From: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Ryan Roberts <ryan.roberts@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Paul Walmsley <pjw@kernel.org>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Kees Cook <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ardb@kernel.org>,
Jeremy Linton <jeremy.linton@arm.com>,
David Laight <david.laight.linux@gmail.com>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, loongarch@lists.linux.dev,
linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org,
linux-s390@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v4 2/3] prandom: Add __always_inline version of prandom_u32_state()
Date: Fri, 30 Jan 2026 17:16:32 +0100 [thread overview]
Message-ID: <993fb876-7958-4f1d-ba69-2601976a42d7@kernel.org> (raw)
In-Reply-To: <aXpArjZ1QQowshnA@zx2c4.com>
Le 28/01/2026 à 18:00, Jason A. Donenfeld a écrit :
> On Mon, Jan 19, 2026 at 01:01:09PM +0000, Ryan Roberts wrote:
>> We will shortly use prandom_u32_state() to implement kstack offset
>> randomization and some arches need to call it from non-instrumentable
>> context. So let's implement prandom_u32_state() as an out-of-line
>> wrapper around a new __always_inline prandom_u32_state_inline(). kstack
>> offset randomization will use this new version.
>>
>> Acked-by: Mark Rutland <mark.rutland@arm.com>
>> Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
>> ---
>> include/linux/prandom.h | 20 ++++++++++++++++++++
>> lib/random32.c | 8 +-------
>> 2 files changed, 21 insertions(+), 7 deletions(-)
>>
>> diff --git a/include/linux/prandom.h b/include/linux/prandom.h
>> index ff7dcc3fa105..801188680a29 100644
>> --- a/include/linux/prandom.h
>> +++ b/include/linux/prandom.h
>> @@ -17,6 +17,26 @@ struct rnd_state {
>> __u32 s1, s2, s3, s4;
>> };
>>
>> +/**
>> + * prandom_u32_state_inline - seeded pseudo-random number generator.
>> + * @state: pointer to state structure holding seeded state.
>> + *
>> + * This is used for pseudo-randomness with no outside seeding.
>> + * For more random results, use get_random_u32().
>> + * For use only where the out-of-line version, prandom_u32_state(), cannot be
>> + * used (e.g. noinstr code).
>> + */
>> +static __always_inline u32 prandom_u32_state_inline(struct rnd_state *state)
>
> This is pretty bikesheddy and I'm not really entirely convinced that my
> intuition is correct here, but I thought I should at least ask. Do you
> think this would be better called __prandom_u32_state(), where the "__"
> is kind of a, "don't use this directly unless you know what you're doing
> because it's sort of internal"? It seems like either we make this inline
> for everybody, or if there's a good reason for having most users use the
> non-inline version, then we should be careful that new users don't use
> the inline version. I was thinking the __ would help with that.
I looked into kernel sources and there are several functions named
something_something_else_inline() and it doesn't mean those functions
get inlined, so I would also prefer __prandom_u32_state() which means
"If you use it you know what you are doing", just like __get_user() for
instance.
However maybe we could also reconsider making it inline for everyone. We
have spotted half a dozen of places where the code size increases a lot
when forcing it inline, but those places deserve a local trampoline to
avoid code duplication, and then the compiler decides to inline or not.
Because there are also several places that benefit from the inlining
because it allows GCC to simplify the calculation, for instance when
some calculation is performed with the result like with
(prandom_u32_state(rng) % ceil) where ceil is 2 or 4.
That can of course be done as a followup patch but it means at the end
we will have to rename all __prandom_u32_state() to prandom_u32_state().
Or should we do the other way round ? Make __prandom_u32_state() the
out-of-line version and just change the few places where the size
explodes like drm_test_buddy_alloc_range_bias(), loss_gilb_ell(),
generate_random_testvec_config(), generate_random_sgl_divisions(),
mutate_buffer(), ... ?
Christophe
next prev parent reply other threads:[~2026-01-30 16:16 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-19 13:01 [PATCH v4 0/3] Fix bugs and performance of kstack offset randomisation Ryan Roberts
2026-01-19 13:01 ` [PATCH v4 1/3] randomize_kstack: Maintain kstack_offset per task Ryan Roberts
2026-01-19 16:10 ` Dave Hansen
2026-01-19 16:51 ` Ryan Roberts
2026-01-19 16:53 ` Dave Hansen
2026-01-19 13:01 ` [PATCH v4 2/3] prandom: Add __always_inline version of prandom_u32_state() Ryan Roberts
2026-01-28 17:00 ` Jason A. Donenfeld
2026-01-28 17:33 ` Ryan Roberts
2026-01-28 18:32 ` David Laight
2026-01-30 16:16 ` Christophe Leroy (CS GROUP) [this message]
2026-01-19 13:01 ` [PATCH v4 3/3] randomize_kstack: Unify random source across arches Ryan Roberts
2026-01-20 23:50 ` kernel test robot
2026-01-21 10:20 ` David Laight
2026-01-21 14:48 ` David Laight
2026-01-21 10:52 ` Ryan Roberts
2026-01-21 12:32 ` Mark Rutland
2026-02-18 15:20 ` Ryan Roberts
2026-02-22 21:34 ` Thomas Gleixner
2026-02-23 9:41 ` David Laight
2026-03-03 14:43 ` Ryan Roberts
2026-01-19 16:00 ` [PATCH v4 0/3] Fix bugs and performance of kstack offset randomisation Dave Hansen
2026-01-19 16:44 ` Kees Cook
2026-01-19 16:51 ` Dave Hansen
2026-01-20 16:32 ` Ryan Roberts
2026-01-20 16:37 ` Dave Hansen
2026-01-20 16:45 ` Ryan Roberts
2026-01-20 18:45 ` David Laight
2026-01-19 16:25 ` Heiko Carstens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=993fb876-7958-4f1d-ba69-2601976a42d7@kernel.org \
--to=chleroy@kernel.org \
--cc=Jason@zx2c4.com \
--cc=agordeev@linux.ibm.com \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=david.laight.linux@gmail.com \
--cc=gor@linux.ibm.com \
--cc=gustavoars@kernel.org \
--cc=hca@linux.ibm.com \
--cc=jeremy.linton@arm.com \
--cc=kees@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=loongarch@lists.linux.dev \
--cc=maddy@linux.ibm.com \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=palmer@dabbelt.com \
--cc=pjw@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox