All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daniel Borkmann <daniel@iogearbox.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	netdev@vger.kernel.org, davem@davemloft.net
Subject: Re: [PATCH] secure_seq: initialize secret at boot instead of at runtime
Date: Sun, 15 Jan 2017 16:37:31 +0100	[thread overview]
Message-ID: <587B973B.8040008@iogearbox.net> (raw)
In-Reply-To: <20170115140136.23135-1-Jason@zx2c4.com>

On 01/15/2017 03:01 PM, Jason A. Donenfeld wrote:
> While the static key stuff is fast, it's not as fast as simply not
> having any code to run. So, this patch generates the secret at
> boot, rather than at runtime.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> I can imagine this patch not being desirable because:
>
>    a) It was done this way in the first place for a reason. (Which?)

See git log:

commit aebda156a570782a86fc4426842152237a19427d
Author: Eric Dumazet <edumazet@google.com>
Date:   Mon Apr 29 05:58:52 2013 +0000

     net: defer net_secret[] initialization

     Instead of feeding net_secret[] at boot time, defer the init
     at the point first socket is created.

     This permits some platforms to use better entropy sources than
     the ones available at boot time.

     Signed-off-by: Eric Dumazet <edumazet@google.com>
     Signed-off-by: David S. Miller <davem@davemloft.net>

  reply	other threads:[~2017-01-15 15:37 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-15 14:01 [PATCH] secure_seq: initialize secret at boot instead of at runtime Jason A. Donenfeld
2017-01-15 15:37 ` Daniel Borkmann [this message]
2017-01-15 15:43   ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=587B973B.8040008@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=Jason@zx2c4.com \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.