bpf: rather use get_random_int for randomizations

Start address randomization and blinding in BPF currently use
prandom_u32(). prandom_u32() values are not exposed to unpriviledged
user space to my knowledge, but given other kernel facilities such as
ASLR, stack canaries, etc make use of stronger get_random_int(), we
better make use of it here as well given blinding requests successively
new random values. get_random_int() has minimal entropy pool depletion,
is not cryptographically secure, but doesn't need to be for our use
cases here.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index f1e8a0def99b0b530f5b5ddf6dc50528cb64509f..b94a3655059165b97f955c37fddc0a9a33f8e94d 100644 (file)
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -231,7 +231,7 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
        hdr->pages = size / PAGE_SIZE;
        hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),
                     PAGE_SIZE - sizeof(*hdr));
-       start = (prandom_u32() % hole) & ~(alignment - 1);
+       start = (get_random_int() % hole) & ~(alignment - 1);
 
        /* Leave a random number of instructions before BPF code. */
        *image_ptr = &hdr->image[start];
@@ -251,7 +251,7 @@ static int bpf_jit_blind_insn(const struct bpf_insn *from,
                              struct bpf_insn *to_buff)
 {
        struct bpf_insn *to = to_buff;
-       u32 imm_rnd = prandom_u32();
+       u32 imm_rnd = get_random_int();
        s16 off;
 
        BUILD_BUG_ON(BPF_REG_AX  + 1 != MAX_BPF_JIT_REG);