| Message ID | 20200901064302.849-1-w@1wt.eu |
|---|---|
| Headers | show |
| Series | prandom_u32: make output less predictable | expand |
On Tue, Sep 1, 2020 at 8:43 AM Willy Tarreau <w@1wt.eu> wrote: > > This is the cleanup of the latest series of prandom_u32 experimentations > consisting in using SipHash instead of Tausworthe to produce the randoms > used by the network stack. The changes to the files were kept minimal, > and the controversial commit that used to take noise from the fast_pool > (f227e3ec3b5c) was reverted. Instead, a dedicated "net_rand_noise" per_cpu > variable is fed from various sources of activities (networking, scheduling) > to perturb the SipHash state using fast, non-trivially predictable data, > instead of keeping it fully deterministic. The goal is essentially to make > any occasional memory leakage or brute-force attempt useless. > > The resulting code was verified to be very slightly faster on x86_64 than > what is was with the controversial commit above, though this remains barely > above measurement noise. It was only build-tested on arm & arm64. > > George Spelvin (1): > random32: make prandom_u32() output unpredictable > > Willy Tarreau (1): > random32: add noise from network and scheduling activity > > drivers/char/random.c | 1 - > include/linux/prandom.h | 55 ++++- > kernel/time/timer.c | 9 +- > lib/random32.c | 438 ++++++++++++++++++++++++---------------- > net/core/dev.c | 4 + > 5 files changed, 326 insertions(+), 181 deletions(-) > > Cc: George Spelvin <lkml@sdf.org> > Cc: Amit Klein <aksecurity@gmail.com> > Cc: Eric Dumazet <edumazet@google.com> > Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> > Cc: Andy Lutomirski <luto@kernel.org> > Cc: Kees Cook <keescook@chromium.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Peter Zijlstra <peterz@infradead.org> > Cc: Linus Torvalds <torvalds@linux-foundation.org> > Cc: tytso@mit.edu > Cc: Florian Westphal <fw@strlen.de> > Cc: Marc Plumb <lkml.mplumb@gmail.com> > Cc: Sedat Dilek <sedat.dilek@gmail.com> > I have tested with the patchset from [1]. ( Later I saw, you dropped "WIP: tcp: reuse incoming skb hash in tcp_conn_request()". ) - Sedat - https://git.kernel.org/pub/scm/linux/kernel/git/wtarreau/prandom.git/log/?h=20200901-siphash-noise > -- > 2.28.0
On Tue, Sep 01, 2020 at 04:41:13PM +0200, Sedat Dilek wrote: > I have tested with the patchset from [1]. > ( Later I saw, you dropped "WIP: tcp: reuse incoming skb hash in > tcp_conn_request()". ) Yes because it's a bit out of the cope of this series and makes sense even without these patches, thus I assume Eric will take care of it separately. Willy
On Tue, Sep 1, 2020 at 4:55 PM Willy Tarreau <w@1wt.eu> wrote: > > On Tue, Sep 01, 2020 at 04:41:13PM +0200, Sedat Dilek wrote: > > I have tested with the patchset from [1]. > > ( Later I saw, you dropped "WIP: tcp: reuse incoming skb hash in > > tcp_conn_request()". ) > > Yes because it's a bit out of the cope of this series and makes sense > even without these patches, thus I assume Eric will take care of it > separately. Yes, I am still pondering on this one and really there is no hurry.