lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.1.00.0803112128190.3781@apollo.tec.linutronix.de>
Date:	Tue, 11 Mar 2008 22:08:07 +0100 (CET)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Andi Kleen <andi@...stfloor.org>
cc:	Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org,
	akpm@...l.org
Subject: Re: [PATCH REPOST for 2.6.25] Use an own random generator for
 pageattr-test.c

On Tue, 11 Mar 2008, Andi Kleen wrote:
> > > > > Use an own random generator for pageattr-test.c
> > > > > 
> > > > > [Repost. Please ack/nack. This is a bug fix and imho a .25 late merge 
> > > > > candidate because it fixes a subtle bug]
> > > > 
> > > > Care to point out which "subtle bug" is fixed ? 
> > > > 
> > > > You replace a random generator by another to get repeateable
> > > > sequences. The non repeatability of the cpa test patterns is hardly a
> > > > "subtle bug".
> > > 
> > > The subtle bug(s) are first that it is not repeatable (it really should),
> > 
> > As I said before. It's hardly a bug. In fact it is questionable
> > whether fully reproducible test patterns are desired.
> 
> Ok then you won't be able to repeat the test ever.
> 
> I consider this bad practice in test code because it makes it impossible
> to stabilize bugs

Test code with constant test patterns tend to miss the corner case
bugs, while random pattern test cases hit them assumed that there is a
broad enough tester base. 

It's a question of how you write such test code to achieve
reproducability. It's not rocket science to track the variables of a
test run and print them along with the printk, when a wrong state is
detected. That way you can inject them for reproduction.

> and when I wrote it I tried to avoid by using the 
> srandom32(). But I originally fell into the trap of assuming it had the 
> same semantics of stdlib srandom() which it didn't. This patch was
> my attempt to fix that mistake.

Well, I agree that you did not intend to code it that way, but calling
it a subtle bug, which needs to be fixed for .25, is just misleading.

> > > then that it only initializes the CPU where the code first runs
> > > (since srandom32 is per CPU) and later might change CPUs and then that it 
> > > adds totally unnecessary state bits to CPU #0 (or whatever runs first).
> > 
> > Can you please elaborate why changing the seed of the random generator
> > is a bug ? Networking reseeds the random generator itself, so what ?
> 
> It adds a non random seed which does not add any randomness only to CPU #0.
> Strictly it doesn't hurt very much, but it's also not useful for anything.

Exactly. Again it's not a subtle bug. It's useless code which does no
harm at all. We can safely dispose that in .26.

Thanks,

	tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ