| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXHfs46UKjkVoWwtSGiRACP0v69x0mr8_J_BWmx-WCVMhw@mail.gmail.com>
Date: Tue, 7 Jun 2022 14:21:13 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
Stephen Boyd <swboyd@...omium.org>,
Catalin Marinas <catalin.marinas@....com>,
Russell King <linux@...linux.org.uk>,
Arnd Bergmann <arnd@...db.de>,
Phil Elwell <phil@...pberrypi.com>
Subject: Re: [PATCH] random: do not use jump labels before they are initialized
On Tue, 7 Jun 2022 at 14:16, Jason A. Donenfeld <Jason@...c4.com> wrote:
>
> Hi Ard,
>
> On Tue, Jun 07, 2022 at 02:03:28PM +0200, Ard Biesheuvel wrote:
> > On Tue, 7 Jun 2022 at 13:35, Jason A. Donenfeld <Jason@...c4.com> wrote:
> > >
> > > Hi Ard,
> > >
> > > On Tue, Jun 07, 2022 at 01:10:52PM +0200, Ard Biesheuvel wrote:
> > > > Fair enough. What I would like is to remove the need to play around
> > > > with the placement of jump_label_init() across architectures. Jump
> > > > labels are fundamentally a performance optimization, so unless you can
> > > > explain how setting it as early as possible makes a material
> > > > difference, performance or otherwise, I really think we should pursue
> > > > a solution that does the static key manipulation at some later time.
> > >
> > > Alright. It sounds like Catalin also prefers the same. This seems simple
> > > enough with minimal downsides: https://lore.kernel.org/lkml/20220607113238.769088-1-Jason@zx2c4.com/
> > >
> >
> > That looks simple enough. Do we risk causing any boot stalls due to
> > the crediting being deferred? Or new warnings about randomness being
> > used before CRNG is ready?
>
> We don't risk boot stalls. But there will be warnings for developers who
> have enabled the CONFIG_WARN_ALL_UNSEEDED_RANDOM debug option.
>
>
> > > So maybe we should just go that route.
> > >
> >
> > It is not my preferred approach, but I can live with it.
>
> I'm not sure what your preferred approach is at this point in time
> actually. I'll summarize all the approaches discussed so far:
>
> 1) Fix archs to initialize jump labels earlier:
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=73e2d827a501
> https://lore.kernel.org/lkml/20220603121543.360283-1-Jason@zx2c4.com/
>
> 2) Defer mixing & crediting until random_init():
> https://lore.kernel.org/lkml/20220607111514.755009-1-Jason@zx2c4.com/
>
> 3) Defer crediting (but not mixing) until random_init():
> https://lore.kernel.org/lkml/20220607113238.769088-1-Jason@zx2c4.com/
>
> 4) Defer changing the static branch (but neither mixing nor crediting) until random_init():
> https://lore.kernel.org/lkml/20220607100210.683136-1-Jason@zx2c4.com/
>
>
> My first choice is (1) if it's feasible.
>
> (2) is not possible without introducing a copy, so that's out.
>
> What's your preferred approach? Or is there a number 5 you have in mind?
>
Seems like we need a mutex instead of going back concurrently on two
different threads :-)
I'll shut up now and wait for your reply on the other thread.
Powered by blists - more mailing lists