lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Apr 2014 09:22:23 -0700 From: Chema Gonzalez <chema@...gle.com> To: Daniel Borkmann <dborkman@...hat.com> Cc: Eric Dumazet <eric.dumazet@...il.com>, David Miller <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org, ast@...mgrid.com Subject: Re: [PATCH] filter: added BPF random opcode On Tue, Apr 15, 2014 at 8:04 AM, Daniel Borkmann <dborkman@...hat.com> wrote: > On 04/15/2014 04:41 PM, Eric Dumazet wrote: >> >> On Tue, 2014-04-15 at 09:24 +0200, Daniel Borkmann wrote: >> >>>> @@ -773,6 +779,7 @@ static bool convert_bpf_extensions(struct >>>> sock_filter *fp, >>>> case SKF_AD_OFF + SKF_AD_NLATTR: >>>> case SKF_AD_OFF + SKF_AD_NLATTR_NEST: >>>> case SKF_AD_OFF + SKF_AD_CPU: >>>> + case SKF_AD_OFF + SKF_AD_RANDOM: >>> >>> >>> I think instead of a function call, this sould rather be modelled >>> directly into the internal insn set and thus converted differently, >>> so we can spare us the call. >> >> >> Hmmm... this would need percpu storage, thus preempt disable/enable >> calls, and prandom_u32_state() is about 40 instructions. >> >> This is really not worth the pain. > > > Absolutely, that was not what I meant actually. Calling to > prandom_u32_state() is fine, no need to have another prng just > for that. I was just wondering if it makes sense to model that > directly as an instruction into a jump-table target that calls > prandom_u32() from there instead 'indirectly'. Need to think > about this a bit more ... I thought about that. In fact, the original patch (written for FreeBSD) worked by extending the ISA with a new load mode that did "A = random();". After seeing your eBPF work, I got convinced that we want to get a generic ISA when possible, where random is typically not an insn. Also, the bpf_call approach makes it much easier to integrate with the different JITs. -Chema -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists