From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1B60BC433F5 for ; Thu, 6 Oct 2022 06:28:36 +0000 (UTC) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4MjhN2138Cz3cD7 for ; Thu, 6 Oct 2022 17:28:34 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=e0wWc8f7; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=chromium.org (client-ip=2607:f8b0:4864:20::52e; helo=mail-pg1-x52e.google.com; envelope-from=keescook@chromium.org; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=e0wWc8f7; dkim-atps=neutral Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4MjfK131Sgz3c5D for ; Thu, 6 Oct 2022 15:55:48 +1100 (AEDT) Received: by mail-pg1-x52e.google.com with SMTP id bh13so880609pgb.4 for ; Wed, 05 Oct 2022 21:55:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date; bh=51dSYIsgEywaJmdEPyI7vbp82hVQfJ6jQKHayIqsWH8=; b=e0wWc8f7UVTw3oXSVMh5SbOC8/ybqXORh0RfOsp37foz3bEHC+sZdUS2Cb48q2Rals cLwchuP5t4lVTMm+j0edXnLdA6eiOkpTvFVeI+b/+yanhEnnWG77EYRopMXRVrLoop3K nYwrVibqoZRWrTFw38o2fgxxWy4pLnB/kciNo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date; bh=51dSYIsgEywaJmdEPyI7vbp82hVQfJ6jQKHayIqsWH8=; b=3Yim1k4yjzfE3JZUTKuiwNr9+Sld7F/jIm67T1J3wPti/4I3PzwvchsGivUi4gNpaK OJsr+1edVjrLfM/zoMCBsisjdFTw0a3kQ7nNoPxqqwETDxOjbaYk7MS+H5QKhz2nIj/P VvutK188FG89hsq6jqWjDomLEVHy5t4gqvcE6tl9dckeJe2uBoCLWT+4ZjUq1E9AS0WK SseHy/cL1Kdn5TvJxzoYOSeYU2PtJvvAUT0uagbM0s3E+r/VmiGUB9G48ieMAn0HGz3y +sczd4zZSHQhi9e4O2GJtQei54zUyl8meXeIJgAVWAEXCFE9etiB3Qi/00uv1LmfpdsO dNuw== X-Gm-Message-State: ACrzQf0UFfOYUnv8kpeu6MNa4huifB+udTjpUiMT6kM8rD+PbgZtrWle l425SYi6oJKQy+srFcuIHUV/2Q== X-Google-Smtp-Source: AMsMyM48HYcC17YfWxdcqN47yJn5oQWwbAuWOEmTE9E3JPhKRJg4eKNbmI4Bm6DfbK3tY9AIwV8yDw== X-Received: by 2002:a63:d613:0:b0:45a:654:cf16 with SMTP id q19-20020a63d613000000b0045a0654cf16mr2835844pgg.611.1665032145428; Wed, 05 Oct 2022 21:55:45 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s14-20020a17090302ce00b0017a09ebd1e2sm11252393plk.237.2022.10.05.21.55.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Oct 2022 21:55:44 -0700 (PDT) Date: Wed, 5 Oct 2022 21:55:43 -0700 From: Kees Cook To: "Jason A. Donenfeld" Subject: Re: [PATCH v1 0/5] treewide cleanup of random integer usage Message-ID: <202210052148.B11CBC60@keescook> References: <20221005214844.2699-1-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20221005214844.2699-1-Jason@zx2c4.com> X-Mailman-Approved-At: Thu, 06 Oct 2022 17:27:43 +1100 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andrew Lunn , "Darrick J . Wong" , Ulf Hansson , dri-devel@lists.freedesktop.org, Andrii Nakryiko , Hans Verkuil , linux-sctp@vger.kernel.org, "Md . Haris Iqbal" , Miquel Raynal , Christoph Hellwig , Andy Gospodarek , Sergey Matyukevich , Rohit Maheshwari , ceph-devel@vger.kernel.org, Jozsef Kadlecsik , Nilesh Javali , Jean-Paul Roubelat , Dick Kennedy , Jay Vosburgh , Potnuri Bharat Teja , Vinay Kumar Yadav , linux-nfs@vger.kernel.org, Nicholas Piggin , Igor Mitsyanko , Andy Lutomirski , linux-hams@vger.kernel.org, Thomas Gleixner , Trond Myklebust , linux-raid@vger.kernel.org, Neil Horman , Hante Meuleman , Greg Kroah-Hartman , linux-usb@vger.kernel.org, Michael Chan , linux-kernel@vger.kernel.org, Varun Prakash , Chuck Lever , netfilter-devel@vger.kernel.org, Masami Hiramatsu , Jiri Olsa , Jan Kara , linux-fsdevel@vger.kernel.org, Lars Ellenberg , linux-media@vger.kernel.org, Claudiu Beznea , Sharvari Harisangam , linux-fbdev@vger.kernel.org, linux-doc@vger.kernel.org, linux-mmc@vger.kernel.org, Dave Hansen , Song Liu , Eric Dumazet , target-devel@vger.kernel.org, John Stultz , Stanislav Fomichev , Gregory Greenman , drbd-dev@lists.linbit.com, dev@openvswitch.org, Leon Romanovsky , Helge Deller , Hugh Dickins , James Smart , Anil S Keshavamurthy , Pravin B Shelar , Julian Anastasov , coreteam@netfilter.org, Veaceslav Falico , Yonghong Song , Namjae Jeon , linux-crypto@vger.kernel.org, Santosh Shilimkar , Ganapathi Bhat , linux-actions@lists.infradead.org, Simon Horman , Jaegeuk Kim , Mika Westerberg , Andrew Morton , OGAWA Hirofumi , Hao Luo , Theodore Ts'o , Stephen Boyd , Dennis Dalessandro , Florian Westphal , Andreas =?iso-8859-1?Q?F=E4rber?= , Jon Maloy , Vlad Yasevich , Anna Schumaker , Yehezkel Bernat , Haoyue Xu , Heiner Kallweit , linux-wireless@vger.kernel.org, Marcelo Ricardo Leitner , Rasmus Villemoes , linux-nvme@lists.infradead.org, Michal Januszewski , linux-mtd@lists.infradead.org, kasan-dev@googlegroups.com, Cong Wang , Thomas Sailer , Ajay Singh , Xiubo Li , Sagi Grimberg , Daniel Borkmann , Jonathan Corbet , linux-rdma@vger.kernel.org, lvs-devel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, "Naveen N . Rao" , Ilya Dryomov , Paolo Abeni , Pablo Neira Ayuso , Marco Elver , Yury Norov , "James E . J . Bottomley" , Jamal Hadi Salim , KP Singh , Borislav Petkov , Keith Busch , Dan Williams , Mauro Carvalho Chehab , Franky Lin , Arend van Spriel , linux-ext4@vger.kernel.org, Wenpeng Liang , "Martin K . Petersen" , Xinming Hu , linux-stm32@st-md-mailman.stormreply.com, Jeff Layton , linux-xfs@vger.kernel.org, netdev@vger.kernel.org, Ying Xue , Manish Rangankar , "David S . Miller" , Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= , Vignesh Raghavendra , Peter Zijlstra , "H . Peter Anvin" , Alexandre Torgue , Amitkumar Karwar , linux-mm@kvack.org, Andreas Dilger , Ayush Sawal , Andreas Noever , Jiri Pirko , linux-f2fs-devel@lists.sourceforge.net, Jack Wang , Steffen Klassert , rds-devel@oss.oracle.com, Herbert Xu , linux-scsi@vger.kernel.org, dccp@vger.kernel.org, Richard Weinberger , Russell King , Jaehoon Chung , Jason Gunthorpe , SHA-cyfmac-dev-list@infineon.com, Ingo Molnar , Jakub Kicinski , John Fastabend , Maxime Coquelin , Manivannan Sadhasivam , Michael Jamet , Kalle Valo , Chao Yu , Akinobu Mita , linux-block@vger.kernel.org, dmaengine@vger.kernel.org, Hannes Reinecke , Andy Shevchenko , Dmitry Vyukov , Jens Axboe , cake@lists.bufferbloat.net, brcm80211-dev-list.pdl@broadcom.com, Yishai Hadas , Hideaki YOSHIFUJI , linuxppc-dev@lists.ozlabs.org, David Ahern , Philipp Reisner , Stephen Hemminger , Christoph =?iso-8859-1?Q?B=F6hmwalder?= , Vinod Koul , tipc-discussion@lists.sourceforge.net, Thomas Graf , Johannes Berg , Sungjong Seo , Martin KaFai Lau Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Wed, Oct 05, 2022 at 11:48:39PM +0200, Jason A. Donenfeld wrote: > Hi folks, > > This is a five part treewide cleanup of random integer handling. The > rules for random integers are: > > - If you want a secure or an insecure random u64, use get_random_u64(). > - If you want a secure or an insecure random u32, use get_random_u32(). > * The old function prandom_u32() has been deprecated for a while now > and is just a wrapper around get_random_u32(). > - If you want a secure or an insecure random u16, use get_random_u16(). > - If you want a secure or an insecure random u8, use get_random_u8(). > - If you want secure or insecure random bytes, use get_random_bytes(). > * The old function prandom_bytes() has been deprecated for a while now > and has long been a wrapper around get_random_bytes(). > - If you want a non-uniform random u32, u16, or u8 bounded by a certain > open interval maximum, use prandom_u32_max(). > * I say "non-uniform", because it doesn't do any rejection sampling or > divisions. Hence, it stays within the prandom_* namespace. > > These rules ought to be applied uniformly, so that we can clean up the > deprecated functions, and earn the benefits of using the modern > functions. In particular, in addition to the boring substitutions, this > patchset accomplishes a few nice effects: > > - By using prandom_u32_max() with an upper-bound that the compiler can > prove at compile-time is ≤65536 or ≤256, internally get_random_u16() > or get_random_u8() is used, which wastes fewer batched random bytes, > and hence has higher throughput. > > - By using prandom_u32_max() instead of %, when the upper-bound is not a > constant, division is still avoided, because prandom_u32_max() uses > a faster multiplication-based trick instead. > > - By using get_random_u16() or get_random_u8() in cases where the return > value is intended to indeed be a u16 or a u8, we waste fewer batched > random bytes, and hence have higher throughput. > > So, based on those rules and benefits from following them, this patchset > breaks down into the following five steps: > > 1) Replace `prandom_u32() % max` and variants thereof with > prandom_u32_max(max). > > 2) Replace `(type)get_random_u32()` and variants thereof with > get_random_u16() or get_random_u8(). I took the pains to actually > look and see what every lvalue type was across the entire tree. > > 3) Replace remaining deprecated uses of prandom_u32() with > get_random_u32(). > > 4) Replace remaining deprecated uses of prandom_bytes() with > get_random_bytes(). > > 5) Remove the deprecated and now-unused prandom_u32() and > prandom_bytes() inline wrapper functions. > > I was thinking of taking this through my random.git tree (on which this > series is currently based) and submitting it near the end of the merge > window, or waiting for the very end of the 6.1 cycle when there will be > the fewest new patches brewing. If somebody with some treewide-cleanup > experience might share some wisdom about what the best timing usually > winds up being, I'm all ears. It'd be nice to capture some (all?) of the above somewhere. Perhaps just a massive comment in the header? > I've CC'd get_maintainers.pl, which is a pretty big list. Probably some > portion of those are going to bounce, too, and everytime you reply to > this thread, you'll have to deal with a bunch of bounces coming > immediately after. And a recipient list this big will probably dock my > email domain's spam reputation, at least temporarily. Sigh. I think > that's just how it goes with treewide cleanups though. Again, let me > know if I'm doing it wrong. I usually stick to just mailing lists and subsystem maintainers. If any of the subsystems ask you to break this up (I hope not), I've got this[1], which does a reasonable job of splitting a commit up into separate commits for each matching subsystem. Showing that a treewide change can be reproduced mechanically helps with keeping it together as one bit treewide patch, too, I've found. :) Thank you for the cleanup! The "u8 rnd = get_random_u32()" in the tree has bothered me for a loooong time. -Kees -- Kees Cook