Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp9001977rwl;
        Tue, 10 Jan 2023 23:32:11 -0800 (PST)
X-Google-Smtp-Source: AMrXdXs8+zl0RRMts36fG1fg4qo3ErgeMMLuwHhDa6A5jNMU3IKa5OQ0RLBJV0JB9g4i784/QAkq
X-Received: by 2002:a05:6a20:2905:b0:b6:4fb2:9afa with SMTP id t5-20020a056a20290500b000b64fb29afamr678426pzf.28.1673422331561;
        Tue, 10 Jan 2023 23:32:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673422331; cv=none;
        d=google.com; s=arc-20160816;
        b=qnWvnjpzFMHEDPu6TWgWwsj/gN/VcI1JxNJtkDP3HCRmR4BOwPEjNM0GKO5kGnTiK0
         grZ3mtrr8/Tmf4mxpLGZ+Z7n9Yy2B+2ZAruRQTp767jbbJCjKEL6aajwPXiJyz0tJV12
         7+8KAc9cyJ0sr6ZQkFOgqhyRl+TLv+5I0AibFeuGYpbjx7+3lz0m3wpQkyPxJHvQxrgy
         Bj+7zorRoBIcTTbEFQEBJ9NXzOqfVyi6Tv2GdGEa1inYbTVgxvP2oHnEFUQTgyZ7NfHX
         JtAAT+sdUK0Td6ZNadx9DUuSyeLHcsJ9jlEYOPioqGrnrL3Ix5tYuDbjilo7cposUvqN
         +vEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=6jalbk7RBukTyYQZAPG4wS6EDCBmdS71SRsgCDOnDEo=;
        b=A9Gdhpv03RaSNQK/d3cOE9RHcrUwN0CZwZtG/uhPsA7H6b29CnajMVh84j1NrT5wsV
         YYTVzalaa2AP8afdkGv4OgNCTPq9ZMblVOcCN908kxT2tlCXXU0chqBhLcGJGgLVdrST
         ZhKnNhfyE7DbKzynE1CSRtNjHvqw0IVaw+3KFNdYA3ndPSfy5C6/+PwIZi9BBRR6s4Hn
         XX6IEViHXQ9UAadFcFXS0TIaj82jr3BQ5eqhtBD3Lyv6oKJdPIeMeZZ0tG5H0HLwdfMb
         VxHaO93gFwVLtZBIZZ7FXDdYMOzzvXTuYVHbo6jvMsZY7jsWrHiQrp6VKzj95b7NWl9M
         4OPQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="dxD1oUY/";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id y24-20020a634958000000b004790510bfe5si13456531pgk.692.2023.01.10.23.31.50;
        Tue, 10 Jan 2023 23:32:11 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="dxD1oUY/";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232010AbjAKH10 (ORCPT <rfc822;vik.reck@gmail.com> + 99 others);
        Wed, 11 Jan 2023 02:27:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40500 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231644AbjAKH1Z (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 11 Jan 2023 02:27:25 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26569103;
        Tue, 10 Jan 2023 23:27:24 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 9364C61A36;
        Wed, 11 Jan 2023 07:27:23 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 71144C433EF;
        Wed, 11 Jan 2023 07:27:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1673422043;
        bh=UNsE1Sfj5VIoaJ3hwnzx1FJI4j5UgDzN3GkA3q+AUVs=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=dxD1oUY/RiJXEOCbw6ek4gNpqHM0mBLH6ylbuGTsQAmrEb31BsclPpX+2w001z2pN
         wUn2V4BtVR/nBTABTB5MnBq06fXVLWWfWRrD0RIISkXhqA5EOFB1nTdr5j5bRpUP3f
         ZxIKCi4iBi5pmrl0OWhPYkSqWrgS8L44gJpC1UDmdu4s/T6YO1bkVqdB2GTAK1Bcod
         VSVPPxRe8wziAVI8YJRZZtr6lhVzI7fDpKtki8x8Swdnsl3VwZimXrvodTZCDZlrM9
         NHE74X7+o/MQvCYmP1ytwFRCo8LJMBdxHdGiwm1G9qPq8jL925wbDD5CKFYMhW4uaX
         0kJUFhw7jl+Qw==
Date:   Tue, 10 Jan 2023 23:27:20 -0800
From:   Eric Biggers <ebiggers@kernel.org>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Florian Weimer <fweimer@redhat.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Andy Lutomirski <luto@kernel.org>,
        Ingo Molnar <mingo@kernel.org>, linux-kernel@vger.kernel.org,
        patches@lists.linux.dev, tglx@linutronix.de,
        linux-crypto@vger.kernel.org, linux-api@vger.kernel.org,
        x86@kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
        Carlos O'Donell <carlos@redhat.com>,
        Arnd Bergmann <arnd@arndb.de>, Jann Horn <jannh@google.com>,
        Christian Brauner <brauner@kernel.org>, linux-mm@kvack.org,
        mlichvar@redhat.com
Subject: Re: [PATCH v14 2/7] mm: add VM_DROPPABLE for designating always
 lazily freeable mappings
Message-ID: <Y75k2KaDz2WdcXLk@sol.localdomain>
References: <20230101162910.710293-1-Jason@zx2c4.com>
 <20230101162910.710293-3-Jason@zx2c4.com>
 <Y7QIg/hAIk7eZE42@gmail.com>
 <CALCETrWdw5kxrtr4M7AkKYDOJEE1cU1wENWgmgOxn0rEJz4y3w@mail.gmail.com>
 <CAHk-=wg_6Uhkjy12Vq_hN6rQqGRP2nE15rkgiAo6Qay5aOeigg@mail.gmail.com>
 <Y7SDgtXayQCy6xT6@zx2c4.com>
 <CAHk-=whQdWFw+0eGttxsWBHZg1+uh=0MhxXYtvJGX4t9P1MgNw@mail.gmail.com>
 <874jt0kndq.fsf@oldenburg.str.redhat.com>
 <CAHk-=wg7vMC2VmSBdVw7EKV+7UDiftQEg3L+3Rc0rcjjfsvs5A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHk-=wg7vMC2VmSBdVw7EKV+7UDiftQEg3L+3Rc0rcjjfsvs5A@mail.gmail.com>
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Mon, Jan 09, 2023 at 08:28:58AM -0600, Linus Torvalds wrote:
> On Mon, Jan 9, 2023 at 4:34 AM Florian Weimer <fweimer@redhat.com> wrote:
> >
> > We did these changes on the glibc side because Jason sounded very
> > confident that he's able to deliver vDSO acceleration for getrandom.  If
> > that fails to materialize, we'll just have to add back userspace
> > buffering in glibc.
> 
> My whole argument has been that user-space buffering is the sane thing
> to do. Most definitely for something like glibc.
> 
> The number of people who go "oh, no, my buffer or randomness could be
> exposed by insert-odd-situation-here" is approximately zero, and then
> the onus should be on *them* to do something special.
> 
> Because *they* are special. Precious little snowflake special.
> 
>              Linus

How would userspace decide when to reseed its CRNGs, then?

IMO, the main benefit of the VDSO getrandom over a traditional userspace CRNG is
that it makes reseeds of the kernel's CRNG take effect immediately.  See the
cover letter, where Jason explains this.

It's definitely important to make the memory used by userspace CRNGs have
appropriate semantics, but my understanding is that's not the main point.

- Eric