Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1676518ybb; Sun, 29 Mar 2020 10:35:33 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvlDBQezqh+IwTM0+xIekjQCvz7mIdLyF7BUAaQee/q0O9F9y67kZb+4OedVV3hHiYHH/+F X-Received: by 2002:aca:1a04:: with SMTP id a4mr3301031oia.47.1585503333008; Sun, 29 Mar 2020 10:35:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585503333; cv=none; d=google.com; s=arc-20160816; b=is+KZpx7nOvYz+MEj0bcVusxoBJXHLGkEDFrT89RT+DcE2jJLaTqokcl++uzjTbE2Y buTC6wvDFNr8+jmcbSJa1oHR2Gvc9RNosjbtlM3GQ6yX1bgrR0Ss5zCBfgCi8owClbQu OI6eEViKLc/jeVv61gsxXx4skqdzZUZlUwtNq7nFipKid4BVQfZ/6hjfYPaGB74EZ7kI 4ZPIDXrHklTYogmsAHNacpgGFvYry7UN58gLGVIB3WLBSDWIezX5pnfZfcrLzD0eCaTt 9v0Gn1VbEEFGOdYDgLcWRh6SjNEdqzjBbbjsVUZHJg5BDe5sq6AbD/zSURoZhjQio6sg RbWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=NrgM4cI02lFwnN1tDr0nRqp8mFPXhdfF5jQdn5zVldw=; b=DODaHv2qMU+lpU4G0KZaL6GSpJbSdJB37O+7BFvaoG0YRfAswdQvONBA9rgkApQdEi nhBW68qVgE25rBNMcd4x347MxtyTs2beWkprfjQmjX8ZG4xY3yU6aiOTVQ+D7Pmv+VmB qLl/wzUrUbjB9kjoOoDFHKJ0fc62dod0EewEJLuLVPoihMWCB5847vXomq3kKerat78G byHqreVmeER89lpfie6W8MIh7H4FIkZs+OvCrwVLExFjE5QRZcsxVw/lwk2H33PyrZDi MpxmjCJr0w2ssFgPYH8KAz/Qr+T8btAgdEK7vLoPVTDP9x73mYwtP1ID/KdUrxQXYWIF CREA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t3si5358453oth.83.2020.03.29.10.35.17; Sun, 29 Mar 2020 10:35:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728426AbgC2Qwa (ORCPT + 99 others); Sun, 29 Mar 2020 12:52:30 -0400 Received: from mx.sdf.org ([205.166.94.20]:61333 "EHLO mx.sdf.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727323AbgC2Qwa (ORCPT ); Sun, 29 Mar 2020 12:52:30 -0400 Received: from sdf.org (IDENT:lkml@sdf.lonestar.org [205.166.94.16]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 02TGq4Aa019498 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO); Sun, 29 Mar 2020 16:52:05 GMT Received: (from lkml@localhost) by sdf.org (8.15.2/8.12.8/Submit) id 02TGq45F000077; Sun, 29 Mar 2020 16:52:04 GMT Date: Sun, 29 Mar 2020 16:52:04 +0000 From: George Spelvin To: Bernard Metzler Cc: linux-kernel@vger.kernel.org, Doug Ledford , Jason Gunthorpe , linux-rdma@vger.kernel.org, Faisal Latif , Shiraz Saleem , Bart Van Assche , lkml@sdf.org Subject: Re: [RFC PATCH v1 42/50] drivers/ininiband: Use get_random_u32() Message-ID: <20200329165204.GC4675@SDF.ORG> References: <202003281643.02SGhN9T020186@sdf.org> MIME-Version: 1.0 Content-Type: text/plain Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Mar 29, 2020 at 03:01:36PM +0000, Bernard Metzler wrote: > -----"George Spelvin" wrote: ----- >> Subject: [EXTERNAL] [RFC PATCH v1 42/50] drivers/ininiband: Use get_random_u32() >> >> There's no need to get_random_bytes() into a temporary buffer. >> >> This is not a no-brainer change; get_random_u32() has slightly weaker >> security guarantees, but code like this is the classic example of when >> it's appropriate: the random value is stored in the kernel for as long >> as it's valuable. >> >> TODO: Could any of the call sites be further weakened to prandom_u32()? >> If we're randomizing to avoid collisions with a *cooperating* (as opposed >> to malicious) partner, we don't need cryptographic strength. >> >> Signed-off-by: George Spelvin >> Cc: Doug Ledford >> Cc: Jason Gunthorpe >> Cc: linux-rdma@vger.kernel.org >> Cc: Faisal Latif >> Cc: Shiraz Saleem >> Cc: Bart Van Assche >> Cc: Bernard Metzler >> diff --git a/drivers/infiniband/sw/siw/siw_verbs.c >> b/drivers/infiniband/sw/siw/siw_verbs.c >> index 5fd6d6499b3d7..42f3ced4ca7c7 100644 >> --- a/drivers/infiniband/sw/siw/siw_verbs.c >> +++ b/drivers/infiniband/sw/siw/siw_verbs.c >> @@ -1139,7 +1139,7 @@ int siw_create_cq(struct ib_cq *base_cq, const >> struct ib_cq_init_attr *attr, >> rv = -ENOMEM; >> goto err_out; >> } >> - get_random_bytes(&cq->id, 4); >> + cq->id = get_random_u32(); >> siw_dbg(base_cq->device, "new CQ [%u]\n", cq->id); >> >> spin_lock_init(&cq->lock); > Speaking for the siw driver only, these two changes are looking > good to me. What is needed is a pseudo-random number, not > to easy to guess for the application. get_random_u32() provides that. > > Thanks! > > Reviewed-by: Bernard Metzler Just so you know, get_random_u32() is still crypto-strength: it is unguessable even to a resourceful attacker with access to large amounts of other get_random_u32() output. prandom_u32() is much cheaper, but although well seeded and distributed (so equally resistant to accidental collisions), *is* guessable if someone really wants to work at it. Many intra-machine networks (like infiniband) are specifically not designed to be robust in the face of malicious actors on the network. A random transaction ID is sent in the clear, and a malicious actor wanting to interfere could simply copy it. In such cases, there's no need for crypto-grade numbers, because the network already assumes that nobody's actively trying to create collisions. You seem to be saying that the siw driver could use prandom_u32().