From: "Theodore Ts'o" <tytso@mit.edu>
To: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Cc: Eric Dumazet <edumazet@google.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Vignesh Raghavendra <vigneshr@ti.com>,
Peter Zijlstra <peterz@infradead.org>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Alexei Starovoitov <ast@kernel.org>,
dri-devel@lists.freedesktop.org, Song Liu <song@kernel.org>,
linux-mtd@lists.infradead.org,
Stanislav Fomichev <sdf@google.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
Christoph Lameter <cl@linux.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Richard Weinberger <richard@nod.at>,
x86@kernel.org, John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
ilay.bahat1@gmail.com, Ingo Molnar <mingo@redhat.com>,
David Rientjes <rientjes@google.com>, Yonghong Song <yhs@fb.com>,
Paolo Abeni <pabeni@redhat.com>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
Petr Mladek <pmladek@suse.com>,
david.keisarschm@mail.huji.ac.il,
Dave Hansen <dave.hansen@linux.intel.com>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
Miquel Raynal <miquel.raynal@bootlin.com>,
intel-gfx@lists.freedesktop.org,
Steven Rostedt <rostedt@goodmis.org>,
KP Singh <kpsingh@kernel.org>, Jakub Kicinski <kuba@kernel.org>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Borislav Petkov <bp@alien8.de>, Hannes Reinecke <hare@suse.de>,
Andy Lutomirski <luto@kernel.org>, Jiri Pirko <jiri@nvidia.com>,
Thomas Gleixner <tglx@linutronix.de>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
bpf@vger.kernel.org, Vlastimil Babka <vbabka@suse.cz>,
Hao Luo <haoluo@google.com>,
linux-scsi@vger.kernel.org,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-mm@kvack.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, Pekka Enberg <penberg@kernel.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
aksecurity@gmail.com, Jiri Olsa <jolsa@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH 1/5] Renaming weak prng invocations - prandom_bytes_state, prandom_u32_state
Date: Wed, 14 Dec 2022 13:28:47 -0500 [thread overview]
Message-ID: <Y5oV3zVhc2C2sUaF@mit.edu> (raw)
In-Reply-To: <20221214162117.GC1062210@linux.intel.com>
On Wed, Dec 14, 2022 at 05:21:17PM +0100, Stanislaw Gruszka wrote:
> On Wed, Dec 14, 2022 at 04:15:49PM +0100, Eric Dumazet wrote:
> > On Wed, Dec 14, 2022 at 1:34 PM Stanislaw Gruszka
> > <stanislaw.gruszka@linux.intel.com> wrote:
> > >
> > > On Mon, Dec 12, 2022 at 03:35:20PM +0100, Jason A. Donenfeld wrote:
> > > > Please CC me on future revisions.
> > > >
> > > > As of 6.2, the prandom namespace is *only* for predictable randomness.
> > > > There's no need to rename anything. So nack on this patch 1/5.
> > >
> > > It is not obvious (for casual developers like me) that p in prandom
> > > stands for predictable. Some renaming would be useful IMHO.
I disagree. pseudo-random has *always* menat "predictable". And the
'p' in prandom was originally "pseudo-random". In userspace,
random(3) is also pseudo-random, and is ***utterly*** predictable. So
the original use of prandom() was a bit more of an explicit nod to the
fact that prandom is something which is inherently predictable.
So I don't think it's needed to rename it, whether it's to
"predictable_rng_prandom_u32", or "no_you_idiot_dont_you_dare_use_it_for_cryptographi_purposes_prandom_u32".
I think we need to assume a certain base level of competence,
especially for someone who is messing with security psensitive kernel
code. If a developer doesn't know that a prng is predictable, that's
probably the *least* of the sort of mistakes that they might make.
- Ted
next prev parent reply other threads:[~2022-12-14 18:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1670778651.git.david.keisarschm@mail.huji.ac.il>
2022-12-11 22:16 ` david.keisarschm
2022-12-12 8:35 ` Andy Shevchenko
2022-12-12 14:35 ` Jason A. Donenfeld
2022-12-14 12:33 ` Stanislaw Gruszka
2022-12-14 15:15 ` Eric Dumazet
2022-12-14 15:53 ` Andy Shevchenko
2022-12-14 15:57 ` Andy Shevchenko
2022-12-14 16:21 ` Stanislaw Gruszka
2022-12-14 18:28 ` Theodore Ts'o [this message]
2022-12-11 22:16 ` [PATCH 3/5] Replace invocation of weak PRNG in mm/slab.c david.keisarschm
2022-12-11 22:16 ` [PATCH 4/5] Replace invocation of weak PRNG inside mm/slab_common.c david.keisarschm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5oV3zVhc2C2sUaF@mit.edu \
--to=tytso@mit.edu \
--cc=42.hyeyoo@gmail.com \
--cc=Jason@zx2c4.com \
--cc=akpm@linux-foundation.org \
--cc=aksecurity@gmail.com \
--cc=andrii@kernel.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=cl@linux.com \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=david.keisarschm@mail.huji.ac.il \
--cc=dri-devel@lists.freedesktop.org \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=hare@suse.de \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=ilay.bahat1@gmail.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jejb@linux.ibm.com \
--cc=jiri@nvidia.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luto@kernel.org \
--cc=martin.lau@linux.dev \
--cc=martin.petersen@oracle.com \
--cc=mingo@redhat.com \
--cc=miquel.raynal@bootlin.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=richard@nod.at \
--cc=rientjes@google.com \
--cc=rodrigo.vivi@intel.com \
--cc=roman.gushchin@linux.dev \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=senozhatsky@chromium.org \
--cc=song@kernel.org \
--cc=stanislaw.gruszka@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tvrtko.ursulin@linux.intel.com \
--cc=vbabka@suse.cz \
--cc=vigneshr@ti.com \
--cc=x86@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox