Date: Wed, 17 Apr 2019 10:30:38 -0700 From: Conrad Meyer <cem@freebsd.org> To: John Baldwin <jhb@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys Message-ID: <CAG6CVpWV_tSmmKaRxSpzNJtrGOaY03ha6yxX%2Bqze9_1uq8D%2B5Q@mail.gmail.com> In-Reply-To: <48b25255-3d66-69fc-658b-6176ebaf4640@FreeBSD.org> References: <201904162251.x3GMp2aF097103@gndrsh.dnsmgr.net> <4d6b8a14-b053-9ed1-14b2-bbc359ac9413@FreeBSD.org> <CAG6CVpUskcW9KBPOhevYNQ9fTDd91Rvh2N50Y1xHubSp7JFE4Q@mail.gmail.com> <48b25255-3d66-69fc-658b-6176ebaf4640@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 17, 2019 at 9:06 AM John Baldwin <jhb@freebsd.org> wrote: > > On 4/16/19 4:48 PM, Conrad Meyer wrote: > > Perhaps cryptographically random stack-protector cookies are simply > > inappropriate for MIPS or RISCV. Do we have any other examples of > > kernel random consumers blocking after that immediate hiccup is > > overcome? > > There may be MIPS and RISCV designs that do have suitable entropy available > (especially I would expect future RISCV designs to have them), so I think > blacklisting stack protector wholesale on those architectures is overboard. The difficulty is how early __stack_chk_init runs vs when entropy might be available. If some MIPS or RISCV design shows up with a fast HWRNG source, great! > I think some sort of off-by-default knob (even a compile option) is fine for > people who need fast and loose vs safe as you already agreed to earlier. > > Also, for development testing we still want coverage of using stack cookies > on MIPS and RISCV even if the simulator environment gives not-very-strong > cookie values. Right. There's a difference between removing random stack cookies and removing stack cookies entirely; I agree some benefit remains for development. Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpWV_tSmmKaRxSpzNJtrGOaY03ha6yxX%2Bqze9_1uq8D%2B5Q>