From owner-svn-src-head@freebsd.org  Tue Sep  3 14:07:16 2019
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 84367DD32A;
 Tue,  3 Sep 2019 14:07:01 +0000 (UTC)
 (envelope-from yuripv@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46N8050qhsz4Q96;
 Tue,  3 Sep 2019 14:07:01 +0000 (UTC)
 (envelope-from yuripv@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 1452)
 id 26EC51AF82; Tue,  3 Sep 2019 14:06:26 +0000 (UTC)
X-Original-To: yuripv@localmail.freebsd.org
Delivered-To: yuripv@localmail.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mx1.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by freefall.freebsd.org (Postfix) with ESMTPS id EADD214544;
 Wed, 17 Apr 2019 17:30:59 +0000 (UTC)
 (envelope-from owner-src-committers@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 86FE48A332;
 Wed, 17 Apr 2019 17:30:59 +0000 (UTC)
 (envelope-from owner-src-committers@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 538)
 id 0FB16144E5; Wed, 17 Apr 2019 17:30:59 +0000 (UTC)
Delivered-To: src-committers@localmail.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mx1.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by freefall.freebsd.org (Postfix) with ESMTPS id D1968144D9;
 Wed, 17 Apr 2019 17:30:55 +0000 (UTC)
 (envelope-from cse.cem@gmail.com)
Received: from mail-it1-f169.google.com (mail-it1-f169.google.com
 [209.85.166.169])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 92FB68A311;
 Wed, 17 Apr 2019 17:30:55 +0000 (UTC)
 (envelope-from cse.cem@gmail.com)
Received: by mail-it1-f169.google.com with SMTP id f22so5686793ita.3;
 Wed, 17 Apr 2019 10:30:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
 :from:date:message-id:subject:to:cc;
 bh=jqZvV7uXjg9GSxh31V27bRdpI0JW3VVN1ga39jurcII=;
 b=U30HBo3k798EXetekclTI5JSENg3WkMWobZZQ06tdrzgyVZtywaH30OcBu2mwCPvNw
 hse0oilMC0emjI3jlVJ9LYlx0Js38JyRQtM+jjoQUHNrRlZP1LS1qoujM3FCL5Fcw15F
 3B9N9BsSTNKU/8gVu4kNHC4uS5tDYRgfLrcZSvmByV51oOnMTD44NiWvquznucBtZI/U
 bD3rRJKGJ5q/VoBoCWQn9UklhBNyD0ssaUB7st/u8AzCgRQryHFMU6m1WiKcmB4Xp2uu
 TmDgNUj9Oyt1d322WeVu7ZdEOksoRZgxu0//5EiOIuo9cblJr7DVRwtiMmHAHCamRZUF
 16nQ==
X-Gm-Message-State: APjAAAXxi8nszGK0lTl1vDXhL1srMCahfAA/+bV5uUJ+vNsWdCoZ5W+z
 Rrrr7nBHZPjNQJGephH7mcF4GITU
X-Google-Smtp-Source: APXvYqyD8Mw4Q2czp1UMpLpq4EQv1zklhnlXzrp1CCFUBNV/uXNnIACLV/Suv9H6pPe6RR89DNi8eA==
X-Received: by 2002:a24:5447:: with SMTP id t68mr797920ita.28.1555522249319;
 Wed, 17 Apr 2019 10:30:49 -0700 (PDT)
Received: from mail-io1-f50.google.com (mail-io1-f50.google.com.
 [209.85.166.50])
 by smtp.gmail.com with ESMTPSA id b17sm21469444ion.0.2019.04.17.10.30.49
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 17 Apr 2019 10:30:49 -0700 (PDT)
Received: by mail-io1-f50.google.com with SMTP id v4so21283220ioj.5;
 Wed, 17 Apr 2019 10:30:49 -0700 (PDT)
X-Received: by 2002:a6b:691a:: with SMTP id e26mr31309579ioc.124.1555522249032; 
 Wed, 17 Apr 2019 10:30:49 -0700 (PDT)
MIME-Version: 1.0
References: <201904162251.x3GMp2aF097103@gndrsh.dnsmgr.net>
 <4d6b8a14-b053-9ed1-14b2-bbc359ac9413@FreeBSD.org>
 <CAG6CVpUskcW9KBPOhevYNQ9fTDd91Rvh2N50Y1xHubSp7JFE4Q@mail.gmail.com>
 <48b25255-3d66-69fc-658b-6176ebaf4640@FreeBSD.org>
In-Reply-To: <48b25255-3d66-69fc-658b-6176ebaf4640@FreeBSD.org>
Reply-To: cem@freebsd.org
From: Conrad Meyer <cem@freebsd.org>
X-Gmail-Original-Message-ID: <CAG6CVpWV_tSmmKaRxSpzNJtrGOaY03ha6yxX+qze9_1uq8D+5Q@mail.gmail.com>
Message-ID: <CAG6CVpWV_tSmmKaRxSpzNJtrGOaY03ha6yxX+qze9_1uq8D+5Q@mail.gmail.com>
Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9
 sys/dev/random sys/kern sys/libkern sys/sys
To: John Baldwin <jhb@freebsd.org>
Cc: src-committers <src-committers@freebsd.org>,
 svn-src-all <svn-src-all@freebsd.org>, 
 svn-src-head <svn-src-head@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
X-Loop: FreeBSD.org
Sender: owner-src-committers@freebsd.org
X-Rspamd-Queue-Id: 86FE48A332
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.98 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.98)[-0.981,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]
Status: O
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
Date: Tue, 03 Sep 2019 14:07:16 -0000
X-Original-Date: Wed, 17 Apr 2019 10:30:38 -0700
X-List-Received-Date: Tue, 03 Sep 2019 14:07:16 -0000

On Wed, Apr 17, 2019 at 9:06 AM John Baldwin <jhb@freebsd.org> wrote:
>
> On 4/16/19 4:48 PM, Conrad Meyer wrote:
> > Perhaps cryptographically random stack-protector cookies are simply
> > inappropriate for MIPS or RISCV.  Do we have any other examples of
> > kernel random consumers blocking after that immediate hiccup is
> > overcome?
>
> There may be MIPS and RISCV designs that do have suitable entropy available
> (especially I would expect future RISCV designs to have them), so I think
> blacklisting stack protector wholesale on those architectures is overboard.

The difficulty is how early __stack_chk_init runs vs when entropy
might be available.  If some MIPS or RISCV design shows up with a fast
HWRNG source, great!

> I think some sort of off-by-default knob (even a compile option) is fine for
> people who need fast and loose vs safe as you already agreed to earlier.
>
> Also, for development testing we still want coverage of using stack cookies
> on MIPS and RISCV even if the simulator environment gives not-very-strong
> cookie values.

Right.  There's a difference between removing random stack cookies and
removing stack cookies entirely; I agree some benefit remains for
development.

Best,
Conrad