lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Jan 2022 17:15:16 +0100
From:   Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     Andy Lutomirski <luto@...capital.net>,
        Jonathan Neuschäfer <j.neuschaefer@....net>,
        Theodore Ts'o <tytso@....edu>,
        LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>, Will Deacon <will@...nel.org>,
        Waiman Long <longman@...hat.com>,
        Boqun Feng <boqun.feng@...il.com>,
        Andy Lutomirski <luto@...nel.org>,
        stable <stable@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] random: remove batched entropy locking

On 2022-01-28 16:54:06 [+0100], Jason A. Donenfeld wrote:
> Hi Sebastian,
Hi Jason,

> On Fri, Jan 28, 2022 at 4:44 PM Sebastian Andrzej Siewior
> <bigeasy@...utronix.de> wrote:
> > NO. Could we please look at my RANDOM patches first?
> > I can repost my rebased patched if there no objection.
> 
> I did, and my reply is here:
> https://lore.kernel.org/lkml/CAHmME9pzdXyD0oRYyCoVUSqqsA9h03-oR7kcNhJuPEcEMTJYgw@mail.gmail.com/
> 
> I was hoping for a series that addresses these issues. As I mentioned
> before, I'm not super keen on deferring that processing in a
> conditional case and having multiple entry ways into that same
> functionality. I don't think that's worth it, especially if your
> actual concern is just userspace calling RNDADDTOENTCNT too often
> (which can be safely ratelimited). I don't think that thread needs to

And what do you do in ratelimiting? As I explained, you get 20 that
"enter" and the following are block. The first 20 are already
problematic and you need a plan-B for those that can't enter.
So I suggested a mutex_t around the ioctl() which would act as a rate
limiting. You did not not follow up on that idea.

> spill over here, though, so feel free to follow up with a v+1 on that
> series and I'll happily take a look. Alternatively, if you'd like to
> approach this by providing a patch for Jonathan's issue, that makes
> sense too. So far, the things in front of me are: 1) your patchset
> from last month that has unresolved issues, and 2) Andy's thing, which
> maybe will solve the problem (or it won't?). A third alternative from
> you would be most welcome too.

I made a reply yesterday I think with some numbers yesterday. From my
point of view it is an in-IRQ context/ code that can be avoided. The
RNDADDTOENTCNT is a simple way to hammer on the lock and see how bad it
gets. Things like add_hwgenerator_randomness() don't appear so often so
it is hard to figure out what the worst case can be.

Please ignore Jonathan report for now. As I tried to explain: This
lockdep report shows a serious problem on PREEMPT_RT. There is _no_ need
to be concerned on a non-PREEMPT_RT kernel. But it should be addressed.
If this gets merged as-is then thanks to the stable tag it will get
backported (again no change for !RT) and will collide with PREEMPT_RT
patch. And as I mentioned, the locking is not working on PREEMPT_RT.

> Jason

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ