lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 15 Apr 2014 09:22:23 -0700
From:	Chema Gonzalez <>
To:	Daniel Borkmann <>
Cc:	Eric Dumazet <>,
	David Miller <>,
	Eric Dumazet <>,,
Subject: Re: [PATCH] filter: added BPF random opcode

On Tue, Apr 15, 2014 at 8:04 AM, Daniel Borkmann <> wrote:
> On 04/15/2014 04:41 PM, Eric Dumazet wrote:
>> On Tue, 2014-04-15 at 09:24 +0200, Daniel Borkmann wrote:
>>>> @@ -773,6 +779,7 @@ static bool convert_bpf_extensions(struct
>>>> sock_filter *fp,
>>>>         case SKF_AD_OFF + SKF_AD_NLATTR:
>>>>         case SKF_AD_OFF + SKF_AD_NLATTR_NEST:
>>>>         case SKF_AD_OFF + SKF_AD_CPU:
>>>> +       case SKF_AD_OFF + SKF_AD_RANDOM:
>>> I think instead of a function call, this sould rather be modelled
>>> directly into the internal insn set and thus converted differently,
>>> so we can spare us the call.
>> Hmmm... this would need percpu storage, thus preempt disable/enable
>> calls, and prandom_u32_state() is about 40 instructions.
>> This is really not worth the pain.
> Absolutely, that was not what I meant actually. Calling to
> prandom_u32_state() is fine, no need to have another prng just
> for that. I was just wondering if it makes sense to model that
> directly as an instruction into a jump-table target that calls
> prandom_u32() from there instead 'indirectly'. Need to think
> about this a bit more ...
I thought about that. In fact, the original patch (written for
FreeBSD) worked by extending the ISA with a new load mode that did "A
= random();". After seeing your eBPF work, I got convinced that we
want to get a generic ISA when possible, where random is typically not
an insn. Also, the bpf_call approach makes it much easier to integrate
with the different JITs.

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists