From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Thomas Weißschuh" <thomas.weissschuh@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.net>,
Andreas Larsson <andreas@gaisler.com>,
Nick Alcock <nick.alcock@oracle.com>,
John Stultz <jstultz@google.com>, Stephen Boyd <sboyd@kernel.org>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
Shuah Khan <shuah@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Theodore Ts'o <tytso@mit.edu>,
Russell King <linux@armlinux.org.uk>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Huacai Chen <chenhuacai@kernel.org>,
WANG Xuerui <kernel@xen0n.name>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Shannon Nelson <sln@onemain.com>,
linux-kernel@vger.kernel.org, sparclinux@vger.kernel.org,
linux-kselftest@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org, loongarch@lists.linux.dev,
linux-mips@vger.kernel.org, linux-s390@vger.kernel.org
Subject: Re: [PATCH v5 19/34] random: vDSO: only access vDSO datapage after random_init()
Date: Mon, 10 Nov 2025 12:40:17 +0100 [thread overview]
Message-ID: <aRHPIXATFJAEv-CF@zx2c4.com> (raw)
In-Reply-To: <20251110114550-a3f2afa8-4f86-4048-be5b-2dc4f4ef340d@linutronix.de>
On Mon, Nov 10, 2025 at 12:24:13PM +0100, Thomas Weißschuh wrote:
> > > > For example, one clean way of
> > > > doing that would be to make vdso_k_rng_data always valid by having it
> > > > initially point to __initdata memory, and then when it's time to
> > > > initialize the real datapage, memcpy() the __initdata memory to the new
> > > > specially allocated memory. Then we don't need the complex state
> > > > tracking that this commit and the prior one introduce.
> > >
> > > Wouldn't that require synchronization between the update path and the memcpy()
> > > path? Also if the pointer is going to change at some point we'll probably need
> > > to use READ_ONCE()/WRITE_ONCE(). In general I would be happy about a cleaner
> > > solution for this but didn't find a great one.
> >
> > This is still before userspace has started, and interrupts are disabled,
> > so I don't think so?
>
> Interrupts being disabled is a good point. But we are still leaking
> implementation details from the random code into the vdso datastore.
It wouldn't. You do this generically with memcpy().
>
> > Also, you only care about being after
> > mm_core_init(), right? So move your thing before sched_init() and then
> > you'll really have nothing to worry about.
>
> The callchains random_init_early() -> crng_reseed()/_credit_init_bits() could
> still touch the datapage before it is allocated.
> Adding conditionals to prevent those is essentially what my patch does.
I think I wasn't very clear in my proposal, because this isn't an issue
in it.
Global scope:
static struct vdso_rng_data placeholder_vdso_k_rng_data __initdata;
struct vdso_rng_data *vdso_k_rng_data = &placeholder_vdso_k_rng_data;
Then,
void __init vdso_setup_data_pages(void)
{
...
vdso_k_rng_data = blabla();
...
memcpy(vdso_k_rng_data, &placeholder_vdso_k_rng_data, sizeof(*vdso_k_rng_data);
...
}
If vdso_setup_data_pages() is called early enough in init, this is safe
to do, and then you don't need to muck up the random code with awful
state machine ordering stuff.
Jason
next prev parent reply other threads:[~2025-11-10 11:40 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 10:01 [PATCH v5 00/34] sparc64: vdso: Switch to the generic vDSO library Thomas Weißschuh
2025-11-06 10:01 ` [PATCH v5 01/34] selftests: vDSO: vdso_test_correctness: Handle different tv_usec types Thomas Weißschuh
2025-11-06 10:01 ` [PATCH v5 02/34] arm64: vDSO: getrandom: Explicitly include asm/alternative.h Thomas Weißschuh
2025-11-06 10:01 ` [PATCH v5 03/34] arm64: vDSO: gettimeofday: Explicitly include vdso/clocksource.h Thomas Weißschuh
2025-11-06 10:01 ` [PATCH v5 04/34] arm64: vDSO: compat_gettimeofday: Add explicit includes Thomas Weißschuh
2025-11-06 10:01 ` [PATCH v5 05/34] ARM: vdso: gettimeofday: " Thomas Weißschuh
2025-11-06 10:01 ` [PATCH v5 06/34] powerpc/vdso/gettimeofday: Explicitly include vdso/time32.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 07/34] powerpc/vdso: Explicitly include asm/cputable.h and asm/feature-fixups.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 08/34] LoongArch: vDSO: Explicitly include asm/vdso/vdso.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 09/34] MIPS: vdso: Add include guard to asm/vdso/vdso.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 10/34] MIPS: vdso: Explicitly include asm/vdso/vdso.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 11/34] random: vDSO: Add explicit includes Thomas Weißschuh
2025-11-07 23:59 ` Jason A. Donenfeld
2025-11-06 10:02 ` [PATCH v5 12/34] vdso/gettimeofday: " Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 13/34] vdso/helpers: Explicitly include vdso/processor.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 14/34] vdso/datapage: Remove inclusion of gettimeofday.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 15/34] vdso/datapage: Trim down unnecessary includes Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 16/34] random: vDSO: trim vDSO includes Thomas Weißschuh
2025-11-07 23:49 ` Jason A. Donenfeld
2025-11-08 0:00 ` Jason A. Donenfeld
2025-11-06 10:02 ` [PATCH v5 17/34] random: vDSO: remove ifdeffery Thomas Weißschuh
2025-11-07 23:37 ` Jason A. Donenfeld
2025-11-10 8:45 ` Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 18/34] random: vDSO: split out datapage update into helper functions Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 19/34] random: vDSO: only access vDSO datapage after random_init() Thomas Weißschuh
2025-11-07 23:46 ` Jason A. Donenfeld
2025-11-10 9:04 ` Thomas Weißschuh
2025-11-10 10:37 ` Jason A. Donenfeld
2025-11-10 11:24 ` Thomas Weißschuh
2025-11-10 11:40 ` Jason A. Donenfeld [this message]
2025-11-06 10:02 ` [PATCH v5 20/34] s390/time: Set up vDSO datapage later Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 21/34] vdso/datastore: Reduce scope of some variables in vvar_fault() Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 22/34] vdso/datastore: Drop inclusion of linux/mmap_lock.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 23/34] vdso/datastore: Allocate data pages dynamically Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 24/34] sparc64: vdso: Link with -z noexecstack Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 25/34] sparc64: vdso: Remove obsolete "fake section table" reservation Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 26/34] sparc64: vdso: Replace code patching with runtime conditional Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 27/34] sparc64: vdso: Move hardware counter read into header Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 28/34] sparc64: vdso: Move syscall fallbacks " Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 29/34] sparc64: vdso: Introduce vdso/processor.h Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 30/34] sparc64: vdso: Switch to the generic vDSO library Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 31/34] sparc64: vdso2c: Drop sym_vvar_start handling Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 32/34] sparc64: vdso2c: Remove symbol handling Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 33/34] sparc64: vdso: Implement clock_gettime64() Thomas Weißschuh
2025-11-06 10:02 ` [PATCH v5 34/34] clocksource: remove ARCH_CLOCKSOURCE_DATA Thomas Weißschuh
2025-11-06 12:55 ` [PATCH v5 00/34] sparc64: vdso: Switch to the generic vDSO library Aithal, Srikanth
2025-11-06 14:02 ` Mark Brown
2025-11-06 17:20 ` Arnd Bergmann
2025-11-08 0:17 ` Andy Lutomirski
2025-11-08 10:17 ` Arnd Bergmann
2025-11-09 3:23 ` Maciej W. Rozycki
2025-11-09 16:08 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRHPIXATFJAEv-CF@zx2c4.com \
--to=jason@zx2c4.com \
--cc=agordeev@linux.ibm.com \
--cc=andreas@gaisler.com \
--cc=arnd@arndb.de \
--cc=borntraeger@linux.ibm.com \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=davem@davemloft.net \
--cc=glaubitz@physik.fu-berlin.de \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=jstultz@google.com \
--cc=kernel@xen0n.name \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=loongarch@lists.linux.dev \
--cc=luto@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=nick.alcock@oracle.com \
--cc=npiggin@gmail.com \
--cc=sboyd@kernel.org \
--cc=shuah@kernel.org \
--cc=sln@onemain.com \
--cc=sparclinux@vger.kernel.org \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=thomas.weissschuh@linutronix.de \
--cc=tsbogend@alpha.franken.de \
--cc=tytso@mit.edu \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).