Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1872061ybb;
        Sun, 29 Mar 2020 15:51:07 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vshEyd7Nd/mETHxiO/nTSzLO3p5EawMmTUVGszF+vujPt7yqmJw83/IBGFHVcbSQhc4px7Y
X-Received: by 2002:aca:bac1:: with SMTP id k184mr6014652oif.157.1585522266981;
        Sun, 29 Mar 2020 15:51:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585522266; cv=none;
        d=google.com; s=arc-20160816;
        b=KMcrN6P6IPhvhM21+r7BX54zVAEir0UAcTjNh6udBT8Xv5mxn6X1fAKZ8czkcJkLTV
         iRkX4nbHiD/m37FJmsuJ3DEFGcQ42Qti37QRK1Bh2dlUaJEUWfLT0p/nB4IFwSK97uYQ
         3GG09ZPSaqYhKubl36UKtW7CzdX7Rvxbpu3BpL8KcguqLKoa1G1xIbSTqiKoSwoBobYj
         oDa8Q7OYMB4ZZcYGfwwsyW5KAZNHoliIjoJUYuzuiT51cTRGJCje9EyTT5Qv+hBnJkJ6
         LjJnjcTGl3ZbiOqxgWOIlpuSOGUUAqj2COG+Tot14erSSzL3OpXf3rpQcsG9D704EC4X
         9p6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=54uE6COwAkjt0qo1lPoinfAKtkOGZpbEbkYRm/NE3oc=;
        b=nBLC1Lz9t4XrNNnDutBr+84aePrIx/1CKtPnQMAgFhCxVC4Ht32RXUCS2bMXxv33yA
         ++6ZO5uGAQqWlGnQB5nlUQPSDRJp6VHyX2Ho7tMVj4ayxMkGpd8xrAXVqcdLVfR0btwh
         Rf3N5xXq9wjpphGs2aJJZIk3MgaNRWmv22kNR6P94uOE3sgW8BB9eS7J23GXicEtjdmV
         YVWqI73XjLUeFa09Le3FOMKab8ijSsyjoVZ5pJUf6OIQNEJq0qvCS9h4oHRBx0D/Kbz/
         K6zHAY/ZoDHuRGdiQA+7WxVrdT8yAvwjMb57RJTD0y9Cyn4g/7uReHb2AA3leQKi45SF
         r6Nw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w23si5751088oti.18.2020.03.29.15.50.54;
        Sun, 29 Mar 2020 15:51:06 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729057AbgC2Vmj (ORCPT <rfc822;sduhuangshuai@gmail.com>
        + 99 others); Sun, 29 Mar 2020 17:42:39 -0400
Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:41767 "EHLO
        outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1727370AbgC2Vmj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 29 Mar 2020 17:42:39 -0400
Received: from callcc.thunk.org (pool-72-93-95-157.bstnma.fios.verizon.net [72.93.95.157])
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 02TLgFDb018135
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Sun, 29 Mar 2020 17:42:15 -0400
Received: by callcc.thunk.org (Postfix, from userid 15806)
        id E7763420EBA; Sun, 29 Mar 2020 17:42:14 -0400 (EDT)
Date:   Sun, 29 Mar 2020 17:42:14 -0400
From:   "Theodore Y. Ts'o" <tytso@mit.edu>
To:     George Spelvin <lkml@SDF.ORG>
Cc:     David Laight <David.Laight@ACULAB.COM>,
        Dan Williams <dan.j.williams@intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Qian Cai <cai@lca.pw>, Kees Cook <keescook@chromium.org>,
        Michal Hocko <mhocko@suse.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linux MM <linux-mm@kvack.org>
Subject: Re: [RFC PATCH v1 00/52] Audit kernel random number use
Message-ID: <20200329214214.GB768293@mit.edu>
References: <202003281643.02SGhPmY017434@sdf.org>
 <CAPcyv4iagZy5m3FpMrQqyOi=_uCzqh5MjbW+J_xiHU1Z1BmF=g@mail.gmail.com>
 <20200328182817.GE5859@SDF.ORG>
 <98bd30f23b374ccbb61dd46125dc9669@AcuMS.aculab.com>
 <20200329174122.GD4675@SDF.ORG>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200329174122.GD4675@SDF.ORG>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Mar 29, 2020 at 05:41:22PM +0000, George Spelvin wrote:
> > Using xor was particularly stupid.
> > The whole generator was then linear and trivially reversable.
> > Just using addition would have made it much stronger.
> 
> I considered changing it to addition (actually, add pairs and XOR the 
> sums), but that would break its self-test.  And once I'd done that,
> there are much better possibilities.
> 
> Actually, addition doesn't make it *much* stronger.  To start
> with, addition and xor are the same thing at the lsbit, so
> observing 113 lsbits gives you a linear decoding problem.

David,

If anyone is trying to rely on prandom_u32() as being "strong" in any
sense of the word in terms of being reversable by attacker --- they
shouldn't be using prandom_u32().  That's going to be true no matter
*what* algorithm we use.

Better distribution?  Sure.  Making prandom_u32() faster?  Absolutely;
that's its primary Raison d'Etre.

George,

Did you send the full set of patches to a single mailing list?  Or can
you make it available on a git tree somewhere?  I've y seen this
message plus the ext4 related change, and I can't find the full patch
series anywhere.  If you can send the next version such that it's
fully cc'ed to linux-kernel, that would be really helpful.

Thanks!!

						- Ted