lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9qwrGUCC35Z7rNrqDANJN2Zr7q-T24=8od0cy7O3xi4Dw@mail.gmail.com>
Date: Thu, 4 Jul 2024 20:36:02 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: jolsa@...nel.org, mhiramat@...nel.org, cgzones@...glemail.com, 
	brauner@...nel.org, linux-kernel@...r.kernel.org, arnd@...db.de
Subject: Re: deconflicting new syscall numbers for 6.11

Hi Linus,

On Thu, Jul 4, 2024 at 8:18 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> > What do you want me to do here?
>
> You literally said "those users exist".
>
> Make them pipe up.
>
> Make them explain why what they don't have now doesn't work. What this
> solves. In real terms.
>
> Make them explain why that random "we duplicated the VM, and now we
> worry that mixing in TSC doesn't help" is an actual real-world
> concern, rather than something COMPLETELY MADE UP BY RANDOM NUMBER
> PEOPLE.
>
> See what my argument is? My argument is literally that theoretical
> random number people will make up arguments that aren't actually
> relevant in real life.

No, I don't think this is made up by random number nutsos. I believe
this is a real actual concern.

> Do real people migrate VMs? Hell yes they do. Do they care about the
> numbers being magically "stale" after said migration? I seriously
> doubt that.

Yes! They do!

>
> Do real people start multiple VMs from one single starting image?
> Again, hell yes they do.
>
> But do they start those multiple VMs from some random slapdash
> snapshot that they just picked without any concern and cannot just
> reseed in user space? And if they do, why should *WE* clean up after
> their mindbogglingly stupid setup?

Except userspace isn't really in a great position to do that. There's
no need to suggest that people proliferate these foot guns either.

> See what my argument is? I suspect _strongly_ that this is all
> completely over-engineered based on theoretical grounds that aren't
> actually practical grounds.
>
> And dammit, I'm asking for the practical grounds. For the actual users.
>
> And if you have trouble finding those, you just proved my point.

And I think what you're missing here is that these concerns come _from
actual users_. This *isn't* theoretical.

Look, I am not some "random number" nut job. I've worked very hard to
move the kernel's RNG far outside the realm of that world. And I'm not
looking for things to do or code to write or ways to occupy my time,
just 'cuz. I'm working on this because there's a real, tangible, need
for it. This has come out of countless recurring discussions with
folks at conferences and elsewhere. I am very much part of the world
where people are writing code that makes use of getrandom(), or would
like to make use of getrandom() but can't, and this pickle comes up
repeatedly. "Oh but we can't because of syscall speed, so we've got
this userspace thing, but it's not optimal, so we're just kind of
hoping for the best, but yea one of these days somebody should do
something..."

It's okay that people aren't having those discussions with you. That's
why I'm maintaining this thing and talking to folks and caring about
it and thinking carefully about it. And because people are having
these conversations with me, that's *also* why I am very sensitive to,
"is this guy a random number nut?" concerns, because lord I've met a
lot of them and they all have their little hang up. I don't want to
add code "just because we can." But I think this here will solve a
very real problem for very real users, and everytime the fact that I'm
working on this comes up, there are real people with real concerns who
are glad to hear it's coming finally.

Alternatively, you can say, "well until they talk to me directly, no
way josé", and that'd be your prerogative, I guess. But that'd be
pretty darn disappointing.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ