lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 8 Jun 2018 13:28:58 +0200
From:   Thierry Escande <thierry.escande@...aro.org>
To:     Petr Mladek <pmladek@...e.com>
Cc:     Andy Shevchenko <andy.shevchenko@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        David Miller <davem@...emloft.net>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        "Tobin C . Harding" <me@...in.cc>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RESEND] lib/test_printf.c: call wait_for_random_bytes()
 before plain %p tests



On 08/06/2018 13:22, Petr Mladek wrote:
> On Fri 2018-06-08 12:32:33, Thierry Escande wrote:
>> On 08/06/2018 11:46, Andy Shevchenko wrote:
>>> On Fri, Jun 8, 2018 at 12:07 PM, Thierry Escande
>>> <thierry.escande@...aro.org> wrote:
>>>
>>>> But as I type I realize it's not necessary. I will simply enclose the call
>>>> to wait_for_random_bytes() by #if IS_MODULE() #endif so it gets called only
>>>> if built as a module, which is how run_kselftest.sh wants it... If
>>>> test_printf is compiled built-in and the crng is not yet initialized the
>>>> test will fail anyway so there is no need to add an extra check.
>>>
>>> Unfortunately I can't support this as is.
>>> We have environments where crng will be ready minutes after the boot.
>>> It's unacceptable.
>>>
>>> So, we need to have means to not delay test for so long.
>>
>> I agree we can't delay test execution for too long. In my case the crng is
>> ready only a few seconds after the boot. So we may just skip this plain 'p'
>> printf test if crng is not ready then.
> 
> Alternative solution would be to accept
> const char *str = sizeof(ptr) == 8 ? "(____ptrval____)" : "(ptrval)";
> as a valid result. It would make sense to print some warning in that case.
> 
> In each case, it would look ugly to use add_random_ready_callback()
> wihtout passing a callback. If you really needed to check crng_ready(),
> it would be better to make it public.

Agree but even with crng_ready() public we would have to block the test 
until it's ready which is not good either.

Accepting "(ptrval)" as a valid result seems the least bad alternative...

Regards,
Thierry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ