm/kernel/process.c | 2 +- arch/s390/kernel/vdso.c | 2 +- arch/um/kernel/process.c | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/kernel/module.c | 2 +- arch/x86/kernel/process.c | 2 +- arch/x86/mm/pat/cpa-test.c| 4 +- crypto/testmgr.c | 86 +-- .../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +- drivers/infiniband/core/cma.c | 2 +- drivers/infiniband/hw/cxgb4/id_table.c| 4 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +- .../test-drivers/vivid/vivid-touch-cap.c | 2 +- drivers/mmc/core/core.c | 4 +- drivers/mmc/host/dw_mmc.c | 2 +- drivers/mtd/nand/raw/nandsim.c| 4 +- drivers/mtd/tests/mtd_nandecctest.c | 10 +-- drivers/mtd/ubi/debug.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_io.c| 4 +- drivers/net/hamradio/baycom_epp.c | 2 +- drivers/net/hamradio/hdlcdrv.c| 2 +- drivers/net/hamradio/yam.c| 2 +- drivers/net/phy/at803x.c | 2 +- .../broadcom/brcm80211/brcmfmac/p2p.c | 2 +- .../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/qedi/qedi_main.c | 2 +- fs/ceph/inode.c | 2 +- fs/ceph/mdsmap.c | 2 +- fs/ext4/super.c | 7 +- fs/f2fs/gc.c | 2 +- fs/f2fs/segment.c | 8 +- fs/ubifs/debug.c | 8 +- fs/ubifs/lpt_commit.c | 12 +-- fs/xfs/xfs_error.c| 2 +- kernel/bpf/core.c | 4 +- kernel/locking/test-ww_mutex.c| 4 +- kernel/time/clocksource.c | 2 +- lib/cmdline_kunit.c | 4 +- lib/fault-inject.c| 2 +- lib/find_bit_benchmark.c | 4 +- lib/reed_solomon/test_rslib.c | 4 +- lib/sbitmap.c | 2 +- lib/test-string_helpers.c | 2 +- lib/test_hexdump.c| 10 +-- lib/test_kasan.c | 6 +- lib/test_list_sort.c | 2 +- mm/migrate.c | 2 +- mm/slub.c | 2 +- net/ceph/mon_client.c | 2 +- net/ceph/osd_client.c | 2 +- net/core/neighbour.c | 2 +- net/core/pktgen.c | 39 - net/core/stream.c | 2 +- net/ipv4/igmp.c | 6 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv6/addrconf.c | 8 +- net/ipv6/mcast.c | 10 +-- net/netfilter/ipvs/ip_vs_twos.c | 4 +- net/packet/af_packet.c| 2 +- net/sched/act_gact.c | 2 +- net/sched/act_sample.c| 2 +- net/sched/sch_netem.c | 4 +- net/sctp/socket.c | 2 +- net/tipc/socket.c | 2 +- net/xfrm/xfrm_state.c | 2 +- 67 files changed, 173 insertions(+), 177 deletions(-) diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c index 3d9cace63884..35129ae36067 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -375,7 +375,7 @@ static unsigned long sigpage_addr(const struct mm_struct *mm, slots = ((last - first) >> PAGE_SHIFT) + 1; - offset = get_random_int() % slots; + offset = prandom_u32_max(slots); addr = first + (offset << PAGE_SHIFT); diff --git a/arch
[PATCH v4 0/6] treewide cleanup of random integer usage
ux...@lists.infradead.org
Cc: linux-...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: linuxppc-...@lists.ozlabs.org
Cc: loonga...@lists.linux.dev
Cc: net...@vger.kernel.org
Cc: sparcli...@vger.kernel.org
Cc: x...@kernel.org
Jason A. Donenfeld (6):
treewide: use prandom_u32_max() when possible, mechanically
treewide: use prandom_u32_max() when possible
treewide: use get_random_{u8,u16}() when possible
treewide: use get_random_u32() when possible
treewide: use get_random_bytes when possible
prandom: remove unused functions
Documentation/networking/filter.rst | 2 +-
arch/arm/kernel/process.c | 2 +-
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/process.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c| 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/process.c | 2 +-
arch/parisc/kernel/sys_parisc.c | 4 +-
arch/parisc/kernel/vdso.c | 2 +-
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
arch/s390/kernel/process.c| 4 +-
arch/s390/kernel/vdso.c | 2 +-
arch/s390/mm/mmap.c | 2 +-
arch/sparc/vdso/vma.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/cpu/amd.c | 2 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
crypto/testmgr.c | 94 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
drivers/char/random.c | 11 +--
drivers/dma/dmatest.c | 2 +-
.../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +-
drivers/gpu/drm/i915/i915_gem_gtt.c | 6 +-
.../gpu/drm/i915/selftests/i915_selftest.c| 2 +-
drivers/gpu/drm/selftests/test-drm_buddy.c| 2 +-
drivers/gpu/drm/selftests/test-drm_mm.c | 2 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/cm.c | 4 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/hw/mlx4/mad.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/md/bcache/request.c | 2 +-
drivers/md/raid5-cache.c | 2 +-
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
.../media/test-drivers/vivid/vivid-radio-rx.c | 4 +-
.../test-drivers/vivid/vivid-touch-cap.c | 6 +-
drivers/misc/habanalabs/gaudi2/gaudi2.c | 2 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 8 +-
drivers/mtd/tests/mtd_nandecctest.c | 12 +--
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c| 19 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/broadcom/cnic.c | 5 +-
.../chelsio/inline_crypto/chtls/chtls_cm.c| 4 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/ethernet/rocker/rocker_main.c | 8 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 16 ++--
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../broadcom/brcm80211/brcmfmac/pno.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
.../net/wireless/marvell/mwifiex/cfg80211.c | 4 +-
.../wireless/microchip/wilc1000/cfg80211.c| 2 +-
.../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +-
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/net/wireless/ti/wlcore/main.c | 2 +-
drivers/nvme/common/auth.c| 2 +-
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c| 4 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 4 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +-
drivers/scsi/qedi/qe
Re: [PATCH v3 3/5] treewide: use get_random_u32() when possible
On Fri, Oct 07, 2022 at 10:12:42AM -0700, Kees Cook wrote:
> On Fri, Oct 07, 2022 at 08:07:58AM -0600, Jason A. Donenfeld wrote:
> > On Fri, Oct 07, 2022 at 04:57:24AM +, Christophe Leroy wrote:
> > >
> > >
> > > Le 07/10/2022 à 01:36, Jason A. Donenfeld a écrit :
> > > > On 10/6/22, Christophe Leroy wrote:
> > > >>
> > > >>
> > > >> Le 06/10/2022 à 19:31, Christophe Leroy a écrit :
> > > >>>
> > > >>>
> > > >>> Le 06/10/2022 à 19:24, Jason A. Donenfeld a écrit :
> > > >>>> Hi Christophe,
> > > >>>>
> > > >>>> On Thu, Oct 6, 2022 at 11:21 AM Christophe Leroy
> > > >>>> wrote:
> > > >>>>> Le 06/10/2022 à 18:53, Jason A. Donenfeld a écrit :
> > > >>>>>> The prandom_u32() function has been a deprecated inline wrapper
> > > >>>>>> around
> > > >>>>>> get_random_u32() for several releases now, and compiles down to the
> > > >>>>>> exact same code. Replace the deprecated wrapper with a direct call
> > > >>>>>> to
> > > >>>>>> the real function. The same also applies to get_random_int(),
> > > >>>>>> which is
> > > >>>>>> just a wrapper around get_random_u32().
> > > >>>>>>
> > > >>>>>> Reviewed-by: Kees Cook
> > > >>>>>> Acked-by: Toke Høiland-Jørgensen # for sch_cake
> > > >>>>>> Acked-by: Chuck Lever # for nfsd
> > > >>>>>> Reviewed-by: Jan Kara # for ext4
> > > >>>>>> Signed-off-by: Jason A. Donenfeld
> > > >>>>>> ---
> > > >>>>>
> > > >>>>>> diff --git a/arch/powerpc/kernel/process.c
> > > >>>>>> b/arch/powerpc/kernel/process.c
> > > >>>>>> index 0fbda89cd1bb..9c4c15afbbe8 100644
> > > >>>>>> --- a/arch/powerpc/kernel/process.c
> > > >>>>>> +++ b/arch/powerpc/kernel/process.c
> > > >>>>>> @@ -2308,6 +2308,6 @@ void notrace __ppc64_runlatch_off(void)
> > > >>>>>> unsigned long arch_align_stack(unsigned long sp)
> > > >>>>>> {
> > > >>>>>> if (!(current->personality & ADDR_NO_RANDOMIZE) &&
> > > >>>>>> randomize_va_space)
> > > >>>>>> - sp -= get_random_int() & ~PAGE_MASK;
> > > >>>>>> + sp -= get_random_u32() & ~PAGE_MASK;
> > > >>>>>> return sp & ~0xf;
> > > >>>>>
> > > >>>>> Isn't that a candidate for prandom_u32_max() ?
> > > >>>>>
> > > >>>>> Note that sp is deemed to be 16 bytes aligned at all time.
> > > >>>>
> > > >>>> Yes, probably. It seemed non-trivial to think about, so I didn't. But
> > > >>>> let's see here... maybe it's not too bad:
> > > >>>>
> > > >>>> If PAGE_MASK is always ~(PAGE_SIZE-1), then ~PAGE_MASK is
> > > >>>> (PAGE_SIZE-1), so prandom_u32_max(PAGE_SIZE) should yield the same
> > > >>>> thing? Is that accurate? And holds across platforms (this comes up a
> > > >>>> few places)? If so, I'll do that for a v4.
> > > >>>>
> > > >>>
> > > >>> On powerpc it is always (from arch/powerpc/include/asm/page.h) :
> > > >>>
> > > >>> /*
> > > >>>* Subtle: (1 << PAGE_SHIFT) is an int, not an unsigned long. So if
> > > >>> we
> > > >>>* assign PAGE_MASK to a larger type it gets extended the way we
> > > >>> want
> > > >>>* (i.e. with 1s in the high bits)
> > > >>>*/
> > > >>> #define PAGE_MASK (~((1 << PAGE_SHIFT) - 1))
> > > >>>
> > > >>> #define PAGE_SIZE(1UL << PAGE_SHIFT)
> > > >>>
> > > >>>
> > > >>> So it would work I guess.
> > > >>
> > > >> But taking into account that sp must remain 16 bytes aligned, would it
> > > >> be better to do something like ?
> > > >>
> > > >>sp -= prandom_u32_max(PAGE_SIZE >> 4) << 4;
> > > >>
> > > >>return sp;
> > > >
> > > > Does this assume that sp is already aligned at the beginning of the
> > > > function? I'd assume from the function's name that this isn't the
> > > > case?
> > >
> > > Ah you are right, I overlooked it.
> >
> > So I think to stay on the safe side, I'm going to go with
> > `prandom_u32_max(PAGE_SIZE)`. Sound good?
>
> Given these kinds of less mechanical changes, it may make sense to split
> these from the "trivial" conversions in a treewide patch. The chance of
> needing a revert from the simple 1:1 conversions is much lower than the
> need to revert by-hand changes.
>
> The Cocci script I suggested in my v1 review gets 80% of the first
> patch, for example.
I'll split things up into a mechanical step and a non-mechanical step.
Good idea.
Jason
Re: [PATCH v3 3/5] treewide: use get_random_u32() when possible
On Fri, Oct 07, 2022 at 04:57:24AM +, Christophe Leroy wrote:
>
>
> Le 07/10/2022 à 01:36, Jason A. Donenfeld a écrit :
> > On 10/6/22, Christophe Leroy wrote:
> >>
> >>
> >> Le 06/10/2022 à 19:31, Christophe Leroy a écrit :
> >>>
> >>>
> >>> Le 06/10/2022 à 19:24, Jason A. Donenfeld a écrit :
> >>>> Hi Christophe,
> >>>>
> >>>> On Thu, Oct 6, 2022 at 11:21 AM Christophe Leroy
> >>>> wrote:
> >>>>> Le 06/10/2022 à 18:53, Jason A. Donenfeld a écrit :
> >>>>>> The prandom_u32() function has been a deprecated inline wrapper around
> >>>>>> get_random_u32() for several releases now, and compiles down to the
> >>>>>> exact same code. Replace the deprecated wrapper with a direct call to
> >>>>>> the real function. The same also applies to get_random_int(), which is
> >>>>>> just a wrapper around get_random_u32().
> >>>>>>
> >>>>>> Reviewed-by: Kees Cook
> >>>>>> Acked-by: Toke Høiland-Jørgensen # for sch_cake
> >>>>>> Acked-by: Chuck Lever # for nfsd
> >>>>>> Reviewed-by: Jan Kara # for ext4
> >>>>>> Signed-off-by: Jason A. Donenfeld
> >>>>>> ---
> >>>>>
> >>>>>> diff --git a/arch/powerpc/kernel/process.c
> >>>>>> b/arch/powerpc/kernel/process.c
> >>>>>> index 0fbda89cd1bb..9c4c15afbbe8 100644
> >>>>>> --- a/arch/powerpc/kernel/process.c
> >>>>>> +++ b/arch/powerpc/kernel/process.c
> >>>>>> @@ -2308,6 +2308,6 @@ void notrace __ppc64_runlatch_off(void)
> >>>>>> unsigned long arch_align_stack(unsigned long sp)
> >>>>>> {
> >>>>>> if (!(current->personality & ADDR_NO_RANDOMIZE) &&
> >>>>>> randomize_va_space)
> >>>>>> - sp -= get_random_int() & ~PAGE_MASK;
> >>>>>> + sp -= get_random_u32() & ~PAGE_MASK;
> >>>>>> return sp & ~0xf;
> >>>>>
> >>>>> Isn't that a candidate for prandom_u32_max() ?
> >>>>>
> >>>>> Note that sp is deemed to be 16 bytes aligned at all time.
> >>>>
> >>>> Yes, probably. It seemed non-trivial to think about, so I didn't. But
> >>>> let's see here... maybe it's not too bad:
> >>>>
> >>>> If PAGE_MASK is always ~(PAGE_SIZE-1), then ~PAGE_MASK is
> >>>> (PAGE_SIZE-1), so prandom_u32_max(PAGE_SIZE) should yield the same
> >>>> thing? Is that accurate? And holds across platforms (this comes up a
> >>>> few places)? If so, I'll do that for a v4.
> >>>>
> >>>
> >>> On powerpc it is always (from arch/powerpc/include/asm/page.h) :
> >>>
> >>> /*
> >>>* Subtle: (1 << PAGE_SHIFT) is an int, not an unsigned long. So if we
> >>>* assign PAGE_MASK to a larger type it gets extended the way we want
> >>>* (i.e. with 1s in the high bits)
> >>>*/
> >>> #define PAGE_MASK (~((1 << PAGE_SHIFT) - 1))
> >>>
> >>> #define PAGE_SIZE(1UL << PAGE_SHIFT)
> >>>
> >>>
> >>> So it would work I guess.
> >>
> >> But taking into account that sp must remain 16 bytes aligned, would it
> >> be better to do something like ?
> >>
> >>sp -= prandom_u32_max(PAGE_SIZE >> 4) << 4;
> >>
> >>return sp;
> >
> > Does this assume that sp is already aligned at the beginning of the
> > function? I'd assume from the function's name that this isn't the
> > case?
>
> Ah you are right, I overlooked it.
So I think to stay on the safe side, I'm going to go with
`prandom_u32_max(PAGE_SIZE)`. Sound good?
Jason
Re: [f2fs-dev] [PATCH v1 3/5] treewide: use get_random_u32() when possible
On Thu, Oct 06, 2022 at 10:43:31AM +0200, Jan Kara wrote:
> The code here is effectively doing the
>
> parent_group = prandom_u32_max(ngroups);
>
> Similarly here we can use prandom_u32_max(ngroups) like:
>
> if (qstr) {
> ...
> parent_group = hinfo.hash % ngroups;
> } else
> parent_group = prandom_u32_max(ngroups);
Nice catch. I'll move these to patch #1.
> > diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
> > index 9af68a7ecdcf..588cb09c5291 100644
> > --- a/fs/ext4/mmp.c
> > +++ b/fs/ext4/mmp.c
> > @@ -265,7 +265,7 @@ static unsigned int mmp_new_seq(void)
> > u32 new_seq;
> >
> > do {
> > - new_seq = prandom_u32();
> > + new_seq = get_random_u32();
> > } while (new_seq > EXT4_MMP_SEQ_MAX);
>
> OK, here we again effectively implement prandom_u32_max(EXT4_MMP_SEQ_MAX + 1).
> Just presumably we didn't want to use modulo here because EXT4_MMP_SEQ_MAX
> is rather big and so the resulting 'new_seq' would be seriously
> non-uniform.
I'm not handling this during this patch set, but if in the course of
review we find enough places that want actually uniformly bounded
integers, I'll implement efficient rejection sampling to clean up these
cases, with something faster and general, and add a new function for it.
So far this is the first case to come up, but we'll probably eventually
find others. So I'll make note of this.
Jason
Re: [PATCH v1 1/5] treewide: use prandom_u32_max() when possible
Hi Kees,
On Wed, Oct 05, 2022 at 09:16:50PM -0700, Kees Cook wrote:
> On Wed, Oct 05, 2022 at 11:48:40PM +0200, Jason A. Donenfeld wrote:
> > Rather than incurring a division or requesting too many random bytes for
> > the given range, use the prandom_u32_max() function, which only takes
> > the minimum required bytes from the RNG and avoids divisions.
>
> Yes please!
>
> Since this is a treewide patch, it's helpful for (me at least) doing
> reviews to detail the mechanism of the transformation.
This is hand done. There were also various wrong seds done. And then I'd
edit the .diff manually, and then reapply it, as an iterative process.
No internet on the airplane, and oddly no spatch already on my laptop (I
think I had some Gentoo ocaml issues at some point and removed it?).
> e.g. I imagine this could be done with something like Coccinelle and
Feel free to check the work here by using Coccinelle if you're into
that.
> > static inline int ubi_dbg_is_bitflip(const struct ubi_device *ubi)
> > {
> > if (ubi->dbg.emulate_bitflips)
> > - return !(prandom_u32() % 200);
> > + return !(prandom_u32_max(200));
> > return 0;
> > }
> >
>
> Because some looks automated (why the parens?)
I saw this before going out and thought I'd fixed it but I guess I sent
the wrong one.
Jason
Re: [f2fs-dev] [PATCH v1 0/5] treewide cleanup of random integer usage
A v2 that won't murder your mail setup is now available here: https://lore.kernel.org/lkml/20221006132510.23374-1-ja...@zx2c4.com/ Please do not (attempt to) post more replies to v1, as it kicks up a storm of angry MTAs.
Re: [PATCH v1 2/5] treewide: use get_random_{u8,u16}() when possible
On Wed, Oct 05, 2022 at 09:38:02PM -0700, Kees Cook wrote:
> > diff --git a/lib/test_vmalloc.c b/lib/test_vmalloc.c
> > index 56ffaa8dd3f6..0131ed2cd1bd 100644
> > --- a/lib/test_vmalloc.c
> > +++ b/lib/test_vmalloc.c
> > @@ -80,7 +80,7 @@ static int random_size_align_alloc_test(void)
> > int i;
> >
> > for (i = 0; i < test_loop_count; i++) {
> > - rnd = prandom_u32();
> > + rnd = get_random_u8();
> >
> > /*
> > * Maximum 1024 pages, if PAGE_SIZE is 4096.
>
> This wasn't obvious either, but it looks like it's because it never
> consumes more than u8?
Right. The only uses of that are %23 and %10 later on down.
Jason
Re: [PATCH v1 0/5] treewide cleanup of random integer usage
On Wed, Oct 05, 2022 at 09:55:43PM -0700, Kees Cook wrote: > It'd be nice to capture some (all?) of the above somewhere. Perhaps just > a massive comment in the header? I'll include (something like) this in some "how to use" documentation I'm working on separately. > > I've CC'd get_maintainers.pl, which is a pretty big list. Probably some > > portion of those are going to bounce, too, and everytime you reply to > > this thread, you'll have to deal with a bunch of bounces coming > > immediately after. And a recipient list this big will probably dock my > > email domain's spam reputation, at least temporarily. Sigh. I think > > that's just how it goes with treewide cleanups though. Again, let me > > know if I'm doing it wrong. > > I usually stick to just mailing lists and subsystem maintainers. Lord have mercy I really wish I had done that. I supremely butchered the sending of this, and then tried to save it by resubmitting directly to vger with the same message ID but truncated CC, which mostly worked, but the whole thing is a mess. I'll trim this to subsystem maintainers and resubmit a v2 right away, rather than having people wade through the mess. To any one who's reading this: no more replies to v1! It clogs the tubes. > If any of the subsystems ask you to break this up (I hope not), I've got Oh god I surely hope not. Sounds like a massive waste of time and paperwork. Jason
Re: [f2fs-dev] [PATCH v1 3/5] treewide: use get_random_u32() when possible
On Thu, Oct 6, 2022 at 7:01 AM Andy Shevchenko
wrote:
>
> On Thu, Oct 06, 2022 at 06:33:15AM -0600, Jason A. Donenfeld wrote:
> > On Thu, Oct 06, 2022 at 10:43:31AM +0200, Jan Kara wrote:
>
> ...
>
> > > The code here is effectively doing the
> > >
> > > parent_group = prandom_u32_max(ngroups);
> > >
> > > Similarly here we can use prandom_u32_max(ngroups) like:
> > >
> > > if (qstr) {
> > > ...
> > > parent_group = hinfo.hash % ngroups;
> > > } else
> > > parent_group = prandom_u32_max(ngroups);
> >
> > Nice catch. I'll move these to patch #1.
>
> I believe coccinelle is able to handle this kind of code as well
I'd be extremely surprised. The details were kind of non obvious. I
just spent a decent amount of time manually checking those blocks, to
make sure we didn't wind up with different behavior, given the
variable reuse.
Jason
Re: [PATCH v1 3/5] treewide: use get_random_u32() when possible
On Thu, Oct 6, 2022 at 6:47 AM Jason Gunthorpe wrote: > > On Wed, Oct 05, 2022 at 11:48:42PM +0200, Jason A. Donenfeld wrote: > > > index 14392c942f49..499a425a3379 100644 > > --- a/drivers/infiniband/hw/cxgb4/cm.c > > +++ b/drivers/infiniband/hw/cxgb4/cm.c > > @@ -734,7 +734,7 @@ static int send_connect(struct c4iw_ep *ep) > > &ep->com.remote_addr; > > int ret; > > enum chip_type adapter_type = ep->com.dev->rdev.lldi.adapter_type; > > - u32 isn = (prandom_u32() & ~7UL) - 1; > > + u32 isn = (get_random_u32() & ~7UL) - 1; > > Maybe this wants to be written as > > (prandom_max(U32_MAX >> 7) << 7) | 7 > > ? Holy smokes. Yea I guess maybe? It doesn't exactly gain anything or make the code clearer though, and is a little bit more magical than I'd like on a first pass. > > > diff --git a/drivers/infiniband/ulp/ipoib/ipoib_cm.c > > b/drivers/infiniband/ulp/ipoib/ipoib_cm.c > > index fd9d7f2c4d64..a605cf66b83e 100644 > > --- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c > > +++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c > > @@ -465,7 +465,7 @@ static int ipoib_cm_req_handler(struct ib_cm_id *cm_id, > > goto err_qp; > > } > > > > - psn = prandom_u32() & 0xff; > > + psn = get_random_u32() & 0xff; > > prandom_max(0xff + 1) That'd work, but again it's not more clear. Authors here are going for a 24-bit number, and masking seems like a clear way to express that. Jason
Re: [PATCH v3 4/5] treewide: use get_random_bytes when possible
On 10/6/22, Bagas Sanjaya wrote:
> On 10/6/22 23:53, Jason A. Donenfeld wrote:
>> The prandom_bytes() function has been a deprecated inline wrapper around
>> get_random_bytes() for several releases now, and compiles down to the
>> exact same code. Replace the deprecated wrapper with a direct call to
>> the real function.
>>
>> Reviewed-by: Kees Cook
>> Signed-off-by: Jason A. Donenfeld
>> ---
>> arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
>> block/blk-crypto-fallback.c | 2 +-
>> crypto/async_tx/raid6test.c | 2 +-
>> drivers/dma/dmatest.c | 2 +-
>> drivers/mtd/nand/raw/nandsim.c | 2 +-
>> drivers/mtd/tests/mtd_nandecctest.c | 2 +-
>> drivers/mtd/tests/speedtest.c | 2 +-
>> drivers/mtd/tests/stresstest.c | 2 +-
>> drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
>> drivers/net/ethernet/rocker/rocker_main.c | 2 +-
>> drivers/net/wireguard/selftest/allowedips.c | 12 ++--
>> fs/ubifs/debug.c| 2 +-
>> kernel/kcsan/selftest.c | 2 +-
>> lib/random32.c | 2 +-
>> lib/test_objagg.c | 2 +-
>> lib/uuid.c | 2 +-
>> net/ipv4/route.c| 2 +-
>> net/mac80211/rc80211_minstrel_ht.c | 2 +-
>> net/sched/sch_pie.c | 2 +-
>> 19 files changed, 24 insertions(+), 24 deletions(-)
>>
>> diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
>> b/arch/powerpc/crypto/crc-vpmsum_test.c
>> index c1c1ef9457fb..273c527868db 100644
>> --- a/arch/powerpc/crypto/crc-vpmsum_test.c
>> +++ b/arch/powerpc/crypto/crc-vpmsum_test.c
>> @@ -82,7 +82,7 @@ static int __init crc_test_init(void)
>>
>> if (len <= offset)
>> continue;
>> -prandom_bytes(data, len);
>> +get_random_bytes(data, len);
>> len -= offset;
>>
>> crypto_shash_update(crct10dif_shash, data+offset, len);
>> diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
>> index 621abd1b0e4d..ad9844c5b40c 100644
>> --- a/block/blk-crypto-fallback.c
>> +++ b/block/blk-crypto-fallback.c
>> @@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
>> if (blk_crypto_fallback_inited)
>> return 0;
>>
>> -prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
>> +get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
>>
>> err = bioset_init(&crypto_bio_split, 64, 0, 0);
>> if (err)
>> diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
>> index c9d218e53bcb..f74505f2baf0 100644
>> --- a/crypto/async_tx/raid6test.c
>> +++ b/crypto/async_tx/raid6test.c
>> @@ -37,7 +37,7 @@ static void makedata(int disks)
>> int i;
>>
>> for (i = 0; i < disks; i++) {
>> -prandom_bytes(page_address(data[i]), PAGE_SIZE);
>> +get_random_bytes(page_address(data[i]), PAGE_SIZE);
>> dataptrs[i] = data[i];
>> dataoffs[i] = 0;
>> }
>> diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
>> index 9fe2ae794316..ffe621695e47 100644
>> --- a/drivers/dma/dmatest.c
>> +++ b/drivers/dma/dmatest.c
>> @@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
>> {
>> unsigned long buf;
>>
>> -prandom_bytes(&buf, sizeof(buf));
>> +get_random_bytes(&buf, sizeof(buf));
>> return buf;
>> }
>>
>> diff --git a/drivers/mtd/nand/raw/nandsim.c
>> b/drivers/mtd/nand/raw/nandsim.c
>> index 4bdaf4aa7007..c941a5a41ea6 100644
>> --- a/drivers/mtd/nand/raw/nandsim.c
>> +++ b/drivers/mtd/nand/raw/nandsim.c
>> @@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int
>> num)
>> unsigned int page_no = ns->regs.row;
>>
>> if (ns_read_error(page_no)) {
>> -prandom_bytes(ns->buf.byte, num);
>> +get_random_bytes(ns->buf.byte, num);
>> NS_WARN("simulating read error in page %u\n", page_no);
>> return 1;
>> }
>> diff --git a/drivers/mtd/tests/mtd_nandecctest.c
>> b/drivers/mtd/tests/mtd_nandecctest.c
>> index 1c7201b0f372..440988562cfd 100644
>> --- a/drivers/mtd/tests/mtd_nandecctest.c
>> +++ b/drive
Re: [PATCH v3 3/5] treewide: use get_random_u32() when possible
On 10/6/22, Christophe Leroy wrote:
>
>
> Le 06/10/2022 à 19:31, Christophe Leroy a écrit :
>>
>>
>> Le 06/10/2022 à 19:24, Jason A. Donenfeld a écrit :
>>> Hi Christophe,
>>>
>>> On Thu, Oct 6, 2022 at 11:21 AM Christophe Leroy
>>> wrote:
>>>> Le 06/10/2022 à 18:53, Jason A. Donenfeld a écrit :
>>>>> The prandom_u32() function has been a deprecated inline wrapper around
>>>>> get_random_u32() for several releases now, and compiles down to the
>>>>> exact same code. Replace the deprecated wrapper with a direct call to
>>>>> the real function. The same also applies to get_random_int(), which is
>>>>> just a wrapper around get_random_u32().
>>>>>
>>>>> Reviewed-by: Kees Cook
>>>>> Acked-by: Toke Høiland-Jørgensen # for sch_cake
>>>>> Acked-by: Chuck Lever # for nfsd
>>>>> Reviewed-by: Jan Kara # for ext4
>>>>> Signed-off-by: Jason A. Donenfeld
>>>>> ---
>>>>
>>>>> diff --git a/arch/powerpc/kernel/process.c
>>>>> b/arch/powerpc/kernel/process.c
>>>>> index 0fbda89cd1bb..9c4c15afbbe8 100644
>>>>> --- a/arch/powerpc/kernel/process.c
>>>>> +++ b/arch/powerpc/kernel/process.c
>>>>> @@ -2308,6 +2308,6 @@ void notrace __ppc64_runlatch_off(void)
>>>>>unsigned long arch_align_stack(unsigned long sp)
>>>>>{
>>>>>if (!(current->personality & ADDR_NO_RANDOMIZE) &&
>>>>> randomize_va_space)
>>>>> - sp -= get_random_int() & ~PAGE_MASK;
>>>>> + sp -= get_random_u32() & ~PAGE_MASK;
>>>>>return sp & ~0xf;
>>>>
>>>> Isn't that a candidate for prandom_u32_max() ?
>>>>
>>>> Note that sp is deemed to be 16 bytes aligned at all time.
>>>
>>> Yes, probably. It seemed non-trivial to think about, so I didn't. But
>>> let's see here... maybe it's not too bad:
>>>
>>> If PAGE_MASK is always ~(PAGE_SIZE-1), then ~PAGE_MASK is
>>> (PAGE_SIZE-1), so prandom_u32_max(PAGE_SIZE) should yield the same
>>> thing? Is that accurate? And holds across platforms (this comes up a
>>> few places)? If so, I'll do that for a v4.
>>>
>>
>> On powerpc it is always (from arch/powerpc/include/asm/page.h) :
>>
>> /*
>> * Subtle: (1 << PAGE_SHIFT) is an int, not an unsigned long. So if we
>> * assign PAGE_MASK to a larger type it gets extended the way we want
>> * (i.e. with 1s in the high bits)
>> */
>> #define PAGE_MASK (~((1 << PAGE_SHIFT) - 1))
>>
>> #define PAGE_SIZE(1UL << PAGE_SHIFT)
>>
>>
>> So it would work I guess.
>
> But taking into account that sp must remain 16 bytes aligned, would it
> be better to do something like ?
>
> sp -= prandom_u32_max(PAGE_SIZE >> 4) << 4;
>
> return sp;
Does this assume that sp is already aligned at the beginning of the
function? I'd assume from the function's name that this isn't the
case?
Jason
Re: [PATCH v3 3/5] treewide: use get_random_u32() when possible
Hi Christophe,
On Thu, Oct 6, 2022 at 11:21 AM Christophe Leroy
wrote:
> Le 06/10/2022 à 18:53, Jason A. Donenfeld a écrit :
> > The prandom_u32() function has been a deprecated inline wrapper around
> > get_random_u32() for several releases now, and compiles down to the
> > exact same code. Replace the deprecated wrapper with a direct call to
> > the real function. The same also applies to get_random_int(), which is
> > just a wrapper around get_random_u32().
> >
> > Reviewed-by: Kees Cook
> > Acked-by: Toke Høiland-Jørgensen # for sch_cake
> > Acked-by: Chuck Lever # for nfsd
> > Reviewed-by: Jan Kara # for ext4
> > Signed-off-by: Jason A. Donenfeld
> > ---
>
> > diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
> > index 0fbda89cd1bb..9c4c15afbbe8 100644
> > --- a/arch/powerpc/kernel/process.c
> > +++ b/arch/powerpc/kernel/process.c
> > @@ -2308,6 +2308,6 @@ void notrace __ppc64_runlatch_off(void)
> > unsigned long arch_align_stack(unsigned long sp)
> > {
> > if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
> > - sp -= get_random_int() & ~PAGE_MASK;
> > + sp -= get_random_u32() & ~PAGE_MASK;
> > return sp & ~0xf;
>
> Isn't that a candidate for prandom_u32_max() ?
>
> Note that sp is deemed to be 16 bytes aligned at all time.
Yes, probably. It seemed non-trivial to think about, so I didn't. But
let's see here... maybe it's not too bad:
If PAGE_MASK is always ~(PAGE_SIZE-1), then ~PAGE_MASK is
(PAGE_SIZE-1), so prandom_u32_max(PAGE_SIZE) should yield the same
thing? Is that accurate? And holds across platforms (this comes up a
few places)? If so, I'll do that for a v4.
Jason
[PATCH v3 5/5] prandom: remove unused functions
With no callers left of prandom_u32() and prandom_bytes(), as well as
get_random_int(), remove these deprecated wrappers, in favor of
get_random_u32() and get_random_bytes().
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 11 +--
include/linux/prandom.h | 12
include/linux/random.h | 5 -
3 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 01acf235f263..2fe28eeb2f38 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -97,7 +97,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit
suppression");
* Returns whether or not the input pool has been seeded and thus guaranteed
* to supply cryptographically secure random numbers. This applies to: the
* /dev/urandom device, the get_random_bytes function, and the get_random_{u8,
- * u16,u32,u64,int,long} family of functions.
+ * u16,u32,u64,long} family of functions.
*
* Returns: true if the input pool has been seeded.
* false if the input pool has not been seeded.
@@ -161,15 +161,14 @@ EXPORT_SYMBOL(wait_for_random_bytes);
* u16 get_random_u16()
* u32 get_random_u32()
* u64 get_random_u64()
- * unsigned int get_random_int()
* unsigned long get_random_long()
*
* These interfaces will return the requested number of random bytes
* into the given buffer or as a return value. This is equivalent to
- * a read from /dev/urandom. The u8, u16, u32, u64, int, and long
- * family of functions may be higher performance for one-off random
- * integers, because they do a bit of buffering and do not invoke
- * reseeding until the buffer is emptied.
+ * a read from /dev/urandom. The u8, u16, u32, u64, long family of
+ * functions may be higher performance for one-off random integers,
+ * because they do a bit of buffering and do not invoke reseeding
+ * until the buffer is emptied.
*
*/
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index 78db003bc290..e0a0759dd09c 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -12,18 +12,6 @@
#include
#include
-/* Deprecated: use get_random_u32 instead. */
-static inline u32 prandom_u32(void)
-{
- return get_random_u32();
-}
-
-/* Deprecated: use get_random_bytes instead. */
-static inline void prandom_bytes(void *buf, size_t nbytes)
-{
- return get_random_bytes(buf, nbytes);
-}
-
struct rnd_state {
__u32 s1, s2, s3, s4;
};
diff --git a/include/linux/random.h b/include/linux/random.h
index 08322f700cdc..147a5e0d0b8e 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -42,10 +42,6 @@ u8 get_random_u8(void);
u16 get_random_u16(void);
u32 get_random_u32(void);
u64 get_random_u64(void);
-static inline unsigned int get_random_int(void)
-{
- return get_random_u32();
-}
static inline unsigned long get_random_long(void)
{
#if BITS_PER_LONG == 64
@@ -100,7 +96,6 @@ declare_get_random_var_wait(u8, u8)
declare_get_random_var_wait(u16, u16)
declare_get_random_var_wait(u32, u32)
declare_get_random_var_wait(u64, u32)
-declare_get_random_var_wait(int, unsigned int)
declare_get_random_var_wait(long, unsigned long)
#undef declare_get_random_var
--
2.37.3
[PATCH v3 4/5] treewide: use get_random_bytes when possible
The prandom_bytes() function has been a deprecated inline wrapper around
get_random_bytes() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function.
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
drivers/dma/dmatest.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/mtd/tests/mtd_nandecctest.c | 2 +-
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 12 ++--
fs/ubifs/debug.c| 2 +-
kernel/kcsan/selftest.c | 2 +-
lib/random32.c | 2 +-
lib/test_objagg.c | 2 +-
lib/uuid.c | 2 +-
net/ipv4/route.c| 2 +-
net/mac80211/rc80211_minstrel_ht.c | 2 +-
net/sched/sch_pie.c | 2 +-
19 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
b/arch/powerpc/crypto/crc-vpmsum_test.c
index c1c1ef9457fb..273c527868db 100644
--- a/arch/powerpc/crypto/crc-vpmsum_test.c
+++ b/arch/powerpc/crypto/crc-vpmsum_test.c
@@ -82,7 +82,7 @@ static int __init crc_test_init(void)
if (len <= offset)
continue;
- prandom_bytes(data, len);
+ get_random_bytes(data, len);
len -= offset;
crypto_shash_update(crct10dif_shash, data+offset, len);
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 621abd1b0e4d..ad9844c5b40c 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
if (blk_crypto_fallback_inited)
return 0;
- prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
+ get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
err = bioset_init(&crypto_bio_split, 64, 0, 0);
if (err)
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c9d218e53bcb..f74505f2baf0 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -37,7 +37,7 @@ static void makedata(int disks)
int i;
for (i = 0; i < disks; i++) {
- prandom_bytes(page_address(data[i]), PAGE_SIZE);
+ get_random_bytes(page_address(data[i]), PAGE_SIZE);
dataptrs[i] = data[i];
dataoffs[i] = 0;
}
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index 9fe2ae794316..ffe621695e47 100644
--- a/drivers/dma/dmatest.c
+++ b/drivers/dma/dmatest.c
@@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
{
unsigned long buf;
- prandom_bytes(&buf, sizeof(buf));
+ get_random_bytes(&buf, sizeof(buf));
return buf;
}
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index 4bdaf4aa7007..c941a5a41ea6 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
unsigned int page_no = ns->regs.row;
if (ns_read_error(page_no)) {
- prandom_bytes(ns->buf.byte, num);
+ get_random_bytes(ns->buf.byte, num);
NS_WARN("simulating read error in page %u\n", page_no);
return 1;
}
diff --git a/drivers/mtd/tests/mtd_nandecctest.c
b/drivers/mtd/tests/mtd_nandecctest.c
index 1c7201b0f372..440988562cfd 100644
--- a/drivers/mtd/tests/mtd_nandecctest.c
+++ b/drivers/mtd/tests/mtd_nandecctest.c
@@ -266,7 +266,7 @@ static int nand_ecc_test_run(const size_t size)
goto error;
}
- prandom_bytes(correct_data, size);
+ get_random_bytes(correct_data, size);
ecc_sw_hamming_calculate(correct_data, size, correct_ecc, sm_order);
for (i = 0; i < ARRAY_SIZE(nand_ecc_test); i++) {
nand_ecc_test[i].prepare(error_data, error_ecc,
diff --git a/drivers/mtd/tests/speedtest.c b/drivers/mtd/tests/speedtest.c
index c9ec7086bfa1..075bce32caa5 100644
--- a/drivers/mtd/tests/speedtest.c
+++ b/drivers/mtd/tests/speedtest.c
@@ -223,7 +223,7 @@ static int __init mtd_speedtest_init(void)
if (!iobuf)
goto out;
- prandom_bytes(iobuf, mtd->erasesize);
+ get_random_bytes(iobuf, mtd->erasesize);
bbt = kzalloc(ebcnt, GFP_KERNEL);
if (!bbt)
[PATCH v3 3/5] treewide: use get_random_u32() when possible
The prandom_u32() function has been a deprecated inline wrapper around get_random_u32() for several releases now, and compiles down to the exact same code. Replace the deprecated wrapper with a direct call to the real function. The same also applies to get_random_int(), which is just a wrapper around get_random_u32(). Reviewed-by: Kees Cook Acked-by: Toke Høiland-Jørgensen # for sch_cake Acked-by: Chuck Lever # for nfsd Reviewed-by: Jan Kara # for ext4 Signed-off-by: Jason A. Donenfeld --- Documentation/networking/filter.rst| 2 +- arch/arm64/kernel/process.c| 2 +- arch/loongarch/kernel/process.c| 2 +- arch/mips/kernel/process.c | 2 +- arch/parisc/kernel/process.c | 2 +- arch/parisc/kernel/sys_parisc.c| 4 ++-- arch/powerpc/kernel/process.c | 2 +- arch/s390/kernel/process.c | 2 +- arch/s390/mm/mmap.c| 2 +- arch/x86/kernel/cpu/amd.c | 2 +- drivers/gpu/drm/i915/i915_gem_gtt.c| 6 +++--- drivers/gpu/drm/i915/selftests/i915_selftest.c | 2 +- drivers/gpu/drm/selftests/test-drm_buddy.c | 2 +- drivers/gpu/drm/selftests/test-drm_mm.c| 2 +- drivers/infiniband/hw/cxgb4/cm.c | 4 ++-- drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c| 2 +- drivers/md/raid5-cache.c | 2 +- .../media/test-drivers/vivid/vivid-touch-cap.c | 4 ++-- drivers/misc/habanalabs/gaudi2/gaudi2.c| 2 +- drivers/mtd/nand/raw/nandsim.c | 2 +- drivers/net/bonding/bond_main.c| 2 +- drivers/net/ethernet/broadcom/cnic.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- drivers/net/ethernet/rocker/rocker_main.c | 6 +++--- .../wireless/broadcom/brcm80211/brcmfmac/pno.c | 2 +- .../net/wireless/marvell/mwifiex/cfg80211.c| 4 ++-- .../net/wireless/microchip/wilc1000/cfg80211.c | 2 +- .../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +- drivers/net/wireless/ti/wlcore/main.c | 2 +- drivers/nvme/common/auth.c | 2 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++-- drivers/target/iscsi/cxgbit/cxgbit_cm.c| 2 +- drivers/thunderbolt/xdomain.c | 2 +- drivers/video/fbdev/uvesafb.c | 2 +- fs/exfat/inode.c | 2 +- fs/ext4/ialloc.c | 2 +- fs/ext4/ioctl.c| 4 ++-- fs/ext4/mmp.c | 2 +- fs/f2fs/namei.c| 2 +- fs/fat/inode.c | 2 +- fs/nfsd/nfs4state.c| 4 ++-- fs/ntfs3/fslog.c | 6 +++--- fs/ubifs/journal.c | 2 +- fs/xfs/libxfs/xfs_ialloc.c | 2 +- fs/xfs/xfs_icache.c| 2 +- fs/xfs/xfs_log.c | 2 +- include/net/netfilter/nf_queue.h | 2 +- include/net/red.h | 2 +- include/net/sock.h | 2 +- kernel/bpf/bloom_filter.c | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/verifier.c | 2 +- kernel/kcsan/selftest.c| 2 +- lib/random32.c | 2 +- lib/reed_solomon/test_rslib.c | 6 +++--- lib/test_fprobe.c | 2 +- lib/test_kprobes.c | 2 +- lib/test_min_heap.c| 6 +++--- lib/test_rhashtable.c | 6 +++--- mm/shmem.c | 2 +- mm/slab.c | 2 +- net/802/garp.c | 2 +- net/802/mrp.c | 2 +- net/core/pktgen.c | 4 ++-- net/ipv4/route.c | 2 +- net/ipv4/tcp_cdg.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/ip6_flowlabel.c | 2 +- net/ipv6/output_core.c | 2 +- net/netfilter/ipvs/ip_vs_conn.c| 2 +- net/netfilter/xt_statistic.c | 2 +- net/openvswitch/actions.c | 2 +- net/rds/bind.c | 2 +- net/sched/sch_cake.c | 2 +- net/sched/sch_netem.c | 18 +- net/sunrpc/auth_gss/gss_krb5_wrap.c| 4 ++-- net/sunrpc
[PATCH v3 2/5] treewide: use get_random_{u8,u16}() when possible
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value.
Reviewed-by: Kees Cook
Acked-by: Toke Høiland-Jørgensen # for sch_cake
Signed-off-by: Jason A. Donenfeld
---
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
arch/s390/kernel/process.c| 2 +-
arch/sparc/vdso/vma.c | 2 +-
crypto/testmgr.c | 8
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/test-drivers/vivid/vivid-radio-rx.c | 4 ++--
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/wireguard/selftest/allowedips.c | 4 ++--
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +++---
lib/cmdline_kunit.c | 4 ++--
lib/test_vmalloc.c| 2 +-
net/dccp/ipv4.c | 4 ++--
net/ipv4/datagram.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 ++--
net/mac80211/scan.c | 2 +-
net/netfilter/nf_nat_core.c | 4 ++--
net/sched/sch_cake.c | 6 +++---
net/sched/sch_sfb.c | 2 +-
net/sctp/socket.c | 2 +-
25 files changed, 38 insertions(+), 38 deletions(-)
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index ea128e32e8ca..e07f359254c3 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -655,7 +655,7 @@ struct page *get_signal_page(void)
PAGE_SIZE / sizeof(u32));
/* Give the signal return code some randomness */
- offset = 0x200 + (get_random_int() & 0x7fc);
+ offset = 0x200 + (get_random_u16() & 0x7fc);
signal_return_offset = offset;
/* Copy signal return handlers into the page */
diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c
index 733451fe7e41..d72e8f23422d 100644
--- a/arch/arm64/kernel/syscall.c
+++ b/arch/arm64/kernel/syscall.c
@@ -67,7 +67,7 @@ static void invoke_syscall(struct pt_regs *regs, unsigned int
scno,
*
* The resulting 5 bits of entropy is seen in SP[8:4].
*/
- choose_random_kstack_offset(get_random_int() & 0x1FF);
+ choose_random_kstack_offset(get_random_u16() & 0x1FF);
}
static inline bool has_syscall_work(unsigned long flags)
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index d5119e039d85..6ec020fdf532 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -230,7 +230,7 @@ unsigned long arch_align_stack(unsigned long sp)
static inline unsigned long brk_rnd(void)
{
- return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
+ return (get_random_u16() & BRK_RND_MASK) << PAGE_SHIFT;
}
unsigned long arch_randomize_brk(struct mm_struct *mm)
diff --git a/arch/sparc/vdso/vma.c b/arch/sparc/vdso/vma.c
index cc19e09b0fa1..04ee726859ca 100644
--- a/arch/sparc/vdso/vma.c
+++ b/arch/sparc/vdso/vma.c
@@ -354,7 +354,7 @@ static unsigned long vdso_addr(unsigned long start,
unsigned int len)
unsigned int offset;
/* This loses some more bits than a modulo, but is cheaper */
- offset = get_random_int() & (PTRS_PER_PTE - 1);
+ offset = get_random_u16() & (PTRS_PER_PTE - 1);
return start + (offset << PAGE_SHIFT);
}
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index be45217acde4..981c637fa2ed 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -927,7 +927,7 @@ static void generate_random_bytes(u8 *buf, size_t count)
b = 0xff;
break;
default:
- b = (u8)prandom_u32();
+ b = get_random_u8();
break;
}
memset(buf, b, count);
@@ -935,8 +935,8 @@ static void generate_random_bytes(u8 *buf, size_t count)
break;
case 2:
/* Ascending or descending bytes, plus optional mutations */
- increment = (u8)prandom_u32();
- b = (u8)prandom_u32();
+ increment = get_random_u8();
+ b = get_random_u8();
[PATCH v3 1/5] treewide: use prandom_u32_max() when possible
Rather than incurring a division or requesting too many random bytes for the given range, use the prandom_u32_max() function, which only takes the minimum required bytes from the RNG and avoids divisions. Reviewed-by: Kees Cook Reviewed-by: KP Singh Reviewed-by: Christoph Böhmwalder # for drbd Reviewed-by: Jan Kara # for ext2, ext4, and sbitmap Signed-off-by: Jason A. Donenfeld --- arch/arm/kernel/process.c | 2 +- arch/loongarch/kernel/vdso.c | 2 +- arch/mips/kernel/vdso.c | 2 +- arch/parisc/kernel/vdso.c | 2 +- arch/s390/kernel/vdso.c | 2 +- arch/um/kernel/process.c | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/kernel/module.c | 2 +- arch/x86/kernel/process.c | 2 +- arch/x86/mm/pat/cpa-test.c| 4 +- crypto/testmgr.c | 86 +-- drivers/block/drbd/drbd_receiver.c| 4 +- .../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +- drivers/infiniband/core/cma.c | 2 +- drivers/infiniband/hw/cxgb4/id_table.c| 4 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +- drivers/md/bcache/request.c | 2 +- .../test-drivers/vivid/vivid-touch-cap.c | 2 +- drivers/mmc/core/core.c | 4 +- drivers/mmc/host/dw_mmc.c | 2 +- drivers/mtd/nand/raw/nandsim.c| 4 +- drivers/mtd/tests/mtd_nandecctest.c | 10 +-- drivers/mtd/tests/stresstest.c| 17 +--- drivers/mtd/ubi/debug.c | 2 +- drivers/mtd/ubi/debug.h | 6 +- drivers/net/ethernet/broadcom/cnic.c | 3 +- .../chelsio/inline_crypto/chtls/chtls_io.c| 4 +- drivers/net/hamradio/baycom_epp.c | 2 +- drivers/net/hamradio/hdlcdrv.c| 2 +- drivers/net/hamradio/yam.c| 2 +- drivers/net/phy/at803x.c | 2 +- .../broadcom/brcm80211/brcmfmac/p2p.c | 2 +- .../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/qedi/qedi_main.c | 2 +- fs/ceph/inode.c | 2 +- fs/ceph/mdsmap.c | 2 +- fs/ext2/ialloc.c | 3 +- fs/ext4/ialloc.c | 5 +- fs/ext4/super.c | 7 +- fs/f2fs/gc.c | 2 +- fs/f2fs/segment.c | 8 +- fs/ubifs/debug.c | 8 +- fs/ubifs/lpt_commit.c | 14 +-- fs/ubifs/tnc_commit.c | 2 +- fs/xfs/libxfs/xfs_alloc.c | 2 +- fs/xfs/libxfs/xfs_ialloc.c| 2 +- fs/xfs/xfs_error.c| 2 +- include/linux/nodemask.h | 2 +- kernel/bpf/core.c | 4 +- kernel/locking/test-ww_mutex.c| 4 +- kernel/time/clocksource.c | 2 +- lib/fault-inject.c| 2 +- lib/find_bit_benchmark.c | 4 +- lib/kobject.c | 2 +- lib/reed_solomon/test_rslib.c | 6 +- lib/sbitmap.c | 4 +- lib/test-string_helpers.c | 2 +- lib/test_hexdump.c| 10 +-- lib/test_kasan.c | 6 +- lib/test_list_sort.c | 2 +- lib/test_vmalloc.c| 17 +--- mm/migrate.c | 2 +- mm/slub.c | 2 +- net/ceph/mon_client.c | 2 +- net/ceph/osd_client.c | 2 +- net/core/neighbour.c | 2 +- net/core/pktgen.c | 43 +- net/core/stream.c | 2 +- net/ipv4/igmp.c | 6 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/inet_hashtables.c| 2 +- net/ipv6/addrconf.c | 8 +- net/ipv6/mcast.c | 10 +-- net/netfilter/ipvs/ip_vs_twos.c | 4 +- net/packet/af_packet.c| 2 +- net/sched/act_gact.c | 2 +- net/sched/act_sample.c| 2 +- net/sched/sch_netem.c | 4 +- net/sctp/socket.c | 2 +- net/sunrpc/cache.c| 2 +- net/sunrpc/xprtsock.c | 2 +- net/tipc
[PATCH v3 0/5] treewide cleanup of random integer usage
ozlabs.org
Cc: loonga...@lists.linux.dev
Cc: net...@vger.kernel.org
Cc: sparcli...@vger.kernel.org
Cc: x...@kernel.org
Jason A. Donenfeld (5):
treewide: use prandom_u32_max() when possible
treewide: use get_random_{u8,u16}() when possible
treewide: use get_random_u32() when possible
treewide: use get_random_bytes when possible
prandom: remove unused functions
Documentation/networking/filter.rst | 2 +-
arch/arm/kernel/process.c | 2 +-
arch/arm/kernel/signal.c | 2 +-
arch/arm64/kernel/process.c | 2 +-
arch/arm64/kernel/syscall.c | 2 +-
arch/loongarch/kernel/process.c | 2 +-
arch/loongarch/kernel/vdso.c | 2 +-
arch/mips/kernel/process.c| 2 +-
arch/mips/kernel/vdso.c | 2 +-
arch/parisc/kernel/process.c | 2 +-
arch/parisc/kernel/sys_parisc.c | 4 +-
arch/parisc/kernel/vdso.c | 2 +-
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
arch/s390/kernel/process.c| 4 +-
arch/s390/kernel/vdso.c | 2 +-
arch/s390/mm/mmap.c | 2 +-
arch/sparc/vdso/vma.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/cpu/amd.c | 2 +-
arch/x86/kernel/module.c | 2 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
crypto/testmgr.c | 94 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
drivers/char/random.c | 11 +--
drivers/dma/dmatest.c | 2 +-
.../gpu/drm/i915/gem/i915_gem_execbuffer.c| 2 +-
drivers/gpu/drm/i915/i915_gem_gtt.c | 6 +-
.../gpu/drm/i915/selftests/i915_selftest.c| 2 +-
drivers/gpu/drm/selftests/test-drm_buddy.c| 2 +-
drivers/gpu/drm/selftests/test-drm_mm.c | 2 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/cm.c | 4 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/hw/mlx4/mad.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/md/bcache/request.c | 2 +-
drivers/md/raid5-cache.c | 2 +-
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
.../media/test-drivers/vivid/vivid-radio-rx.c | 4 +-
.../test-drivers/vivid/vivid-touch-cap.c | 6 +-
drivers/misc/habanalabs/gaudi2/gaudi2.c | 2 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 8 +-
drivers/mtd/tests/mtd_nandecctest.c | 12 +--
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c| 19 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/broadcom/cnic.c | 5 +-
.../chelsio/inline_crypto/chtls/chtls_cm.c| 4 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/ethernet/rocker/rocker_main.c | 8 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 16 ++--
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../broadcom/brcm80211/brcmfmac/pno.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
.../net/wireless/marvell/mwifiex/cfg80211.c | 4 +-
.../wireless/microchip/wilc1000/cfg80211.c| 2 +-
.../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +-
drivers/net/wireless/st/cw1200/wsm.c | 2 +-
drivers/net/wireless/ti/wlcore/main.c | 2 +-
drivers/nvme/common/auth.c| 2 +-
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c| 4 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 4 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +-
drivers/scsi/qedi/qedi_main.c | 2 +-
drivers/target/iscsi/cxgbit/cxgbit_cm.c | 2 +-
drivers/thunderbolt/xdomain.c | 2 +-
drivers/video/fbdev/uv
Re: [PATCH v2 0/5] treewide cleanup of random integer usage
FYI, v3, which I'll wait a bit before posting, will also take care of get_random_int().
Re: [PATCH v2 0/5] treewide cleanup of random integer usage
On Thu, Oct 6, 2022 at 7:25 AM Jason A. Donenfeld wrote: > This is a five part treewide cleanup of random integer handling. > [...] > Please take a look! I should add that this patchset probably appears bigger than it already is, due in part to that wall of motivational text. Keep in mind, though, that the whole thing is only "305 insertions(+), 342 deletions(-)", so it should be conventionally reviewable. Jason
[PATCH v2 4/5] treewide: use get_random_bytes when possible
The prandom_bytes() function has been a deprecated inline wrapper around
get_random_bytes() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function.
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
drivers/dma/dmatest.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/mtd/tests/mtd_nandecctest.c | 2 +-
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 12 ++--
fs/ubifs/debug.c| 2 +-
kernel/kcsan/selftest.c | 2 +-
lib/random32.c | 2 +-
lib/test_objagg.c | 2 +-
lib/uuid.c | 2 +-
net/ipv4/route.c| 2 +-
net/mac80211/rc80211_minstrel_ht.c | 2 +-
net/sched/sch_pie.c | 2 +-
19 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
b/arch/powerpc/crypto/crc-vpmsum_test.c
index c1c1ef9457fb..273c527868db 100644
--- a/arch/powerpc/crypto/crc-vpmsum_test.c
+++ b/arch/powerpc/crypto/crc-vpmsum_test.c
@@ -82,7 +82,7 @@ static int __init crc_test_init(void)
if (len <= offset)
continue;
- prandom_bytes(data, len);
+ get_random_bytes(data, len);
len -= offset;
crypto_shash_update(crct10dif_shash, data+offset, len);
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 621abd1b0e4d..ad9844c5b40c 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
if (blk_crypto_fallback_inited)
return 0;
- prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
+ get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
err = bioset_init(&crypto_bio_split, 64, 0, 0);
if (err)
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c9d218e53bcb..f74505f2baf0 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -37,7 +37,7 @@ static void makedata(int disks)
int i;
for (i = 0; i < disks; i++) {
- prandom_bytes(page_address(data[i]), PAGE_SIZE);
+ get_random_bytes(page_address(data[i]), PAGE_SIZE);
dataptrs[i] = data[i];
dataoffs[i] = 0;
}
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index 9fe2ae794316..ffe621695e47 100644
--- a/drivers/dma/dmatest.c
+++ b/drivers/dma/dmatest.c
@@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
{
unsigned long buf;
- prandom_bytes(&buf, sizeof(buf));
+ get_random_bytes(&buf, sizeof(buf));
return buf;
}
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index 4bdaf4aa7007..c941a5a41ea6 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
unsigned int page_no = ns->regs.row;
if (ns_read_error(page_no)) {
- prandom_bytes(ns->buf.byte, num);
+ get_random_bytes(ns->buf.byte, num);
NS_WARN("simulating read error in page %u\n", page_no);
return 1;
}
diff --git a/drivers/mtd/tests/mtd_nandecctest.c
b/drivers/mtd/tests/mtd_nandecctest.c
index 1c7201b0f372..440988562cfd 100644
--- a/drivers/mtd/tests/mtd_nandecctest.c
+++ b/drivers/mtd/tests/mtd_nandecctest.c
@@ -266,7 +266,7 @@ static int nand_ecc_test_run(const size_t size)
goto error;
}
- prandom_bytes(correct_data, size);
+ get_random_bytes(correct_data, size);
ecc_sw_hamming_calculate(correct_data, size, correct_ecc, sm_order);
for (i = 0; i < ARRAY_SIZE(nand_ecc_test); i++) {
nand_ecc_test[i].prepare(error_data, error_ecc,
diff --git a/drivers/mtd/tests/speedtest.c b/drivers/mtd/tests/speedtest.c
index c9ec7086bfa1..075bce32caa5 100644
--- a/drivers/mtd/tests/speedtest.c
+++ b/drivers/mtd/tests/speedtest.c
@@ -223,7 +223,7 @@ static int __init mtd_speedtest_init(void)
if (!iobuf)
goto out;
- prandom_bytes(iobuf, mtd->erasesize);
+ get_random_bytes(iobuf, mtd->erasesize);
bbt = kzalloc(ebcnt, GFP_KERNEL);
if (!bbt)
[PATCH v2 3/5] treewide: use get_random_u32() when possible
The prandom_u32() function has been a deprecated inline wrapper around
get_random_u32() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function.
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
Documentation/networking/filter.rst| 2 +-
drivers/infiniband/hw/cxgb4/cm.c | 4 ++--
drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +-
drivers/infiniband/hw/mlx4/mad.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib_cm.c| 2 +-
drivers/md/raid5-cache.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/net/bonding/bond_main.c| 2 +-
drivers/net/ethernet/broadcom/cnic.c | 2 +-
.../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 6 +++---
.../net/wireless/marvell/mwifiex/cfg80211.c| 4 ++--
.../net/wireless/microchip/wilc1000/cfg80211.c | 2 +-
.../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +-
drivers/nvme/common/auth.c | 2 +-
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++--
drivers/target/iscsi/cxgbit/cxgbit_cm.c| 2 +-
drivers/thunderbolt/xdomain.c | 2 +-
drivers/video/fbdev/uvesafb.c | 2 +-
fs/exfat/inode.c | 2 +-
fs/ext4/ialloc.c | 2 +-
fs/ext4/ioctl.c| 4 ++--
fs/ext4/mmp.c | 2 +-
fs/f2fs/namei.c| 2 +-
fs/fat/inode.c | 2 +-
fs/nfsd/nfs4state.c| 4 ++--
fs/ubifs/journal.c | 2 +-
fs/xfs/libxfs/xfs_ialloc.c | 2 +-
fs/xfs/xfs_icache.c| 2 +-
fs/xfs/xfs_log.c | 2 +-
include/net/netfilter/nf_queue.h | 2 +-
include/net/red.h | 2 +-
include/net/sock.h | 2 +-
kernel/kcsan/selftest.c| 2 +-
lib/random32.c | 2 +-
lib/reed_solomon/test_rslib.c | 6 +++---
lib/test_fprobe.c | 2 +-
lib/test_kprobes.c | 2 +-
lib/test_rhashtable.c | 6 +++---
mm/shmem.c | 2 +-
net/802/garp.c | 2 +-
net/802/mrp.c | 2 +-
net/core/pktgen.c | 4 ++--
net/ipv4/tcp_cdg.c | 2 +-
net/ipv4/udp.c | 2 +-
net/ipv6/ip6_flowlabel.c | 2 +-
net/ipv6/output_core.c | 2 +-
net/netfilter/ipvs/ip_vs_conn.c| 2 +-
net/netfilter/xt_statistic.c | 2 +-
net/openvswitch/actions.c | 2 +-
net/rds/bind.c | 2 +-
net/sched/sch_cake.c | 2 +-
net/sched/sch_netem.c | 18 +-
net/sunrpc/auth_gss/gss_krb5_wrap.c| 4 ++--
net/sunrpc/xprt.c | 2 +-
net/unix/af_unix.c | 2 +-
56 files changed, 77 insertions(+), 77 deletions(-)
diff --git a/Documentation/networking/filter.rst
b/Documentation/networking/filter.rst
index 43cdc4d34745..f69da5074860 100644
--- a/Documentation/networking/filter.rst
+++ b/Documentation/networking/filter.rst
@@ -305,7 +305,7 @@ Possible BPF extensions are shown in the following table:
vlan_tci skb_vlan_tag_get(skb)
vlan_availskb_vlan_tag_present(skb)
vlan_tpid skb->vlan_proto
- rand prandom_u32()
+ rand get_random_u32()
===
=
These extensions can also be prefixed with '#'.
diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
index 14392c942f49..499a425a3379 100644
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -734,7 +734,7 @@ static int send_connect(struct c4iw_ep *ep)
&ep->com.remote_addr;
int ret;
enum chip_type adapter_type = ep->com.dev->rdev.lldi.adapter_type;
- u32 isn = (prandom_u32() & ~7UL) - 1;
+ u32 isn = (get_random_u32() & ~7UL) - 1;
struct net_device *netdev;
u64 params;
@@ -2469,7 +2469,7 @@ static int accept_cr(struct c4iw_ep *ep, struct sk_buff
*skb,
}
if (!is_t4(adapter_type)) {
-
[PATCH v2 5/5] prandom: remove unused functions
With no callers left of prandom_u32() and prandom_bytes(), remove these
deprecated wrappers.
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
include/linux/prandom.h | 12
1 file changed, 12 deletions(-)
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index 78db003bc290..e0a0759dd09c 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -12,18 +12,6 @@
#include
#include
-/* Deprecated: use get_random_u32 instead. */
-static inline u32 prandom_u32(void)
-{
- return get_random_u32();
-}
-
-/* Deprecated: use get_random_bytes instead. */
-static inline void prandom_bytes(void *buf, size_t nbytes)
-{
- return get_random_bytes(buf, nbytes);
-}
-
struct rnd_state {
__u32 s1, s2, s3, s4;
};
--
2.37.3
[PATCH v2 2/5] treewide: use get_random_{u8,u16}() when possible
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value.
Reviewed-by: Kees Cook
Signed-off-by: Jason A. Donenfeld
---
crypto/testmgr.c | 8
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/test-drivers/vivid/vivid-radio-rx.c | 4 ++--
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/wireguard/selftest/allowedips.c | 4 ++--
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +++---
lib/test_vmalloc.c| 2 +-
net/dccp/ipv4.c | 4 ++--
net/ipv4/datagram.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 ++--
net/mac80211/scan.c | 2 +-
net/netfilter/nf_nat_core.c | 4 ++--
net/sched/sch_cake.c | 6 +++---
net/sched/sch_sfb.c | 2 +-
net/sctp/socket.c | 2 +-
19 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index be45217acde4..981c637fa2ed 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -927,7 +927,7 @@ static void generate_random_bytes(u8 *buf, size_t count)
b = 0xff;
break;
default:
- b = (u8)prandom_u32();
+ b = get_random_u8();
break;
}
memset(buf, b, count);
@@ -935,8 +935,8 @@ static void generate_random_bytes(u8 *buf, size_t count)
break;
case 2:
/* Ascending or descending bytes, plus optional mutations */
- increment = (u8)prandom_u32();
- b = (u8)prandom_u32();
+ increment = get_random_u8();
+ b = get_random_u8();
for (i = 0; i < count; i++, b += increment)
buf[i] = b;
mutate_buffer(buf, count);
@@ -944,7 +944,7 @@ static void generate_random_bytes(u8 *buf, size_t count)
default:
/* Fully random bytes */
for (i = 0; i < count; i++)
- buf[i] = (u8)prandom_u32();
+ buf[i] = get_random_u8();
}
}
diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
index 9b7bcdce6e44..303d02b1d71c 100644
--- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
+++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
@@ -870,7 +870,7 @@ static void precalculate_color(struct tpg_data *tpg, int k)
g = tpg_colors[col].g;
b = tpg_colors[col].b;
} else if (tpg->pattern == TPG_PAT_NOISE) {
- r = g = b = prandom_u32_max(256);
+ r = g = b = get_random_u8();
} else if (k == TPG_COLOR_RANDOM) {
r = g = b = tpg->qual_offset + prandom_u32_max(196);
} else if (k >= TPG_COLOR_RAMP) {
diff --git a/drivers/media/test-drivers/vivid/vivid-radio-rx.c
b/drivers/media/test-drivers/vivid/vivid-radio-rx.c
index 232cab508f48..8bd09589fb15 100644
--- a/drivers/media/test-drivers/vivid/vivid-radio-rx.c
+++ b/drivers/media/test-drivers/vivid/vivid-radio-rx.c
@@ -104,8 +104,8 @@ ssize_t vivid_radio_rx_read(struct file *file, char __user
*buf,
break;
case 2:
rds.block |= V4L2_RDS_BLOCK_ERROR;
- rds.lsb = prandom_u32_max(256);
- rds.msb = prandom_u32_max(256);
+ rds.lsb = get_random_u8();
+ rds.msb = get_random_u8();
break;
case 3: /* Skip block altogether */
if (i)
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
index ddfe9208529a..ac452a0111a9 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
@@ -1467,7 +1467,7 @@ static void make_established(struct sock *sk, u32
snd_isn, unsigned int opt)
tp->write_seq = snd_isn;
tp->snd_nxt = snd_isn;
tp->snd_una = snd_isn;
-
[PATCH v2 1/5] treewide: use prandom_u32_max() when possible
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions.
Reviewed-by: Kees Cook
Reviewed-by: KP Singh
Reviewed-by: Christoph Böhmwalder
Signed-off-by: Jason A. Donenfeld
---
arch/x86/mm/pat/cpa-test.c| 4 +-
crypto/testmgr.c | 86 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 4 +-
drivers/mtd/tests/mtd_nandecctest.c | 10 +--
drivers/mtd/tests/stresstest.c| 17 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/ethernet/broadcom/cnic.c | 3 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 4 +-
drivers/scsi/qedi/qedi_main.c | 2 +-
fs/ceph/inode.c | 2 +-
fs/ceph/mdsmap.c | 2 +-
fs/ext2/ialloc.c | 3 +-
fs/ext4/ialloc.c | 5 +-
fs/ext4/super.c | 7 +-
fs/f2fs/gc.c | 2 +-
fs/f2fs/segment.c | 8 +-
fs/ubifs/debug.c | 8 +-
fs/ubifs/lpt_commit.c | 14 +--
fs/ubifs/tnc_commit.c | 2 +-
fs/xfs/libxfs/xfs_alloc.c | 2 +-
fs/xfs/libxfs/xfs_ialloc.c| 2 +-
fs/xfs/xfs_error.c| 2 +-
kernel/time/clocksource.c | 2 +-
lib/fault-inject.c| 2 +-
lib/find_bit_benchmark.c | 4 +-
lib/reed_solomon/test_rslib.c | 6 +-
lib/sbitmap.c | 4 +-
lib/test_list_sort.c | 2 +-
lib/test_vmalloc.c| 17 +---
net/ceph/mon_client.c | 2 +-
net/ceph/osd_client.c | 2 +-
net/core/neighbour.c | 2 +-
net/core/pktgen.c | 43 +-
net/core/stream.c | 2 +-
net/ipv4/igmp.c | 6 +-
net/ipv4/inet_connection_sock.c | 2 +-
net/ipv4/inet_hashtables.c| 2 +-
net/ipv6/addrconf.c | 8 +-
net/ipv6/mcast.c | 10 +--
net/netfilter/ipvs/ip_vs_twos.c | 4 +-
net/packet/af_packet.c| 2 +-
net/sched/act_gact.c | 2 +-
net/sched/act_sample.c| 2 +-
net/sched/sch_netem.c | 4 +-
net/sctp/socket.c | 2 +-
net/sunrpc/cache.c| 2 +-
net/sunrpc/xprtsock.c | 2 +-
net/tipc/socket.c | 2 +-
net/xfrm/xfrm_state.c | 2 +-
64 files changed, 176 insertions(+), 201 deletions(-)
diff --git a/arch/x86/mm/pat/cpa-test.c b/arch/x86/mm/pat/cpa-test.c
index 0612a73638a8..423b21e80929 100644
--- a/arch/x86/mm/pat/cpa-test.c
+++ b/arch/x86/mm/pat/cpa-test.c
@@ -136,10 +136,10 @@ static int pageattr_test(void)
failed += print_split(&sa);
for (i = 0; i < NTEST; i++) {
- unsigned long pfn = prandom_u32() % max_pfn_mapped;
+ unsigned long pfn = prandom_u32_max(max_pfn_mapped);
addr[i] = (unsigned long)__va(pfn << PAGE_SHIFT);
- len[i] = prandom_u32() % NPAGES;
+ len[i] = prandom_u32_max(NPAGES);
len[i] = min_t(unsigned long, len[i], max_pfn_mapped - pfn - 1);
if (len[i] == 0)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 5349ffee6bbd..be45217acde4 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -855,9 +855,9 @@ static int prepare_keybuf(const u8 *key, unsigned int ksize,
/* Generate a random length in range [0, max_len], but prefer smaller values */
static
[PATCH v2 0/5] treewide cleanup of random integer usage
[Posting v2 right away, because I CC'd too many people for v1, and email
systems worldwide exploded.]
Hi folks,
This is a five part treewide cleanup of random integer handling. The
rules for random integers are:
- If you want a secure or an insecure random u64, use get_random_u64().
- If you want a secure or an insecure random u32, use get_random_u32().
* The old function prandom_u32() has been deprecated for a while now
and is just a wrapper around get_random_u32().
- If you want a secure or an insecure random u16, use get_random_u16().
- If you want a secure or an insecure random u8, use get_random_u8().
- If you want secure or insecure random bytes, use get_random_bytes().
* The old function prandom_bytes() has been deprecated for a while now
and has long been a wrapper around get_random_bytes().
- If you want a non-uniform random u32, u16, or u8 bounded by a certain
open interval maximum, use prandom_u32_max().
* I say "non-uniform", because it doesn't do any rejection sampling or
divisions. Hence, it stays within the prandom_* namespace.
These rules ought to be applied uniformly, so that we can clean up the
deprecated functions, and earn the benefits of using the modern
functions. In particular, in addition to the boring substitutions, this
patchset accomplishes a few nice effects:
- By using prandom_u32_max() with an upper-bound that the compiler can
prove at compile-time is ≤65536 or ≤256, internally get_random_u16()
or get_random_u8() is used, which wastes fewer batched random bytes,
and hence has higher throughput.
- By using prandom_u32_max() instead of %, when the upper-bound is not a
constant, division is still avoided, because prandom_u32_max() uses
a faster multiplication-based trick instead.
- By using get_random_u16() or get_random_u8() in cases where the return
value is intended to indeed be a u16 or a u8, we waste fewer batched
random bytes, and hence have higher throughput.
So, based on those rules and benefits from following them, this patchset
breaks down into the following five steps, which were done mostly
manually:
1) Replace `prandom_u32() % max` and variants thereof with
prandom_u32_max(max).
2) Replace `(type)get_random_u32()` and variants thereof with
get_random_u16() or get_random_u8(). I took the pains to actually
look and see what every lvalue type was across the entire tree.
3) Replace remaining deprecated uses of prandom_u32() with
get_random_u32().
4) Replace remaining deprecated uses of prandom_bytes() with
get_random_bytes().
5) Remove the deprecated and now-unused prandom_u32() and
prandom_bytes() inline wrapper functions.
I was thinking of taking this through my random.git tree (on which this
series is currently based) and submitting it near the end of the merge
window, or waiting for the very end of the 6.1 cycle when there will be
the fewest new patches brewing. If somebody with some treewide-cleanup
experience might share some wisdom about what the best timing usually
winds up being, I'm all ears.
Please take a look!
Thanks,
Jason
Cc: Andreas Noever
Cc: Andrew Morton
Cc: Andy Shevchenko
Cc: Borislav Petkov
Cc: Christoph Böhmwalder
Cc: Christoph Hellwig
Cc: Daniel Borkmann
Cc: Dave Airlie
Cc: Dave Hansen
Cc: David S. Miller
Cc: Eric Dumazet
Cc: Florian Westphal
Cc: Greg Kroah-Hartman ,
Cc: H. Peter Anvin
Cc: Herbert Xu
Cc: Hugh Dickins
Cc: Jakub Kicinski
Cc: James E.J. Bottomley
Cc: Jan Kara
Cc: Jason Gunthorpe
Cc: Jens Axboe
Cc: Johannes Berg
Cc: Jonathan Corbet
Cc: Jozsef Kadlecsik
Cc: KP Singh
Cc: Kees Cook
Cc: Marco Elver
Cc: Mauro Carvalho Chehab
Cc: Michael Ellerman
Cc: Pablo Neira Ayuso
Cc: Paolo Abeni
Cc: Theodore Ts'o
Cc: Thomas Gleixner
Cc: Thomas Graf
Cc: Ulf Hansson
Cc: Vignesh Raghavendra
Cc: Yury Norov
Cc: dri-devel@lists.freedesktop.org
Cc: kasan-...@googlegroups.com
Cc: kernel-janit...@vger.kernel.org
Cc: linux-bl...@vger.kernel.org
Cc: linux-cry...@vger.kernel.org
Cc: linux-...@vger.kernel.org
Cc: linux-fsde...@vger.kernel.org
Cc: linux-me...@vger.kernel.org
Cc: linux...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: linux-...@lists.infradead.org
Cc: linux-n...@lists.infradead.org
Cc: linux-r...@vger.kernel.org
Cc: linux-...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: net...@vger.kernel.org
Jason A. Donenfeld (5):
treewide: use prandom_u32_max() when possible
treewide: use get_random_{u8,u16}() when possible
treewide: use get_random_u32() when possible
treewide: use get_random_bytes when possible
prandom: remove unused functions
Documentation/networking/filter.rst | 2 +-
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
arch/x86/mm/pat/cpa-test.c| 4 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
crypto/testmgr.c | 94 +--
drivers/block/drbd/d
[PATCH v1 5/5] prandom: remove unused functions
With no callers left of prandom_u32() and prandom_bytes(), remove these
deprecated wrappers.
Signed-off-by: Jason A. Donenfeld
---
include/linux/prandom.h | 12
1 file changed, 12 deletions(-)
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index 78db003bc290..e0a0759dd09c 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -12,18 +12,6 @@
#include
#include
-/* Deprecated: use get_random_u32 instead. */
-static inline u32 prandom_u32(void)
-{
- return get_random_u32();
-}
-
-/* Deprecated: use get_random_bytes instead. */
-static inline void prandom_bytes(void *buf, size_t nbytes)
-{
- return get_random_bytes(buf, nbytes);
-}
-
struct rnd_state {
__u32 s1, s2, s3, s4;
};
--
2.37.3
[PATCH v1 4/5] treewide: use get_random_bytes when possible
The prandom_bytes() function has been a deprecated inline wrapper around
get_random_bytes() for several releases now, and compiles down to the
exact same code. Replace the deprecated wrapper with a direct call to
the real function.
Signed-off-by: Jason A. Donenfeld
---
arch/powerpc/crypto/crc-vpmsum_test.c | 2 +-
block/blk-crypto-fallback.c | 2 +-
crypto/async_tx/raid6test.c | 2 +-
drivers/dma/dmatest.c | 2 +-
drivers/mtd/nand/raw/nandsim.c | 2 +-
drivers/mtd/tests/mtd_nandecctest.c | 2 +-
drivers/mtd/tests/speedtest.c | 2 +-
drivers/mtd/tests/stresstest.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/wireguard/selftest/allowedips.c | 12 ++--
fs/ubifs/debug.c| 2 +-
kernel/kcsan/selftest.c | 2 +-
lib/random32.c | 2 +-
lib/test_objagg.c | 2 +-
lib/uuid.c | 2 +-
net/ipv4/route.c| 2 +-
net/mac80211/rc80211_minstrel_ht.c | 2 +-
net/sched/sch_pie.c | 2 +-
19 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/crypto/crc-vpmsum_test.c
b/arch/powerpc/crypto/crc-vpmsum_test.c
index c1c1ef9457fb..273c527868db 100644
--- a/arch/powerpc/crypto/crc-vpmsum_test.c
+++ b/arch/powerpc/crypto/crc-vpmsum_test.c
@@ -82,7 +82,7 @@ static int __init crc_test_init(void)
if (len <= offset)
continue;
- prandom_bytes(data, len);
+ get_random_bytes(data, len);
len -= offset;
crypto_shash_update(crct10dif_shash, data+offset, len);
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 621abd1b0e4d..ad9844c5b40c 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -539,7 +539,7 @@ static int blk_crypto_fallback_init(void)
if (blk_crypto_fallback_inited)
return 0;
- prandom_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
+ get_random_bytes(blank_key, BLK_CRYPTO_MAX_KEY_SIZE);
err = bioset_init(&crypto_bio_split, 64, 0, 0);
if (err)
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index c9d218e53bcb..f74505f2baf0 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -37,7 +37,7 @@ static void makedata(int disks)
int i;
for (i = 0; i < disks; i++) {
- prandom_bytes(page_address(data[i]), PAGE_SIZE);
+ get_random_bytes(page_address(data[i]), PAGE_SIZE);
dataptrs[i] = data[i];
dataoffs[i] = 0;
}
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index 9fe2ae794316..ffe621695e47 100644
--- a/drivers/dma/dmatest.c
+++ b/drivers/dma/dmatest.c
@@ -312,7 +312,7 @@ static unsigned long dmatest_random(void)
{
unsigned long buf;
- prandom_bytes(&buf, sizeof(buf));
+ get_random_bytes(&buf, sizeof(buf));
return buf;
}
diff --git a/drivers/mtd/nand/raw/nandsim.c b/drivers/mtd/nand/raw/nandsim.c
index 4bdaf4aa7007..c941a5a41ea6 100644
--- a/drivers/mtd/nand/raw/nandsim.c
+++ b/drivers/mtd/nand/raw/nandsim.c
@@ -1393,7 +1393,7 @@ static int ns_do_read_error(struct nandsim *ns, int num)
unsigned int page_no = ns->regs.row;
if (ns_read_error(page_no)) {
- prandom_bytes(ns->buf.byte, num);
+ get_random_bytes(ns->buf.byte, num);
NS_WARN("simulating read error in page %u\n", page_no);
return 1;
}
diff --git a/drivers/mtd/tests/mtd_nandecctest.c
b/drivers/mtd/tests/mtd_nandecctest.c
index 1c7201b0f372..440988562cfd 100644
--- a/drivers/mtd/tests/mtd_nandecctest.c
+++ b/drivers/mtd/tests/mtd_nandecctest.c
@@ -266,7 +266,7 @@ static int nand_ecc_test_run(const size_t size)
goto error;
}
- prandom_bytes(correct_data, size);
+ get_random_bytes(correct_data, size);
ecc_sw_hamming_calculate(correct_data, size, correct_ecc, sm_order);
for (i = 0; i < ARRAY_SIZE(nand_ecc_test); i++) {
nand_ecc_test[i].prepare(error_data, error_ecc,
diff --git a/drivers/mtd/tests/speedtest.c b/drivers/mtd/tests/speedtest.c
index c9ec7086bfa1..075bce32caa5 100644
--- a/drivers/mtd/tests/speedtest.c
+++ b/drivers/mtd/tests/speedtest.c
@@ -223,7 +223,7 @@ static int __init mtd_speedtest_init(void)
if (!iobuf)
goto out;
- prandom_bytes(iobuf, mtd->erasesize);
+ get_random_bytes(iobuf, mtd->erasesize);
bbt = kzalloc(ebcnt, GFP_KERNEL);
if (!bbt)
diff --git a/driv
[PATCH v1 3/5] treewide: use get_random_u32() when possible
The prandom_u32() function has been a deprecated inline wrapper around get_random_u32() for several releases now, and compiles down to the exact same code. Replace the deprecated wrapper with a direct call to the real function. Signed-off-by: Jason A. Donenfeld --- Documentation/networking/filter.rst| 2 +- drivers/infiniband/hw/cxgb4/cm.c | 4 ++-- drivers/infiniband/hw/hfi1/tid_rdma.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c| 2 +- drivers/md/raid5-cache.c | 2 +- drivers/mtd/nand/raw/nandsim.c | 2 +- drivers/net/bonding/bond_main.c| 2 +- drivers/net/ethernet/broadcom/cnic.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +- drivers/net/ethernet/rocker/rocker_main.c | 6 +++--- .../net/wireless/marvell/mwifiex/cfg80211.c| 4 ++-- .../net/wireless/microchip/wilc1000/cfg80211.c | 2 +- .../net/wireless/quantenna/qtnfmac/cfg80211.c | 2 +- drivers/nvme/common/auth.c | 2 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++-- drivers/target/iscsi/cxgbit/cxgbit_cm.c| 2 +- drivers/thunderbolt/xdomain.c | 2 +- drivers/video/fbdev/uvesafb.c | 2 +- fs/exfat/inode.c | 2 +- fs/ext2/ialloc.c | 2 +- fs/ext4/ialloc.c | 4 ++-- fs/ext4/ioctl.c| 4 ++-- fs/ext4/mmp.c | 2 +- fs/f2fs/namei.c| 2 +- fs/fat/inode.c | 2 +- fs/nfsd/nfs4state.c| 4 ++-- fs/ubifs/journal.c | 2 +- fs/xfs/libxfs/xfs_ialloc.c | 2 +- fs/xfs/xfs_icache.c| 2 +- fs/xfs/xfs_log.c | 2 +- include/net/netfilter/nf_queue.h | 2 +- include/net/red.h | 2 +- include/net/sock.h | 2 +- kernel/kcsan/selftest.c| 2 +- lib/random32.c | 2 +- lib/reed_solomon/test_rslib.c | 6 +++--- lib/test_fprobe.c | 2 +- lib/test_kprobes.c | 2 +- lib/test_rhashtable.c | 6 +++--- mm/shmem.c | 2 +- net/802/garp.c | 2 +- net/802/mrp.c | 2 +- net/core/pktgen.c | 4 ++-- net/ipv4/tcp_cdg.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/ip6_flowlabel.c | 2 +- net/ipv6/output_core.c | 2 +- net/netfilter/ipvs/ip_vs_conn.c| 2 +- net/netfilter/xt_statistic.c | 2 +- net/openvswitch/actions.c | 2 +- net/rds/bind.c | 2 +- net/sched/sch_cake.c | 2 +- net/sched/sch_netem.c | 18 +- net/sunrpc/auth_gss/gss_krb5_wrap.c| 4 ++-- net/sunrpc/xprt.c | 2 +- net/unix/af_unix.c | 2 +- 57 files changed, 79 insertions(+), 79 deletions(-) diff --git a/Documentation/networking/filter.rst b/Documentation/networking/filter.rst index 43cdc4d34745..f69da5074860 100644 --- a/Documentation/networking/filter.rst +++ b/Documentation/networking/filter.rst @@ -305,7 +305,7 @@ Possible BPF extensions are shown in the following table: vlan_tci skb_vlan_tag_get(skb) vlan_availskb_vlan_tag_present(skb) vlan_tpid skb->vlan_proto - rand prandom_u32() + rand get_random_u32() === = These extensions can also be prefixed with '#'. diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c index 14392c942f49..499a425a3379 100644 --- a/drivers/infiniband/hw/cxgb4/cm.c +++ b/drivers/infiniband/hw/cxgb4/cm.c @@ -734,7 +734,7 @@ static int send_connect(struct c4iw_ep *ep) &ep->com.remote_addr; int ret; enum chip_type adapter_type = ep->com.dev->rdev.lldi.adapter_type; - u32 isn = (prandom_u32() & ~7UL) - 1; + u32 isn = (get_random_u32() & ~7UL) - 1; struct net_device *netdev; u64 params; @@ -2469,7 +2469,7 @@ static int accept_cr(struct c4iw_ep *ep, struct sk_buff *skb, }
[PATCH v1 2/5] treewide: use get_random_{u8,u16}() when possible
Rather than truncate a 32-bit value to a 16-bit value or an 8-bit value,
simply use the get_random_{u8,u16}() functions, which are faster than
wasting the additional bytes from a 32-bit value.
Signed-off-by: Jason A. Donenfeld
---
crypto/testmgr.c | 8
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
drivers/media/test-drivers/vivid/vivid-radio-rx.c | 4 ++--
.../net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/wireguard/selftest/allowedips.c | 4 ++--
drivers/scsi/lpfc/lpfc_hbadisc.c | 6 +++---
lib/test_vmalloc.c| 2 +-
net/dccp/ipv4.c | 4 ++--
net/ipv4/datagram.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 ++--
net/mac80211/scan.c | 2 +-
net/netfilter/nf_nat_core.c | 4 ++--
net/sched/sch_cake.c | 6 +++---
net/sched/sch_sfb.c | 2 +-
net/sctp/socket.c | 2 +-
19 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index be45217acde4..981c637fa2ed 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -927,7 +927,7 @@ static void generate_random_bytes(u8 *buf, size_t count)
b = 0xff;
break;
default:
- b = (u8)prandom_u32();
+ b = get_random_u8();
break;
}
memset(buf, b, count);
@@ -935,8 +935,8 @@ static void generate_random_bytes(u8 *buf, size_t count)
break;
case 2:
/* Ascending or descending bytes, plus optional mutations */
- increment = (u8)prandom_u32();
- b = (u8)prandom_u32();
+ increment = get_random_u8();
+ b = get_random_u8();
for (i = 0; i < count; i++, b += increment)
buf[i] = b;
mutate_buffer(buf, count);
@@ -944,7 +944,7 @@ static void generate_random_bytes(u8 *buf, size_t count)
default:
/* Fully random bytes */
for (i = 0; i < count; i++)
- buf[i] = (u8)prandom_u32();
+ buf[i] = get_random_u8();
}
}
diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
index 9b7bcdce6e44..303d02b1d71c 100644
--- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
+++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
@@ -870,7 +870,7 @@ static void precalculate_color(struct tpg_data *tpg, int k)
g = tpg_colors[col].g;
b = tpg_colors[col].b;
} else if (tpg->pattern == TPG_PAT_NOISE) {
- r = g = b = prandom_u32_max(256);
+ r = g = b = get_random_u8();
} else if (k == TPG_COLOR_RANDOM) {
r = g = b = tpg->qual_offset + prandom_u32_max(196);
} else if (k >= TPG_COLOR_RAMP) {
diff --git a/drivers/media/test-drivers/vivid/vivid-radio-rx.c
b/drivers/media/test-drivers/vivid/vivid-radio-rx.c
index 232cab508f48..8bd09589fb15 100644
--- a/drivers/media/test-drivers/vivid/vivid-radio-rx.c
+++ b/drivers/media/test-drivers/vivid/vivid-radio-rx.c
@@ -104,8 +104,8 @@ ssize_t vivid_radio_rx_read(struct file *file, char __user
*buf,
break;
case 2:
rds.block |= V4L2_RDS_BLOCK_ERROR;
- rds.lsb = prandom_u32_max(256);
- rds.msb = prandom_u32_max(256);
+ rds.lsb = get_random_u8();
+ rds.msb = get_random_u8();
break;
case 3: /* Skip block altogether */
if (i)
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
index ddfe9208529a..ac452a0111a9 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
@@ -1467,7 +1467,7 @@ static void make_established(struct sock *sk, u32
snd_isn, unsigned int opt)
tp->write_seq = snd_isn;
tp->snd_nxt = snd_isn;
tp->snd_una = snd_isn;
- inet_sk(sk)->inet_id = prando
[PATCH v1 1/5] treewide: use prandom_u32_max() when possible
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions.
Signed-off-by: Jason A. Donenfeld
---
arch/x86/mm/pat/cpa-test.c| 4 +-
crypto/testmgr.c | 86 +--
drivers/block/drbd/drbd_receiver.c| 4 +-
drivers/infiniband/core/cma.c | 2 +-
drivers/infiniband/hw/cxgb4/id_table.c| 4 +-
drivers/infiniband/hw/hns/hns_roce_ah.c | 5 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c| 3 +-
drivers/mmc/core/core.c | 4 +-
drivers/mmc/host/dw_mmc.c | 2 +-
drivers/mtd/nand/raw/nandsim.c| 4 +-
drivers/mtd/tests/mtd_nandecctest.c | 10 +--
drivers/mtd/tests/stresstest.c| 17 +---
drivers/mtd/ubi/debug.c | 2 +-
drivers/mtd/ubi/debug.h | 6 +-
drivers/net/ethernet/broadcom/cnic.c | 3 +-
.../chelsio/inline_crypto/chtls/chtls_io.c| 4 +-
drivers/net/hamradio/baycom_epp.c | 2 +-
drivers/net/hamradio/hdlcdrv.c| 2 +-
drivers/net/hamradio/yam.c| 2 +-
drivers/net/phy/at803x.c | 2 +-
.../broadcom/brcm80211/brcmfmac/p2p.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 4 +-
drivers/scsi/qedi/qedi_main.c | 2 +-
fs/ceph/inode.c | 2 +-
fs/ceph/mdsmap.c | 2 +-
fs/ext4/super.c | 7 +-
fs/f2fs/gc.c | 2 +-
fs/f2fs/segment.c | 8 +-
fs/ubifs/debug.c | 8 +-
fs/ubifs/lpt_commit.c | 14 +--
fs/ubifs/tnc_commit.c | 2 +-
fs/xfs/libxfs/xfs_alloc.c | 2 +-
fs/xfs/libxfs/xfs_ialloc.c| 2 +-
fs/xfs/xfs_error.c| 2 +-
kernel/time/clocksource.c | 2 +-
lib/fault-inject.c| 2 +-
lib/find_bit_benchmark.c | 4 +-
lib/reed_solomon/test_rslib.c | 6 +-
lib/sbitmap.c | 4 +-
lib/test_list_sort.c | 2 +-
lib/test_vmalloc.c| 17 +---
net/ceph/mon_client.c | 2 +-
net/ceph/osd_client.c | 2 +-
net/core/neighbour.c | 2 +-
net/core/pktgen.c | 43 +-
net/core/stream.c | 2 +-
net/ipv4/igmp.c | 6 +-
net/ipv4/inet_connection_sock.c | 2 +-
net/ipv4/inet_hashtables.c| 2 +-
net/ipv6/addrconf.c | 8 +-
net/ipv6/mcast.c | 10 +--
net/netfilter/ipvs/ip_vs_twos.c | 4 +-
net/packet/af_packet.c| 2 +-
net/sched/act_gact.c | 2 +-
net/sched/act_sample.c| 2 +-
net/sched/sch_netem.c | 4 +-
net/sctp/socket.c | 2 +-
net/sunrpc/cache.c| 2 +-
net/sunrpc/xprtsock.c | 2 +-
net/tipc/socket.c | 2 +-
net/xfrm/xfrm_state.c | 2 +-
62 files changed, 173 insertions(+), 196 deletions(-)
diff --git a/arch/x86/mm/pat/cpa-test.c b/arch/x86/mm/pat/cpa-test.c
index 0612a73638a8..423b21e80929 100644
--- a/arch/x86/mm/pat/cpa-test.c
+++ b/arch/x86/mm/pat/cpa-test.c
@@ -136,10 +136,10 @@ static int pageattr_test(void)
failed += print_split(&sa);
for (i = 0; i < NTEST; i++) {
- unsigned long pfn = prandom_u32() % max_pfn_mapped;
+ unsigned long pfn = prandom_u32_max(max_pfn_mapped);
addr[i] = (unsigned long)__va(pfn << PAGE_SHIFT);
- len[i] = prandom_u32() % NPAGES;
+ len[i] = prandom_u32_max(NPAGES);
len[i] = min_t(unsigned long, len[i], max_pfn_mapped - pfn - 1);
if (len[i] == 0)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 5349ffee6bbd..be45217acde4 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -855,9 +855,9 @@ static int prepare_keybuf(const u8 *key, unsigned int ksize,
/* Generate a random length in range [0, max_len], but prefer smaller values */
static unsigned int generate_random_length(unsigned int max_len)
{
- unsigned int len = prandom_u32() % (max_len + 1);
+ unsigned int len = prandom_u32_max(max_len + 1);
- switch (pran
Re: [PATCH v2 7/8] dma-buf: remove useless FMODE_LSEEK flag
Hi Daniel, On Mon, Jun 27, 2022 at 11:08:32AM +0200, Daniel Vetter wrote: > On Sat, Jun 25, 2022 at 01:01:14PM +0200, Jason A. Donenfeld wrote: > > This is already set by anon_inode_getfile(), since dma_buf_fops has > > non-NULL ->llseek, so we don't need to set it here too. > > > > Suggested-by: Al Viro > > Cc: Sumit Semwal > > Cc: Christian König > > Cc: dri-devel@lists.freedesktop.org > > Signed-off-by: Jason A. Donenfeld > > I'm assuming this is part of a vfs cleanup and lands through that tree? > For that: > > Acked-by: Daniel Vetter With the exception of the first patch (which is more urgent), yes, that is my assumption too. Jason
[PATCH v2 7/8] dma-buf: remove useless FMODE_LSEEK flag
This is already set by anon_inode_getfile(), since dma_buf_fops has non-NULL ->llseek, so we don't need to set it here too. Suggested-by: Al Viro Cc: Sumit Semwal Cc: Christian König Cc: dri-devel@lists.freedesktop.org Signed-off-by: Jason A. Donenfeld --- drivers/dma-buf/dma-buf.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 32f55640890c..3f08e0b960ec 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -549,7 +549,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) goto err_dmabuf; } - file->f_mode |= FMODE_LSEEK; dmabuf->file = file; mutex_init(&dmabuf->lock); -- 2.35.1
[PATCH 5/6] dma-buf: remove useless FMODE_LSEEK flag
This is already on by default. Suggested-by: Al Viro Cc: Sumit Semwal Cc: Christian König Cc: dri-devel@lists.freedesktop.org Signed-off-by: Jason A. Donenfeld --- drivers/dma-buf/dma-buf.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 32f55640890c..3f08e0b960ec 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -549,7 +549,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) goto err_dmabuf; } - file->f_mode |= FMODE_LSEEK; dmabuf->file = file; mutex_init(&dmabuf->lock); -- 2.35.1
Re: [Intel-gfx] [PATCH] drm/i915/display: Re-add check for low voltage sku for max dp source rate
Hi Jani, On Mon, Jun 20, 2022 at 07:10:30PM +0300, Jani Nikula wrote: > On Mon, 20 Jun 2022, "Jason A. Donenfeld" wrote: > > Hi Jani, > > > > Do you plan to merge this revert? > > Yes, I've done that now, thanks for the bisection and the patch. Thanks! I see that this went into `drm-intel-next`, but shouldn't it go into `drm-intel-fixes`, so that it makes it into 5.19-rc4? Jason
Re: [PATCH] drm/i915/display: Re-add check for low voltage sku for max dp source rate
Hi Jani, Do you plan to merge this revert? Thanks, Jason
Re: [PATCH] drm/i915/display: Re-add check for low voltage sku for max dp source rate
Hi Jani,
On Mon, Jun 13, 2022 at 02:05:17PM +0300, Jani Nikula wrote:
> On Mon, 13 Jun 2022, "Jason A. Donenfeld" wrote:
> > This reverts commit 73867c8709b569cdd7fda67f01dfe02c8d055521, which, on
> > an i7-11850H iGPU with a Thinkpad X1 Extreme Gen 4, attached to a LG
> > LP160UQ1-SPB1 embedded panel, causes wild flickering glitching
> > technicolor pyrotechnics on resumption from suspend. The display shows
> > strobing colors in an utter disaster explosion of pantone, as though
> > bombs were dropped on the leprechauns at the base of the rainbow.
> >
> > Rebooting the machine fixes the issue, presumably because the display is
> > initialized by firmware rather than by i915. Otherwise, the GPU appears
> > to work fine.
> >
> > Bisection traced it back to this commit, which makes sense given the
> > issues.
>
> Thanks for putting in the effort to bisect, and the patch.
>
> As the commit message of the regressing commit suggests, the VBT (Video
> BIOS Tables) should contain the info about max rates, filled in by the
> OEM. Unfortunately, we were missing some of the checks,
> e.g. 24b8b74eb2eb ("drm/i915: Parse max link rate from the eDP BDB
> block") added to drm-intel-next just recently.
>
> Unfortunately, gitlab is down today so I can't check if you already
> tried drm-tip [1]; that might be helpful. Also, attaching
> /sys/kernel/debug/dri/0/i915_vbt might be useful to see if the
> limitation is there.
>
> If your system works with the limitations from VBT, *and* the commits
> adding that support are trivial to backport to v5.19, I'm inclined to do
> that instead of the revert. But obviously the revert is the way to go if
> that doesn't happen.
I checked with drm-tip last week when I filed the bug, and I just
remerged the latest today, just in case there was anything new, and
alas, the problem still occurs.
Jason
[PATCH] drm/i915/display: Re-add check for low voltage sku for max dp source rate
This reverts commit 73867c8709b569cdd7fda67f01dfe02c8d055521, which, on
an i7-11850H iGPU with a Thinkpad X1 Extreme Gen 4, attached to a LG
LP160UQ1-SPB1 embedded panel, causes wild flickering glitching
technicolor pyrotechnics on resumption from suspend. The display shows
strobing colors in an utter disaster explosion of pantone, as though
bombs were dropped on the leprechauns at the base of the rainbow.
Rebooting the machine fixes the issue, presumably because the display is
initialized by firmware rather than by i915. Otherwise, the GPU appears
to work fine.
Bisection traced it back to this commit, which makes sense given the
issues.
Fixes: 73867c8709b5 ("drm/i915/display: Remove check for low voltage sku for
max dp source rate")
Cc: Ankit Nautiyal
Cc: Imre Deak
Cc: Jani Nikula
Cc: Uma Shankar
Cc: Animesh Manna
Cc: Jani Saarinen
Signed-off-by: Jason A. Donenfeld
---
drivers/gpu/drm/i915/display/intel_dp.c | 32 ++---
1 file changed, 29 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_dp.c
b/drivers/gpu/drm/i915/display/intel_dp.c
index e4a79c11fd25..ff67899522cf 100644
--- a/drivers/gpu/drm/i915/display/intel_dp.c
+++ b/drivers/gpu/drm/i915/display/intel_dp.c
@@ -388,13 +388,23 @@ static int dg2_max_source_rate(struct intel_dp *intel_dp)
return intel_dp_is_edp(intel_dp) ? 81 : 135;
}
+static bool is_low_voltage_sku(struct drm_i915_private *i915, enum phy phy)
+{
+ u32 voltage;
+
+ voltage = intel_de_read(i915, ICL_PORT_COMP_DW3(phy)) &
VOLTAGE_INFO_MASK;
+
+ return voltage == VOLTAGE_INFO_0_85V;
+}
+
static int icl_max_source_rate(struct intel_dp *intel_dp)
{
struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp);
struct drm_i915_private *dev_priv = to_i915(dig_port->base.base.dev);
enum phy phy = intel_port_to_phy(dev_priv, dig_port->base.port);
- if (intel_phy_is_combo(dev_priv, phy) && !intel_dp_is_edp(intel_dp))
+ if (intel_phy_is_combo(dev_priv, phy) &&
+ (is_low_voltage_sku(dev_priv, phy) || !intel_dp_is_edp(intel_dp)))
return 54;
return 81;
@@ -402,7 +412,23 @@ static int icl_max_source_rate(struct intel_dp *intel_dp)
static int ehl_max_source_rate(struct intel_dp *intel_dp)
{
- if (intel_dp_is_edp(intel_dp))
+ struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp);
+ struct drm_i915_private *dev_priv = to_i915(dig_port->base.base.dev);
+ enum phy phy = intel_port_to_phy(dev_priv, dig_port->base.port);
+
+ if (intel_dp_is_edp(intel_dp) || is_low_voltage_sku(dev_priv, phy))
+ return 54;
+
+ return 81;
+}
+
+static int dg1_max_source_rate(struct intel_dp *intel_dp)
+{
+ struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp);
+ struct drm_i915_private *i915 = to_i915(dig_port->base.base.dev);
+ enum phy phy = intel_port_to_phy(i915, dig_port->base.port);
+
+ if (intel_phy_is_combo(i915, phy) && is_low_voltage_sku(i915, phy))
return 54;
return 81;
@@ -445,7 +471,7 @@ intel_dp_set_source_rates(struct intel_dp *intel_dp)
max_rate = dg2_max_source_rate(intel_dp);
else if (IS_ALDERLAKE_P(dev_priv) || IS_ALDERLAKE_S(dev_priv) ||
IS_DG1(dev_priv) || IS_ROCKETLAKE(dev_priv))
- max_rate = 81;
+ max_rate = dg1_max_source_rate(intel_dp);
else if (IS_JSL_EHL(dev_priv))
max_rate = ehl_max_source_rate(intel_dp);
else
--
2.35.1
Re: [Intel-gfx] i915 w/5.19: wild flickering glitching technicolor pyrotechnics on resumption from suspend
Done. https://gitlab.freedesktop.org/drm/intel/-/issues/6205
Re: i915 w/5.19: wild flickering glitching technicolor pyrotechnics on resumption from suspend
FWIW, I found that reverting the two drm merges (with `git revert -m`) from 5.19-rc1 "fixed" the issue.
i915 w/5.19: wild flickering glitching technicolor pyrotechnics on resumption from suspend
Hi, Using the i7-11850H's iGPU, when I wake my Thinkpad X1 Extreme Gen 4 from suspend on 5.19-rc1, the display shows wild flickering with strobing colors and more artifacts than real pixels in an utter disaster explosion of pantone, as though bombs were dropped on the leprechauns at the base of the rainbow. That sounds ridiculous, but the strobing pattern really is a sight to be seen. I can only stop it by rebooting. I took a video, but I worry about having private info in my video buffer, so if you'd like to see it, email me privately. The system is otherwise operational and fine. Nothing in dmesg, even with i915 debugging enabled, and if it weren't for the display artifacts, I believe the actual rendering in video memory would be fine. So this sort of looks like a display driver or some sort of psr problem. Let me know if there's anything else I can do to provide more debug info. It's pretty trivial to reproduce: I just put my laptop to sleep and wake it back up. Jason
Re: RPM raw-wakeref not held in intel_pxp_fini_hw
Hi Daniele, I'll give it a whirl on my laptop. Thanks. Jason
RPM raw-wakeref not held in intel_pxp_fini_hw
Hey Intel PXPers, I hit this splat on 5.16-rc1 during system suspend: Nov 22 13:54:09 thinkpad systemd-logind[934]: Lid closed. Nov 22 13:54:09 thinkpad systemd[1]: Reached target Sleep. Nov 22 13:54:09 thinkpad systemd[1]: Starting System Suspend... Nov 22 13:54:09 thinkpad systemd-sleep[519259]: Entering sleep state 'suspend'... Nov 22 13:54:09 thinkpad kernel: PM: suspend entry (s2idle) Nov 22 15:22:05 thinkpad kernel: Filesystems sync: 0.124 seconds Nov 22 15:22:05 thinkpad kernel: Freezing user space processes ... (elapsed 0.001 seconds) done. Nov 22 15:22:05 thinkpad kernel: OOM killer disabled. Nov 22 15:22:05 thinkpad kernel: Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. Nov 22 15:22:05 thinkpad kernel: printk: Suspending console(s) (use no_console_suspend to debug) Nov 22 15:22:05 thinkpad kernel: [ cut here ] Nov 22 15:22:05 thinkpad kernel: RPM wakelock ref not held during HW access Nov 22 15:22:05 thinkpad kernel: WARNING: CPU: 10 PID: 519259 at drivers/gpu/drm/i915/intel_runtime_pm.h:112 fwtable_write32+0x1cb/0x200 [i915] Nov 22 15:22:05 thinkpad kernel: Modules linked in: cdc_mbim cdc_wdm cdc_ncm cdc_ether usbnet mii snd_seq_dummy snd_hrtimer snd_seq snd_seq_device rfcomm cmac algif_skcipher bnep uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 btusb videobuf2_common btintel blue> Nov 22 15:22:05 thinkpad kernel: i2c_designware_platform i2c_designware_core mei_pxp mei_hdcp ac97_bus kvm_intel snd_hda_intel snd_intel_dspcfg intel_rapl_msr think_lmi snd_intel_sdw_acpi i915 firmware_attributes_class wmi_bmof snd_hda_codec kvm i2c_algo_bit snd_hwdep int> Nov 22 15:22:05 thinkpad kernel: CPU: 10 PID: 519259 Comm: systemd-sleep Tainted: G S U5.16.0-rc1+ #192 Nov 22 15:22:05 thinkpad kernel: Hardware name: LENOVO 20Y5CTO1WW/20Y5CTO1WW, BIOS N40ET28W (1.10 ) 09/09/2021 Nov 22 15:22:05 thinkpad kernel: RIP: 0010:fwtable_write32+0x1cb/0x200 [i915] Nov 22 15:22:05 thinkpad kernel: Code: 21 cb df 0f 0b e9 85 fe ff ff 80 3d 36 68 1f 00 00 0f 85 82 fe ff ff 48 c7 c7 70 cf c4 a1 c6 05 22 68 1f 00 01 e8 1c 21 cb df <0f> 0b e9 68 fe ff ff 48 8b bb 40 01 00 00 e8 a2 cf ce df b9 01 00 Nov 22 15:22:05 thinkpad kernel: RSP: 0018:88821d283c80 EFLAGS: 00010282 Nov 22 15:22:05 thinkpad kernel: RAX: 002a RBX: 88813df707d0 RCX: 0027 Nov 22 15:22:05 thinkpad kernel: RDX: 88901f69b448 RSI: 0001 RDI: 88901f69b440 Nov 22 15:22:05 thinkpad kernel: RBP: 000320f0 R08: 0d17 R09: 88821d283c20 Nov 22 15:22:05 thinkpad kernel: R10: 3fff R11: fff93a78 R12: 4000 Nov 22 15:22:05 thinkpad kernel: R13: R14: 888101311150 R15: 81491b20 Nov 22 15:22:05 thinkpad kernel: FS: 7efcfaa87800() GS:88901f68() knlGS: Nov 22 15:22:05 thinkpad kernel: CS: 0010 DS: ES: CR0: 80050033 Nov 22 15:22:05 thinkpad kernel: CR2: 7efcfb41e6f0 CR3: 0005ed937004 CR4: 00770ee0 Nov 22 15:22:05 thinkpad kernel: PKRU: 5554 Nov 22 15:22:05 thinkpad kernel: Call Trace: Nov 22 15:22:05 thinkpad kernel: Nov 22 15:22:05 thinkpad kernel: intel_pxp_fini_hw+0x23/0x30 [i915] Nov 22 15:22:05 thinkpad kernel: intel_pxp_suspend+0x2f/0x40 [i915] Nov 22 15:22:05 thinkpad kernel: i915_gem_backup_suspend+0x6e/0x150 [i915] Nov 22 15:22:05 thinkpad kernel: ? pci_target_state+0xc/0xc0 Nov 22 15:22:05 thinkpad kernel: pci_pm_prepare+0x28/0x60 Nov 22 15:22:05 thinkpad kernel: dpm_prepare+0xbd/0x370 Nov 22 15:22:05 thinkpad kernel: dpm_suspend_start+0x16/0x80 Nov 22 15:22:05 thinkpad kernel: suspend_devices_and_enter+0x104/0x6d0 Nov 22 15:22:05 thinkpad kernel: pm_suspend.cold+0x2f6/0x33d Nov 22 15:22:05 thinkpad kernel: state_store+0x6b/0xe0 Nov 22 15:22:05 thinkpad kernel: kernfs_fop_write_iter+0x107/0x190 Nov 22 15:22:05 thinkpad kernel: new_sync_write+0x100/0x170 Nov 22 15:22:05 thinkpad kernel: vfs_write+0x1c5/0x260 Nov 22 15:22:05 thinkpad kernel: ksys_write+0x4a/0xc0 Nov 22 15:22:05 thinkpad kernel: do_syscall_64+0x35/0x80 Nov 22 15:22:05 thinkpad kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae Nov 22 15:22:05 thinkpad kernel: RIP: 0033:0x7efcfb27ccb3 Nov 22 15:22:05 thinkpad kernel: Code: 8b 15 81 11 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 Nov 22 15:22:05 thinkpad kernel: RSP: 002b:7fff279a5308 EFLAGS: 0246 ORIG_RAX: 0001 Nov 22 15:22:05 thinkpad kernel: RAX: ffda RBX: 0004 RCX: 7efcfb27ccb3 Nov 22 15:22:05 thinkpad kernel: RDX: 0004 RSI: 7fff279a5400 RDI: 0004 Nov 22 15:22:05 thinkpad kernel: RBP: 5571997e72d0 R08: 0007 R09: 5571997eb4a0 Nov 22 15:22:05 thinkpad kernel: R10: 11500bc5676901a3 R11: 0246 R12: 0004 Nov 22 15
Re: [PATCH v2 07/63] skbuff: Switch structure bounds to struct_group()
For the drivers/net/wireguard part, Reviewed-by: Jason A. Donenfeld
[PATCH] mm: do not rely on mm == current->mm in __get_user_pages_locked
It seems likely this block was pasted from internal_get_user_pages_fast,
which is not passed an mm struct and therefore uses current's. But
__get_user_pages_locked is passed an explicit mm, and current->mm is not
always valid. This was hit when being called from i915, which uses:
pin_user_pages_remote->
__get_user_pages_remote->
__gup_longterm_locked->
__get_user_pages_locked
Before, this would lead to an OOPS:
BUG: kernel NULL pointer dereference, address: 0064
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#1] SMP
CPU: 10 PID: 1431 Comm: kworker/u33:1 Tainted: P S U O 5.9.0-rc7+
#140
Hardware name: LENOVO 20QTCTO1WW/20QTCTO1WW, BIOS N2OET47W (1.34 ) 08/06/2020
Workqueue: i915-userptr-acquire __i915_gem_userptr_get_pages_worker [i915]
RIP: 0010:__get_user_pages_remote+0xd7/0x310
Code: f5 01 00 00 83 7d 00 01 0f 85 ed 01 00 00 f7 c1 00 00 04 00 0f 84 58 01
00 00 65 48 8b 04 25 00 6d 01 00 48 8b 80 40 03 00 00 40 64 01 00 00 00 65
48 8b 04 25 00 6d 01 00 48 c7 44 24 18 00
RSP: 0018:888fdfe47de0 EFLAGS: 00010206
RAX: RBX: 7fe188531000 RCX: 00040001
RDX: 0001 RSI: 7fe188531000 RDI: 888ff0748f00
RBP: 888fdfe47e54 R08: 888fedc7d7c8 R09:
R10: 0018 R11: fefefefefefefeff R12: 888ff0748f00
R13: 888fedc7d7c8 R14: 888f81fe3a40 R15: 00042003
FS: () GS:888ffc48() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 0064 CR3: 02009003 CR4: 003706e0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
__i915_gem_userptr_get_pages_worker+0xc8/0x260 [i915]
process_one_work+0x1ca/0x390
worker_thread+0x48/0x3c0
? rescuer_thread+0x3d0/0x3d0
kthread+0x114/0x130
? kthread_create_worker_on_cpu+0x40/0x40
ret_from_fork+0x1f/0x30
CR2: 0064
This commit fixes the problem by using the mm pointer passed to the
function rather than the bogus one in current.
Fixes: 008cfe4418b3 ("mm: Introduce mm_struct.has_pinned")
Cc: Jason Gunthorpe
Cc: Peter Xu
Signed-off-by: Jason A. Donenfeld
---
mm/gup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/gup.c b/mm/gup.c
index dfe781d2ad4c..e869c634cc9a 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1256,7 +1256,7 @@ static __always_inline long
__get_user_pages_locked(struct mm_struct *mm,
}
if (flags & FOLL_PIN)
- atomic_set(¤t->mm->has_pinned, 1);
+ atomic_set(&mm->has_pinned, 1);
/*
* FOLL_PIN and FOLL_GET are mutually exclusive. Traditional behavior
--
2.28.0
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: 5.9-rc7 null ptr deref in __i915_gem_userptr_get_pages_worker
Oh, this is just a copy and paste error, when the code was originally pasted from internal_get_user_pages_fast, which assumes a current. I'll fix this up and send a patch shortly. ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
5.9-rc7 null ptr deref in __i915_gem_userptr_get_pages_worker
Seeing a new crash in 5.9-rc7 I didn't have in 5.9-rc6: [ 1311.596896] BUG: kernel NULL pointer dereference, address: 0064 [ 1311.596898] #PF: supervisor write access in kernel mode [ 1311.596899] #PF: error_code(0x0002) - not-present page [ 1311.596899] PGD 0 P4D 0 [ 1311.596901] Oops: 0002 [#1] SMP [ 1311.596902] CPU: 10 PID: 1431 Comm: kworker/u33:1 Tainted: P S U O 5.9.0-rc7+ #140 [ 1311.596903] Hardware name: LENOVO 20QTCTO1WW/20QTCTO1WW, BIOS N2OET47W (1.34 ) 08/06/2020 [ 1311.596955] Workqueue: i915-userptr-acquire __i915_gem_userptr_get_pages_worker [i915] [ 1311.596959] RIP: 0010:__get_user_pages_remote+0xd7/0x310 [ 1311.596960] Code: f5 01 00 00 83 7d 00 01 0f 85 ed 01 00 00 f7 c1 00 00 04 00 0f 84 58 01 00 00 65 48 8b 04 25 00 6d 01 00 48 8b 80 40 03 00 00 40 64 01 00 00 00 65 48 8b 04 25 00 6d 01 00 48 c7 44 24 18 00 [ 1311.596961] RSP: 0018:888fdfe47de0 EFLAGS: 00010206 [ 1311.596962] RAX: RBX: 7fe188531000 RCX: 00040001 [ 1311.596962] RDX: 0001 RSI: 7fe188531000 RDI: 888ff0748f00 [ 1311.596963] RBP: 888fdfe47e54 R08: 888fedc7d7c8 R09: [ 1311.596963] R10: 0018 R11: fefefefefefefeff R12: 888ff0748f00 [ 1311.596963] R13: 888fedc7d7c8 R14: 888f81fe3a40 R15: 00042003 [ 1311.596964] FS: () GS:888ffc48() knlGS: [ 1311.596965] CS: 0010 DS: ES: CR0: 80050033 [ 1311.596965] CR2: 0064 CR3: 02009003 CR4: 003706e0 [ 1311.596966] DR0: DR1: DR2: [ 1311.596966] DR3: DR6: fffe0ff0 DR7: 0400 [ 1311.596967] Call Trace: [ 1311.596993] __i915_gem_userptr_get_pages_worker+0xc8/0x260 [i915] [ 1311.596996] process_one_work+0x1ca/0x390 [ 1311.596997] worker_thread+0x48/0x3c0 [ 1311.596998] ? rescuer_thread+0x3d0/0x3d0 [ 1311.597000] kthread+0x114/0x130 [ 1311.597001] ? kthread_create_worker_on_cpu+0x40/0x40 [ 1311.597003] ret_from_fork+0x1f/0x30 [ 1311.597031] CR2: 0064 [ 1311.597033] ---[ end trace e2b8ddde994a6f6d ]--- ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: 5.9-rc7 null ptr deref in __i915_gem_userptr_get_pages_worker
Increasing the CC list a bit, as i915 didn't really get much churn rc6->rc7, but mm/gup.c did, and mm has had a lot of recent changes. On Mon, Sep 28, 2020 at 11:39 AM Jason A. Donenfeld wrote: > > Seeing a new crash in 5.9-rc7 I didn't have in 5.9-rc6: > > [ 1311.596896] BUG: kernel NULL pointer dereference, address: 0064 > [ 1311.596898] #PF: supervisor write access in kernel mode > [ 1311.596899] #PF: error_code(0x0002) - not-present page > [ 1311.596899] PGD 0 P4D 0 > [ 1311.596901] Oops: 0002 [#1] SMP > [ 1311.596902] CPU: 10 PID: 1431 Comm: kworker/u33:1 Tainted: P S U >O 5.9.0-rc7+ #140 > [ 1311.596903] Hardware name: LENOVO 20QTCTO1WW/20QTCTO1WW, BIOS > N2OET47W (1.34 ) 08/06/2020 > [ 1311.596955] Workqueue: i915-userptr-acquire > __i915_gem_userptr_get_pages_worker [i915] > [ 1311.596959] RIP: 0010:__get_user_pages_remote+0xd7/0x310 > [ 1311.596960] Code: f5 01 00 00 83 7d 00 01 0f 85 ed 01 00 00 f7 c1 > 00 00 04 00 0f 84 58 01 00 00 65 48 8b 04 25 00 6d 01 00 48 8b 80 40 > 03 00 00 40 64 01 00 00 00 65 48 8b 04 25 00 6d 01 00 48 c7 44 24 > 18 00 > [ 1311.596961] RSP: 0018:888fdfe47de0 EFLAGS: 00010206 > [ 1311.596962] RAX: RBX: 7fe188531000 RCX: > 00040001 > [ 1311.596962] RDX: 0001 RSI: 7fe188531000 RDI: > 888ff0748f00 > [ 1311.596963] RBP: 888fdfe47e54 R08: 888fedc7d7c8 R09: > > [ 1311.596963] R10: 0018 R11: fefefefefefefeff R12: > 888ff0748f00 > [ 1311.596963] R13: 888fedc7d7c8 R14: 888f81fe3a40 R15: > 00042003 > [ 1311.596964] FS: () GS:888ffc48() > knlGS: > [ 1311.596965] CS: 0010 DS: ES: CR0: 80050033 > [ 1311.596965] CR2: 0064 CR3: 02009003 CR4: > 003706e0 > [ 1311.596966] DR0: DR1: DR2: > > [ 1311.596966] DR3: DR6: fffe0ff0 DR7: > 0400 > [ 1311.596967] Call Trace: > [ 1311.596993] __i915_gem_userptr_get_pages_worker+0xc8/0x260 [i915] > [ 1311.596996] process_one_work+0x1ca/0x390 > [ 1311.596997] worker_thread+0x48/0x3c0 > [ 1311.596998] ? rescuer_thread+0x3d0/0x3d0 > [ 1311.597000] kthread+0x114/0x130 > [ 1311.597001] ? kthread_create_worker_on_cpu+0x40/0x40 > [ 1311.597003] ret_from_fork+0x1f/0x30 > [ 1311.597031] CR2: 0064 > [ 1311.597033] ---[ end trace e2b8ddde994a6f6d ]--- ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: 5.9-rc7 null ptr deref in __i915_gem_userptr_get_pages_worker
Alright, the failing code seems to be in mm:
if (flags & FOLL_PIN)
atomic_set(¤t->mm->has_pinned, 1);
Apparently you can't rely on current->mm being valid in this context;
it's null here, hence the +0x64 for has_pinned's offset.
This was added by 008cfe4418b3 ("mm: Introduce mm_struct.has_pinned"),
which is new for rc7 indeed.
The crash goes away when changing that to:
if ((flags & FOLL_PIN) && current->mm)
atomic_set(¤t->mm->has_pinned, 1);
But I haven't really evaluated whether or not that's racy or if I need
to take locks to do such a thing.
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm/i915: check to see if SIMD registers are available before using SIMD
On Sun, May 3, 2020 at 2:30 PM Chris Wilson wrote: > > Quoting Jason A. Donenfeld (2020-04-30 23:10:16) > > Sometimes it's not okay to use SIMD registers, the conditions for which > > have changed subtly from kernel release to kernel release. Usually the > > pattern is to check for may_use_simd() and then fallback to using > > something slower in the unlikely case SIMD registers aren't available. > > So, this patch fixes up i915's accelerated memcpy routines to fallback > > to boring memcpy if may_use_simd() is false. > > > > Cc: sta...@vger.kernel.org > > The same argument as on the previous submission is that we return to the > caller if we can't use movntqda as their fallback path should be faster > than uncached memcpy. Oh, THAT's what you meant before. Okay, will follow up. ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm/i915: check to see if SIMD registers are available before using SIMD
On Fri, May 1, 2020 at 4:42 AM Sebastian Andrzej Siewior wrote: >Reviewed-by: Sebastian Andrzej Siewior Thanks. > > May I ask how large the memcpy can be? I'm asking in case it is large > and an explicit rescheduling point might be needed. Yea I was worried about that too. I'm not an i915 developer, but so far as I can tell: - The path from intel_engine_cmd_parser is <= 256 KiB for "known users", so that's rather large. - The path from perf_memcpy is either 4k, 64k, or 4M, depending on the type of object, so that seems gigantic, but I think that might be selftest code. - The path from compress_page appears to be PAGE_SIZE, so 4k, which meshes with the limits we set agreed on few weeks ago for the crypto stuff. - The path from guc_read_update_log_buffer appears to be 8k, 32k, 2M, or 8M, depending on the type of object, so that seems absurdly huge and doesn't appear to be selftest code either like the other case. I have no doubt the i915 developers will jump in here waving their arms, but either way, it sure seems to me like you might have a point. ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm/i915: check to see if SIMD registers are available before using SIMD
On Fri, May 1, 2020 at 12:07 PM Christoph Hellwig wrote: > > On Thu, Apr 30, 2020 at 04:10:16PM -0600, Jason A. Donenfeld wrote: > > Sometimes it's not okay to use SIMD registers, the conditions for which > > have changed subtly from kernel release to kernel release. Usually the > > pattern is to check for may_use_simd() and then fallback to using > > something slower in the unlikely case SIMD registers aren't available. > > So, this patch fixes up i915's accelerated memcpy routines to fallback > > to boring memcpy if may_use_simd() is false. > > Err, why does i915 implements its own uncached memcpy instead of relying > on core functionality to start with? I was wondering the same. It sure does seem like this ought to be more generalized functionality, with a name that represents the type of transfer it's optimized for (wc or similar). ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] drm/i915: check to see if SIMD registers are available before using SIMD
Sometimes it's not okay to use SIMD registers, the conditions for which
have changed subtly from kernel release to kernel release. Usually the
pattern is to check for may_use_simd() and then fallback to using
something slower in the unlikely case SIMD registers aren't available.
So, this patch fixes up i915's accelerated memcpy routines to fallback
to boring memcpy if may_use_simd() is false.
Cc: sta...@vger.kernel.org
Signed-off-by: Jason A. Donenfeld
---
drivers/gpu/drm/i915/i915_memcpy.c | 12
1 file changed, 12 insertions(+)
diff --git a/drivers/gpu/drm/i915/i915_memcpy.c
b/drivers/gpu/drm/i915/i915_memcpy.c
index fdd550405fd3..7c0e022586bc 100644
--- a/drivers/gpu/drm/i915/i915_memcpy.c
+++ b/drivers/gpu/drm/i915/i915_memcpy.c
@@ -24,6 +24,7 @@
#include
#include
+#include
#include "i915_memcpy.h"
@@ -38,6 +39,12 @@ static DEFINE_STATIC_KEY_FALSE(has_movntdqa);
#ifdef CONFIG_AS_MOVNTDQA
static void __memcpy_ntdqa(void *dst, const void *src, unsigned long len)
{
+ if (unlikely(!may_use_simd())) {
+ memcpy(dst, src, len);
+ return;
+ }
+
+
kernel_fpu_begin();
while (len >= 4) {
@@ -67,6 +74,11 @@ static void __memcpy_ntdqa(void *dst, const void *src,
unsigned long len)
static void __memcpy_ntdqu(void *dst, const void *src, unsigned long len)
{
+ if (unlikely(!may_use_simd())) {
+ memcpy(dst, src, len);
+ return;
+ }
+
kernel_fpu_begin();
while (len >= 4) {
--
2.26.2
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH v2] drm/i915: Fix ref->mutex deadlock in i915_active_wait()
On Tue, Apr 21, 2020 at 09:38:09AM -0700, Sultan Alsawaf wrote: > Why hasn't this bug got any attention: > https://gitlab.freedesktop.org/drm/intel/issues/1412 > > That seems like a showstopper. Indeed, pretty shocking. It's worth mentioning that the reporter of said bug, after significant time had elapsed, removed i915 from the kernel entirely and now daily drives the NVIDIA binary blob. Having to fall back to closed source blobs indicates a pretty awful state of affairs. It might otherwise be hard to imagine how that could be preferable, but this situation indicates how. Joonas - More generally, it seems what's happening now is that i915 driver stability and quality is reaching a real low point. Back when i915 was the only stable driver in town, the ivory tower attitude of the maintainers seemed quasi-justifiable. The drivers kept being awesome, so when they kicked the can back at users or gave them the cold shoulder on reports, there was never much of an issue, since things always got fixed in fairly short order. This is no longer the case. Bugs are piling up. Users are unhappy. So it's only natural that some users will just wind up fixing it themselves, especially with responses from Intel like "not guilty!" in response to i915 bug reports. And these users who try to fix these bugs will do so without access to your proprietary debuggers, top-secret data sheets, and NDA'd hardware engineers down the hall, and thus you'll always be able to accuse them of something or another about "due-diligence", since nobody is better suited than you to find and fix these issues in the best way possible. But it hasn't been happening in a satisfactory way from your end, and users need their laptops to actually work, and so things will gradually get fixed (hopefully, anyhow) through other means. Even on the stable front, if fixes to bugs are intermingled into massive refactoring patches, and your team isn't taking charge to separate them out and send them to stable@, then backporting to stable kernels is going to result in a lot of custom work from other people. In other words, you can shun your users' bug reports and fellow developers and get away with that while your driver quality remains tip-top, but if you let things fall, as they have as of late, then expect your ivory tower to be shaken a bit. ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm/i915: check to see if the FPU is available before using it
On Sat, Mar 28, 2020 at 1:59 AM Chris Wilson wrote: > > Quoting Jason A. Donenfeld (2020-03-28 00:04:22) > > It's not safe to just grab the FPU willy nilly without first checking to > > see if it's available. This patch adds the usual call to may_use_simd() > > and falls back to boring memcpy if it's not available. > > These instructions do not use the fpu, nor are these registers aliased > over the fpu stack. This description and the may_use_simd() do not > look like they express the right granularity as to which simd state are > included Most of the time when discussing vector instructions in the kernel with x86, "FPU" is used to denote the whole shebang, because of similar XSAVE semantics and requirements with actual floating point instructions and SIMD instructions. So when I say "grab the FPU", I'm really referring to the act of messing with any registers that aren't saved and restored by default during context switch and need the explicit marking for XSAVE to come in -- the kernel_fpu_begin/end calls that you already have. With regards to the granularity here, you are in fact touching xmm registers. That means you need kernel_fpu_begin/end, which you correctly have. However, it also means that before using those, you should check to see if that's okay by using the may_use_simd() instruction. Now you may claim that at the moment may_use_simd()-->irq_fpu_usable()-->(!in_interrupt() || interrupted_user_mode() || interrupted_kernel_fpu_idle()) always holds true, and you're a keen follower of the (recently changed) kernel fpu x86 semantics in case those conditions change, and that your driver is so strictly written that you know exactly the context this fancy memcpy will run in, always, and you'll never deviate from it, and therefore it's okay to depart from the rules and omit the check and safe fallback code. But c'mon - i915 is complex, and mixed context bugs abound, and the rules for using those registers might in fact change without you noticing. So why not apply this to have a safe fallback for when the numerous assumptions no longer hold? (If you're extra worried I suppose you could make it a `if (WARN_ON(!may_use_simd()))` instead or something, but that seems like a bit much.) > Look at caller, return the error and let them decide if they can avoid > the read from WC, which quite often they can. And no, this is not done > from interrupt context, we would be crucified if we did. Ahh, now, reading this comment here I realize maybe I've misunderstood you. Do you mean to say that checking for may_use_simd() is a thing that you'd like to do after all, but you don't like it falling back to slow memcpy. Instead, you'd like for the code to return an error value, and then caller can just optionally skip the memcpy under some complicated driver circumstances? Jason ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] drm/i915: check to see if the FPU is available before using it
It's not safe to just grab the FPU willy nilly without first checking to
see if it's available. This patch adds the usual call to may_use_simd()
and falls back to boring memcpy if it's not available.
Signed-off-by: Jason A. Donenfeld
---
drivers/gpu/drm/i915/i915_memcpy.c | 12
1 file changed, 12 insertions(+)
diff --git a/drivers/gpu/drm/i915/i915_memcpy.c
b/drivers/gpu/drm/i915/i915_memcpy.c
index fdd550405fd3..7c0e022586bc 100644
--- a/drivers/gpu/drm/i915/i915_memcpy.c
+++ b/drivers/gpu/drm/i915/i915_memcpy.c
@@ -24,6 +24,7 @@
#include
#include
+#include
#include "i915_memcpy.h"
@@ -38,6 +39,12 @@ static DEFINE_STATIC_KEY_FALSE(has_movntdqa);
#ifdef CONFIG_AS_MOVNTDQA
static void __memcpy_ntdqa(void *dst, const void *src, unsigned long len)
{
+ if (unlikely(!may_use_simd())) {
+ memcpy(dst, src, len);
+ return;
+ }
+
+
kernel_fpu_begin();
while (len >= 4) {
@@ -67,6 +74,11 @@ static void __memcpy_ntdqa(void *dst, const void *src,
unsigned long len)
static void __memcpy_ntdqu(void *dst, const void *src, unsigned long len)
{
+ if (unlikely(!may_use_simd())) {
+ memcpy(dst, src, len);
+ return;
+ }
+
kernel_fpu_begin();
while (len >= 4) {
--
2.26.0
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
resuming from sleep, timeout at drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gt215.c:223 gt215_pmu_init+0x22b/0x280 [nouveau]
Hi, In upgrading from 5.1.1 to 5.3.6, I'm seeing the following in my dmesg when resuming from sleep, which is accompanied by a slight hang too. Is anybody else seeing this? Thanks, Jason [ 46.618138] nouveau :01:00.0: timeout [ 46.618183] WARNING: CPU: 4 PID: 993 at drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gt215.c:223 gt215_pmu_init+0x2 2b/0x280 [nouveau] [ 46.618183] Modules linked in: rfcomm cmac algif_skcipher bnep uvcvideo videobuf2_vmalloc videobuf2_memops btu sb videobuf2_v4l2 btintel cdc_mbim bluetooth cdc_ncm videodev cdc_wdm ecdh_generic ecc qcserial usbnet videobuf2_ common usb_wwan mii usbhid usbserial af_packet joydev mousedev 8021q xt_hl ip6table_filter ip6_tables xt_multipor t xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter intel_rapl_msr intel_rapl_commo n x86_pkg_temp_thermal intel_powerclamp iwlmvm mac80211 rtsx_pci_sdmmc libarc4 mmc_core wmi_bmof coretemp iwlwifi snd_hda_codec_realtek snd_hda_codec_generic kvm_intel kvm irqbypass ahci crc32_pclmul crc32c_intel cfg80211 e100 0e input_leds psmouse rtsx_pci libahci snd_hda_intel nouveau snd_hda_codec mfd_core snd_hwdep snd_hda_core mei_me thinkpad_acpi snd_pcm mei snd_timer libata ledtrig_audio mxm_wmi ttm snd soundcore rfkill led_class xhci_pci wmi xhci_hcd usbcore usb_common intel_pch_thermal evdev ie31200_edac sch_fq_codel [ 46.618199] CPU: 4 PID: 993 Comm: kworker/u16:46 Not tainted 5.3.6-gentoo-r1 #1 [ 46.618200] Hardware name: LENOVO 20ENCTO1WW/20ENCTO1WW, BIOS N1EET86W (1.59 ) 08/28/2019 [ 46.618203] Workqueue: events_unbound async_run_entry_fn [ 46.618226] RIP: 0010:gt215_pmu_init+0x22b/0x280 [nouveau] [ 46.618227] Code: 8b 40 10 48 8b 78 10 4c 8b 67 50 4d 85 e4 75 03 4c 8b 27 e8 c7 59 2f e1 48 89 c6 4c 89 e2 48 c7 c7 5e 7b 43 a0 e8 9f 90 dd e0 <0f> 0b 48 83 c4 28 5b 5d b8 f0 ff ff ff 41 5c c3 48 8b 04 24 48 8b [ 46.618227] RSP: :c90002947c60 EFLAGS: 00010286 [ 46.618228] RAX: 001d RBX: 88904ce14800 RCX: 0006 [ 46.618228] RDX: 0007 RSI: 0082 RDI: 88905f5163e0 [ 46.618229] RBP: 02c0 R08: 000adaa858f6 R09: 001d [ 46.618229] R10: 040a R11: 0002a9fc R12: 8890582beec0 [ 46.618229] R13: 000a588a4bab R14: 000968f9ab5a R15: 0010 [ 46.618230] FS: () GS:88905f50() knlGS: [ 46.618230] CS: 0010 DS: ES: CR0: 80050033 [ 46.618231] CR2: CR3: 02209001 CR4: 003606e0 [ 46.618231] DR0: DR1: DR2: [ 46.618232] DR3: DR6: fffe0ff0 DR7: 0400 [ 46.618232] Call Trace: [ 46.618247] nvkm_subdev_init+0x84/0xc0 [nouveau] [ 46.618249] ? ktime_get+0x34/0x90 [ 46.618272] nvkm_device_init+0x100/0x180 [nouveau] [ 46.618295] nvkm_udevice_init+0x3c/0x60 [nouveau] [ 46.618308] nvkm_object_init+0x36/0xf0 [nouveau] [ 46.618320] nvkm_object_init+0x67/0xf0 [nouveau] [ 46.618333] nvkm_object_init+0x67/0xf0 [nouveau] [ 46.618357] nouveau_do_resume+0x25/0xb0 [nouveau] [ 46.618381] nouveau_pmops_resume+0x5b/0x90 [nouveau] [ 46.618383] ? pci_pm_reenable_device+0x40/0x40 [ 46.618385] dpm_run_callback+0x39/0x120 [ 46.618386] device_resume+0xac/0x230 [ 46.618387] async_resume+0x14/0x30 [ 46.618388] async_run_entry_fn+0x2c/0xd0 [ 46.618389] process_one_work+0x1c7/0x360 [ 46.618390] worker_thread+0x45/0x3c0 [ 46.618391] kthread+0xf3/0x130 [ 46.618392] ? process_one_work+0x360/0x360 [ 46.618393] ? kthread_park+0x70/0x70 [ 46.618395] ret_from_fork+0x1f/0x30 [ 46.618396] ---[ end trace 308dd95d67e0cfe7 ]--- [ 46.618397] nouveau :01:00.0: pmu: init failed, -16 [ 46.618676] nouveau :01:00.0: init failed with -16 [ 46.618677] nouveau: systemd-udevd[409]::0080: init failed with -16 [ 46.618678] nouveau: DRM-master::: init failed with -16 [ 46.618679] nouveau: DRM-master::: init failed with -16 [ 46.618680] nouveau :01:00.0: DRM: Client resume failed with error: -16 [ 46.618682] PM: dpm_run_callback(): pci_pm_resume+0x0/0xb0 returns -16 [ 46.618683] PM: Device :01:00.0 failed to resume async: error -16 ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
