From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=U9yg=5O=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0ED56C43331
	for <linux-mm@archiver.kernel.org>; Sun, 29 Mar 2020 21:42:29 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id ACF0120714
	for <linux-mm@archiver.kernel.org>; Sun, 29 Mar 2020 21:42:28 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ACF0120714
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=mit.edu
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 0C7806B0010; Sun, 29 Mar 2020 17:42:28 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 078F36B0032; Sun, 29 Mar 2020 17:42:28 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id ECF956B0036; Sun, 29 Mar 2020 17:42:27 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id D23BA6B0010
	for <linux-mm@kvack.org>; Sun, 29 Mar 2020 17:42:27 -0400 (EDT)
Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 99CF445BC
	for <linux-mm@kvack.org>; Sun, 29 Mar 2020 21:42:27 +0000 (UTC)
X-FDA: 76649723934.28.boys37_15676a8cb7363
X-HE-Tag: boys37_15676a8cb7363
X-Filterd-Recvd-Size: 2971
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
	by imf08.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Sun, 29 Mar 2020 21:42:26 +0000 (UTC)
Received: from callcc.thunk.org (pool-72-93-95-157.bstnma.fios.verizon.net [72.93.95.157])
	(authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 02TLgFDb018135
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Sun, 29 Mar 2020 17:42:15 -0400
Received: by callcc.thunk.org (Postfix, from userid 15806)
	id E7763420EBA; Sun, 29 Mar 2020 17:42:14 -0400 (EDT)
Date: Sun, 29 Mar 2020 17:42:14 -0400
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: George Spelvin <lkml@SDF.ORG>
Cc: David Laight <David.Laight@ACULAB.COM>,
        Dan Williams <dan.j.williams@intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Qian Cai <cai@lca.pw>, Kees Cook <keescook@chromium.org>,
        Michal Hocko <mhocko@suse.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linux MM <linux-mm@kvack.org>
Subject: Re: [RFC PATCH v1 00/52] Audit kernel random number use
Message-ID: <20200329214214.GB768293@mit.edu>
References: <202003281643.02SGhPmY017434@sdf.org>
 <CAPcyv4iagZy5m3FpMrQqyOi=_uCzqh5MjbW+J_xiHU1Z1BmF=g@mail.gmail.com>
 <20200328182817.GE5859@SDF.ORG>
 <98bd30f23b374ccbb61dd46125dc9669@AcuMS.aculab.com>
 <20200329174122.GD4675@SDF.ORG>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200329174122.GD4675@SDF.ORG>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sun, Mar 29, 2020 at 05:41:22PM +0000, George Spelvin wrote:
> > Using xor was particularly stupid.
> > The whole generator was then linear and trivially reversable.
> > Just using addition would have made it much stronger.
> 
> I considered changing it to addition (actually, add pairs and XOR the 
> sums), but that would break its self-test.  And once I'd done that,
> there are much better possibilities.
> 
> Actually, addition doesn't make it *much* stronger.  To start
> with, addition and xor are the same thing at the lsbit, so
> observing 113 lsbits gives you a linear decoding problem.

David,

If anyone is trying to rely on prandom_u32() as being "strong" in any
sense of the word in terms of being reversable by attacker --- they
shouldn't be using prandom_u32().  That's going to be true no matter
*what* algorithm we use.

Better distribution?  Sure.  Making prandom_u32() faster?  Absolutely;
that's its primary Raison d'Etre.

George,

Did you send the full set of patches to a single mailing list?  Or can
you make it available on a git tree somewhere?  I've y seen this
message plus the ext4 related change, and I can't find the full patch
series anywhere.  If you can send the next version such that it's
fully cc'ed to linux-kernel, that would be really helpful.

Thanks!!

						- Ted