From: Thomas Gleixner <tglx@linutronix.de>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
X86 ML <x86@kernel.org>, Nadia Heninger <nadiah@cs.ucsd.edu>,
Thomas Ristenpart <ristenpart@cornell.edu>,
Theodore Ts'o <tytso@mit.edu>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
Florian Weimer <fweimer@redhat.com>
Subject: Re: [PATCH RFC v1] random: implement getrandom() in vDSO
Date: Wed, 03 Aug 2022 00:27:43 +0200 [thread overview]
Message-ID: <87zggmqo0w.ffs@tglx> (raw)
In-Reply-To: <CAHmME9pNN6Pc_1NaMDv+hqv_ULXiVUYFXM=Xigu_StvGS_-53A@mail.gmail.com>
Jason!
On Tue, Aug 02 2022 at 17:26, Jason A. Donenfeld wrote:
> On Tue, Aug 2, 2022 at 5:14 PM Thomas Gleixner <tglx@linutronix.de> wrote:
>> Seriously no.
>
> Why so serious all at once? :-)
Because you triggered the 'now it gets serious' button with your "it's
the same" sentiment.
>> All existing VDSO functions have exactly the same function
>> signature and semantics as their syscall counterparts. So they are drop
>> in equivalent.
>>
>> But:
>>
>> ssize_t getrandom(void *, void *, size_t, unsigned int);
>>
>> is very much different than
>>
>> ssize_t getrandom(void *, size_t, unsigned int);
>>
>> Different signature and different semantics.
>
> Different signature, but basically the same semantics.
Not at all. The concept of 'basically same semantics' is a delusion. It
does not exist. Either it's the same or it's not.
I really want to see your reaction on a claim that some RNG
implementation is basically the same as the existing one. I'm sure you
buy that without complaints.
>> So you have to go through the whole process of a new ABI whether you
>> like it or not.
>
> Ahh, in that sense. Yea, I'd rather not have to do that too, with the
> additional opaque handle passed as the first argument. It'd be nice if
> there were some private place where I could store the necessary state,
> but I'm not really sure where that might be at the moment. If you have
> any ideas, please let me know.
That's exactly the problem. VDSO is a stateless syscall wrapper which
has to be self contained for obvious reasons.
My previous statement:
Everything else is library material, really.
is based on that fact and not on the unwillingness to add magic muck to
the VDSO.
The unwillingness part is just the question:
Is there a sensible usecase?
Assumed that there is a sensible usecase, there is a way out and that's
exactly the library part. You can make that VDSO interface versioned and
provide a library in tools/random/ which goes in lockstep with the VDSO
changes.
If the RNG tinkerers abuse that, then so be it. You can't do anything
about it whatever you try. They can abuse your magic vdso functionality
too.
That's very much the same as we have with e.g. perf. The old perf binary
still works, but it does not have access to the latest and greatest
features.
You can do very much the same in a kernel supplied helper library which
either can cope with the version change or falls back to
sys_getrandom().
Vs. the storage problem. That yells TLS, but that makes your process
wide sharing moot, which might not be the worst of all things IMO.
Thanks,
tglx
next prev parent reply other threads:[~2022-08-02 22:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-29 14:55 [PATCH RFC v1] random: implement getrandom() in vDSO Jason A. Donenfeld
2022-07-29 20:19 ` Florian Weimer
2022-07-29 22:06 ` Jason A. Donenfeld
2022-07-30 15:48 ` Linus Torvalds
2022-07-30 23:45 ` Jason A. Donenfeld
2022-07-31 0:23 ` Jason A. Donenfeld
2022-07-31 1:31 ` [PATCH RFC v2] " Jason A. Donenfeld
2022-08-01 8:48 ` Florian Weimer
2022-08-01 12:49 ` Jason A. Donenfeld
2022-08-01 13:29 ` Jason A. Donenfeld
2022-08-01 13:00 ` Jason A. Donenfeld
2022-08-01 20:48 ` Thomas Gleixner
2022-08-01 23:41 ` Jason A. Donenfeld
2022-08-02 0:12 ` Jason A. Donenfeld
2022-08-01 19:30 ` [PATCH RFC v1] " Thomas Gleixner
2022-08-01 23:16 ` Jason A. Donenfeld
2022-08-02 13:46 ` Thomas Gleixner
2022-08-02 13:59 ` Jason A. Donenfeld
2022-08-02 15:14 ` Thomas Gleixner
2022-08-02 15:26 ` Jason A. Donenfeld
2022-08-02 22:27 ` Thomas Gleixner [this message]
2022-08-04 15:23 ` Jason A. Donenfeld
2022-08-04 16:08 ` Jeffrey Walton
2022-08-04 23:11 ` Thomas Gleixner
2022-08-17 8:20 ` Peter Zijlstra
2022-08-05 8:36 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zggmqo0w.ffs@tglx \
--to=tglx@linutronix.de \
--cc=Jason@zx2c4.com \
--cc=adhemerval.zanella@linaro.org \
--cc=fweimer@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nadiah@cs.ucsd.edu \
--cc=ristenpart@cornell.edu \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=vincenzo.frascino@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox