| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7d58be73-a8e5-4ec7-bbdc-238b0c25c77b@csgroup.eu> Date: Mon, 26 Aug 2024 10:01:17 +0200 From: Christophe Leroy <christophe.leroy@...roup.eu> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Naveen N Rao <naveen@...nel.org>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Theodore Ts'o <tytso@....edu>, Arnd Bergmann <arnd@...db.de>, Andrew Morton <akpm@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, Masami Hiramatsu <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Vincenzo Frascino <vincenzo.frascino@....com>, Shuah Khan <shuah@...nel.org>, linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org, linux-trace-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org Subject: Re: [PATCH v2 06/17] vdso: Change getrandom's generation to unsigned long Le 26/08/2024 à 09:50, Jason A. Donenfeld a écrit : > On Thu, Aug 22, 2024 at 09:13:14AM +0200, Christophe Leroy wrote: >> Performing SMP atomic operations on u64 fails on powerpc32. >> >> Random driver generation is handled as unsigned long not u64, >> see for instance base_cnrg or struct crng. >> >> Use the same type for vDSO's getrandom as it gets copied >> from the above. This is also in line with the local >> current_generation which is already an unsigned long. > > This isn't going to work when 32-bit userspace tries to access a 64-bit > kernel. > > I had "fixed" this with a vdso_kernel_ulong type way back in an earlier > version: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flkml%2F20240528122352.2485958-5-Jason%40zx2c4.com%2F%23Z31include%3Avdso%3Atypes.h&data=05%7C02%7Cchristophe.leroy%40csgroup.eu%7C41747dd989164267c1cc08dcc5a3c424%7C8b87af7d86474dc78df45f69a2011bb5%7C0%7C0%7C638602554376441761%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Tf9ShSN6aOOFZ1HymAmHhj0xhQ6BUtHJX95t50gsp9k%3D&reserved=0 > > But tglx pointed out in that thread that this actually isn't necessary: > > | All of this is pointless because if a 32-bit application runs on a > | 64-bit kernel it has to use the 64-bit 'generation'. So why on earth do > | we need magic here for a 32-bit kernel? > | > | Just use u64 for both and spare all this voodoo. We're seriously not > | "optimizing" for 32-bit kernels. > | > | All what happens on a 32-bit kernel is that the RNG will store the > | unsigned long (32bit) generation into a 64bit variable: > | > | smp_store_release(&_vdso_rng_data.generation, next_gen + 1); > | > | As the upper 32bit are always zero, there is no issue vs. load store > | tearing at all. So there is zero benefit for this aside of slightly > | "better" user space code when running on a 32-bit kernel. Who cares? > > So I just got rid of it and used a u64 as he suggested. > > However, there's also an additional reason why it's not worth churning > further over this - because VM_DROPPABLE is 64-bit only (due to flags in > vma bits), likely so is vDSO getrandom() for the time being. So I think > it makes more sense to retool this series to be ppc64, and then if you > really really want 32-bit and can convince folks it matters, then all of > these parts (for example, here, the fact that the smp helper doesn't > want to tear) can be fixed up in a separate series. So yes I really really want it on ppc32 because this is the only type of boards I have and this is really were we need getrandom() to be optimised, indeed ppc64 was sherry-on-the-cake in my series, I just added it because it was easy to do after doing ppc32. Christophe
Powered by blists - more mailing lists