From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932594AbdJYKGI (ORCPT ); Wed, 25 Oct 2017 06:06:08 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:40817 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932577AbdJYKGD (ORCPT ); Wed, 25 Oct 2017 06:06:03 -0400 X-ME-Sender: Date: Wed, 25 Oct 2017 21:05:59 +1100 From: "Tobin C. Harding" To: "Jason A. Donenfeld" Cc: kernel-hardening@lists.openwall.com, "Theodore Ts'o" , Linus Torvalds , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , LKML Subject: Re: [PATCH v7] printk: hash addresses printed with %p Message-ID: <20171025100559.GH15832@eros> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: Mutt 1.5.24 (2015-08-30) User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 25, 2017 at 06:00:21AM +0200, Jason A. Donenfeld wrote: > On Wed, Oct 25, 2017 at 5:49 AM, Tobin C. Harding wrote: > > static_branch_disable(&no_ptr_secret) : Doesn't sleep, just atomic read > > and set and maybe a WARN_ONCE. > > Are you sure about that? I just looked myself, and though there is a > !HAVE_JUMP_LABEL ifdef that does what you described, there's also a > HAVE_JUMP_LABEL that takes a mutex, which sleeps: > > static_branch_disable > static_key_disable > cpus_read_lock > percpu_down_read > percpu_down_read_preempt_disable > might_sleep Hilarious, the actual function name is 'might_sleep' and I missed it. I love being wrong, it means I'm learning. Thanks for taking the time to point this out. > > Now for the 'executes from process context' stuff. > > Er, sorry, I meant to write non-process context in my original > message, which is generally where you're worried about sleeping. Tomorrow I'm going to re-read 'sleeping' sections from ldd3 and Love. > > If the callback mechanism is utilized (i.e print before randomness is > > ready) then the call back will be executed the next time the randomness > > pool gets added to > > So it sounds to me like this might be called in non-process context. > Disaster. I realize the static_key thing was my idea in the original > email, so sorry for leading you astray. You bastard. > But moving to do this in > early_initcall wound up fixing other issues too, so all and all a net > good in going this direction. I wanted to know how to do this since Linus said 'boot time variable' in one of the first comments on this topic. So I'm super glad you pointed it out. > Two options: you stick with static_branch, because it's cool and speed > is fun, and work around all of the above with a call to queue_work so > that static_branch_enable is called only from process context. > > Or, you give up on static_key, because it's not actually super > necessary, and instead just use an atomic, and reason that using `if > (unlikely(!atomic_read(&whatever)))` is probably good enough. In this > option, the code would be pretty much the same as v7, except you'd > s/static_branch/atomic_t/, and change the helpers, etc. This is > probably the more reasonable way. I'm going to sleep, then re-reading these bits. thanks Jason, appreciate your input big time. Cheers, Tobin.