Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp12296138rwl; Tue, 3 Jan 2023 12:03:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXtOAkq1rTh9XuTCyobIepSKgTPKUWNyYVSsr53a6yWztwRWkT0fxHhIyaJuQSJ4Fhp61amo X-Received: by 2002:a17:902:da86:b0:191:1987:9f69 with SMTP id j6-20020a170902da8600b0019119879f69mr66546566plx.35.1672776193744; Tue, 03 Jan 2023 12:03:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672776193; cv=none; d=google.com; s=arc-20160816; b=T5ghnJYv4O3g7hnWGobrj/w2HEYgPYS7ftABpZCBLgddQblOkIEQw2SOe6bqTapEMi 1dBC5cgWxzZCYxzgfbKvEUPWTRfDeqRInh1MVdKyCR1dA1uXRFMvzoqk5w/jTQzN61QF wg1J71LvySCtNmyBSQ7T6hf7KbW0gEtRoZDx+SxXefK9ZvmrMl28wdWz57aZPMxcMPkd n8MoGUEw8l0cIq53MEypBAjMNgcRTMhgEtRAWBO+VKzefgpP0QIRZ22nqUNOulL9GoAW BPoVkZo+OT0+rBEwIy1uB349KDYyn5Tb95MYxKnlCTchNMEE4jilLvyPMuA/Gz3Tt1TU BdDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=2Xug8HsBhB4vw61CYQrO6p56II484h234IA/MNnX9p8=; b=R3tKtx5XiGOlFxZwmaY1uZTi2a8LKXk8Kd3vQ7sUP8Bi9tXTV8wVybeNuqHjzToTpL zLvySQHXWmtW0eFKi6fLvQq+obwpNEyWYo7pE+5OsnNfioeEi6syNV0dSUhKEmWciZpA K2RsaDwTIo7CTlfn4WPodnypE5r94qe/s1p45dQOcEr9PXr3k3tUnGC9GqfmCYXGGZA9 kKRj2JTiMvODMRj3TtMZIZ34blA3pPQV54mquFoAR4k52FpYI0cV2GX8uDsAvN4u6/pz yO+rSP2cd6IK1MVib9/akf6Rc0LfqIYwoKF3xCAhsHT4311Kme5Ktern16sw/lQiyUBD k8ow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=EbYiDfIy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s5-20020a17090302c500b00192d567293asi4191687plk.447.2023.01.03.12.02.59; Tue, 03 Jan 2023 12:03:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=EbYiDfIy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231158AbjACUC5 (ORCPT + 99 others); Tue, 3 Jan 2023 15:02:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230488AbjACUCz (ORCPT ); Tue, 3 Jan 2023 15:02:55 -0500 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97D7D6244 for ; Tue, 3 Jan 2023 12:02:54 -0800 (PST) Received: by mail-oi1-x22d.google.com with SMTP id n8so21197841oih.0 for ; Tue, 03 Jan 2023 12:02:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2Xug8HsBhB4vw61CYQrO6p56II484h234IA/MNnX9p8=; b=EbYiDfIyp249xUh5FwvkVnPr7aBXtVFVGZSFtl9pIKq68SODoEw8kZPQnYL8sXX69z F8E5UHAWixIJOtaSy7hFVhbt6eKa4sXCG4zalB7Ox/hGl++YbRVBW/YzL9Wjbkm4SzAX YQKeVGr58BgkVk4yWdEMW4R74YCb6drskvcyg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2Xug8HsBhB4vw61CYQrO6p56II484h234IA/MNnX9p8=; b=EOg5c7T5JYa9EH5npLGYfba5g0V5d7TBAVxaF3LuyQWHcr19M60JlmAybd/L/YzG5k 0WeitchtYkDI+gVL1t+z/El7guMvudrU+W2d/FqnZ9CKzGbLmvNWimwiJqvRAaDOxI9h nJak+MkiuPkIh0d/xiE2viL6aMilSw+UR9NapQ26xJ5SP6svaIAJDfT41QazJF/rnmyL UnIH6xBB8yo6WbKLhSVy9odAQz2ngfJcVsBpADEJ0KGSgrBUjY8CuiA7dGh/x8B4xeY3 kzJPyZ2UuqyR4cTnxDWjuhOmHKDUqdSzVHhvNMxt3nOm3j2uoDnDdyc/R9RIqQliwr8s T5MQ== X-Gm-Message-State: AFqh2krgQA1M58af/c2Fgy52CdyE9bHdmCeDdwbTxek0fa1lE8NiSorK fDqAGtCNUcgtckHtYVvW4RslXGkvyHMob3e7 X-Received: by 2002:a05:6808:10c3:b0:359:a360:fc4a with SMTP id s3-20020a05680810c300b00359a360fc4amr27684794ois.0.1672776173677; Tue, 03 Jan 2023 12:02:53 -0800 (PST) Received: from mail-qt1-f182.google.com (mail-qt1-f182.google.com. [209.85.160.182]) by smtp.gmail.com with ESMTPSA id bk15-20020a05620a1a0f00b006ce580c2663sm22527712qkb.35.2023.01.03.12.02.53 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 03 Jan 2023 12:02:53 -0800 (PST) Received: by mail-qt1-f182.google.com with SMTP id h21so25397884qta.12 for ; Tue, 03 Jan 2023 12:02:53 -0800 (PST) X-Received: by 2002:ac8:4913:0:b0:3ab:88cb:97cb with SMTP id e19-20020ac84913000000b003ab88cb97cbmr986538qtq.436.1672775691842; Tue, 03 Jan 2023 11:54:51 -0800 (PST) MIME-Version: 1.0 References: <20230101162910.710293-1-Jason@zx2c4.com> <20230101162910.710293-3-Jason@zx2c4.com> In-Reply-To: From: Linus Torvalds Date: Tue, 3 Jan 2023 11:54:35 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v14 2/7] mm: add VM_DROPPABLE for designating always lazily freeable mappings To: "Jason A. Donenfeld" Cc: Andy Lutomirski , Ingo Molnar , linux-kernel@vger.kernel.org, patches@lists.linux.dev, tglx@linutronix.de, linux-crypto@vger.kernel.org, linux-api@vger.kernel.org, x86@kernel.org, Greg Kroah-Hartman , Adhemerval Zanella Netto , "Carlos O'Donell" , Florian Weimer , Arnd Bergmann , Jann Horn , Christian Brauner , linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jan 3, 2023 at 11:35 AM Jason A. Donenfeld wrote: > > I don't think this is about micro-optimization. Rather, userspace RNGs > aren't really possible in a safe way at the moment. "Bah, humbug", to quote a modern-time philosopher. It's humbug simply because it makes two assumptions that aren't even valid: (a) that you have to do it in user space in the first place (b) that you care about the particular semantics that you are looking for The thing is, you can just do getrandom(). It's what people already do. Problem solved. The system call interface just isn't that expensive. Sure, the various spectre mitigations have screwed us over in a big way on various hardware, but even with that in mind system calls aren't some kind of insurmountable hazard. There are absolutely tons of system calls that are way more performance-critical than getrandom() has ever been. So 99% of the time, the solution really is just "getrandom()", generally with the usual buffering ("read more than you need, so that you don't do it all the time").\ Which is not at all different from all the other system calls like "read()" and friends. And that's entirely ignoring the fact that something like "read()" basically *has* to be a system call, because there are no alternatives (ok, mmap, but that's actually much slower, unless you're in it for the reuse-and/or-sparse-use situation). With random numbers, you have tons of other alternatives, including just hardware giving you the random numbers almost for free and you just using your own rng in user space entirely. And yes, some users might want to do things like periodic re-seeding, but we actually do have fast ways to check for periodic events in user space, ranging from entirely non-kernel things like rdtsc to actual vdso's for gettimeofday(). So when you say that this isn't about micro-optimizations, I really say "humbug". It's *clearly* about micro-optimization of an area that very few people care about, since the alternative is just our existing "getrandom()" that is not at all horribly slow. Let me guess: the people you talked to who were excited about this are mainly just library people? And they are excited about this not because they actually need the random numbers themselves, but because they just don't want to do the work. They want to get nice benchmark numbers, and push the onus of complexity onto somebody else? Because the people who actually *use* the random numbers and are *so* performance-critical about them already have their own per-thread buffers or what-not, and need to have them anyway because they write real applications that possibly work on other systems than Linux, but that *definitely* work on enterprise systems that won't even have this kind of new support for another several years even if we implemented it today. In fact, they probably are people inside of cloud vendors that are still running 4.x kernels on a large portion of their machines. Linus