Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7033770rwb; Wed, 23 Nov 2022 00:52:37 -0800 (PST) X-Google-Smtp-Source: AA0mqf4r3AFUtHzFhPqn+Xs+Bd5ZQVdb3GS9UTJKuIkm6e1PuxhZnoi51r89xw/IpcEhDHQC9tfc X-Received: by 2002:a17:906:d1c7:b0:7ad:fd3e:7762 with SMTP id bs7-20020a170906d1c700b007adfd3e7762mr8447551ejb.717.1669193557533; Wed, 23 Nov 2022 00:52:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669193557; cv=none; d=google.com; s=arc-20160816; b=Ky8HKKqtTaZtzPcA6MazzJrb09nIrp9Pwjy3lbnzvY1ZRiixUrLrrVHjDYlOru7mQC OnlKGg2AGak3Im/PesZHRpftWAJ9gHEBx/T0TIiXvcxtE+lP6+snmMXFkyvUz2nq0lmJ y7VSJ/mpy9aGk4XLv3jsJtoU9HwBADPAetk+RsViVeVVN71Kc2XDhbzjvedCxamG1fjR aa/egW7YNO76jrBfJ3LVenkCv6S5YWh4NQMvgXGZ92eauv0uVuf/2ReFnubojsiR2O09 xUQxsmHF7tY2h9dAXz8mmMZ11oATUxN8QNx+8rdwog5KZT3x/RGH0zClm7XauIZBlAPT xJzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=vE++5vLwb67DahKEwL1NXxuRxUTeETw1sq0DG9JKnPs=; b=nvva3SBXKsTEreXd6JvBJFCg4C7twQ86F1pxK9E6dn17Y2TU0XjSQXhLm8a5yBSuoo Ub7h66Wh1sbK9BZzIFi+qChikSh3Myb4fWO56FGUeP4T8ERoqONdqBJMyR3/durtRosG hvchCE1+9cXddhNvGsT9IRWRSmPgISACaGayf6gPpeaReS2p1rEiap4mMFhXE0T5jeoq QU9QHdMPxlRrtjEP+hGQTHxjnK9cROsm5i2mcrgz6R5Z+9imsWeYucQRNP/ksEKBme9P ak3D44ABhI4prGZwqruQ/cQZ/EUk4vqyLc+GRWuPmRkn0eMBIRVK1mXOIdvPYG1bdCPM CT/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b="eDPSn7/6"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qw17-20020a1709066a1100b007ae6ba5f344si11382474ejc.53.2022.11.23.00.52.06; Wed, 23 Nov 2022 00:52:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b="eDPSn7/6"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236678AbiKWIvM (ORCPT + 99 others); Wed, 23 Nov 2022 03:51:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236572AbiKWIvK (ORCPT ); Wed, 23 Nov 2022 03:51:10 -0500 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A5A4F2C07 for ; Wed, 23 Nov 2022 00:51:08 -0800 (PST) Received: by mail-lj1-x235.google.com with SMTP id u2so20636725ljl.3 for ; Wed, 23 Nov 2022 00:51:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=vE++5vLwb67DahKEwL1NXxuRxUTeETw1sq0DG9JKnPs=; b=eDPSn7/6kb1CMEWfq46VqkmkHK/vBYGMlzLNxKGhcHC96gnEGPfsDj2hRC3D3+0K/K nEe7kVfSMcDnBMpcslsPmZD7sycWxZurDwfbzuNXkZsvnUyFZd8egtiOWOewnIuGrSX1 CwSlY6i3mfcQCE1BONVmlepyH/mlLpEdIIogM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vE++5vLwb67DahKEwL1NXxuRxUTeETw1sq0DG9JKnPs=; b=UYecUfulo45joejPuGz7eB06yLrI7DTa10JjswS1miyFCXNkCXW7F1TJWT+pch9+Wk Riaqn16TWDltAmCbw8zSToa3Ed8MDGfGq3iQXeNo1l88iS+bOKmZDLWkda3APG4zmxmf DtKlyXduSs85RoBr/mLjbzTPghsxQcbRxrgzh/Duia4Zo8JXkVrUxScO4Iwyk4O+/L4m t0uhbFDAEqKJN3iBgi1fvp5uNenjkmmpYPoxF7Irj2x742rKioQTEafuPKbvd3zrQmUq fElHfRai33Z4WgZ+dxsYHee6Q3dU6np8nOyjKZzED+1j+tbTZa8jg0hI5zNODKmGI0uf Yqzw== X-Gm-Message-State: ANoB5pkhRQfiLW1+9tKVK2qgx14zMRBfoMOZ3MLxd06YHPN4Lo914Dh/ 4aoKXVFfhRGjRtTHYxw49fz85A== X-Received: by 2002:a2e:9117:0:b0:279:4f30:da0f with SMTP id m23-20020a2e9117000000b002794f30da0fmr3713652ljg.366.1669193466652; Wed, 23 Nov 2022 00:51:06 -0800 (PST) Received: from [172.16.11.74] ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id l7-20020a2e7007000000b0027776efa48csm2134522ljc.91.2022.11.23.00.51.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 23 Nov 2022 00:51:05 -0800 (PST) Message-ID: <842fd97b-c958-7b0d-2c77-6927c7ab4d72@rasmusvillemoes.dk> Date: Wed, 23 Nov 2022 09:51:04 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Subject: Re: [PATCH v6 2/3] random: introduce generic vDSO getrandom() implementation Content-Language: en-US, da To: "Jason A. Donenfeld" , linux-kernel@vger.kernel.org, patches@lists.linux.dev, tglx@linutronix.de Cc: linux-crypto@vger.kernel.org, x86@kernel.org, Greg Kroah-Hartman , Adhemerval Zanella Netto , Carlos O'Donell , Linux API References: <20221121152909.3414096-1-Jason@zx2c4.com> <20221121152909.3414096-3-Jason@zx2c4.com> From: Rasmus Villemoes In-Reply-To: <20221121152909.3414096-3-Jason@zx2c4.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 21/11/2022 16.29, Jason A. Donenfeld wrote: Cc += linux-api > > if (!new_block) > goto out; > new_cap = grnd_allocator.cap + num; > new_states = reallocarray(grnd_allocator.states, new_cap, sizeof(*grnd_allocator.states)); > if (!new_states) { > munmap(new_block, num * size_per_each); Hm. This does leak an implementation detail of vgetrandom_alloc(), namely that it is based on mmap() of that size rounded up to page size. Do we want to commit to this being the proper way of disposing of a succesful vgetrandom_alloc(), or should there also be a vgetrandom_free(void *states, long num, long size_per_each)? And if so, what color should the bikeshed really have. I.e., - does it need to take that size_per_each parameter which the kernel knows - should it rather take the product so it can for now be a simple alias for munmap - should it also have a flags argument just because that's what all well-behaving syscalls have these days... Also, should vgetrandom_alloc() take a void *hint argument that would/could be passed through to mmap() to give userspace some control over where the memory is located - possibly only in the future, i.e. insist on it being NULL for now, but it could open the possibility for adding e.g. VGRND_MAP_FIXED[_NOREPLACE] that would translate to the corresponding MAP_ flags. Rasmus