Linus Torvalds Unconvinced By getrandom() In The vDSO & Plans To Reject It For Linux 6.11
([Linux Security] 5 Hours Ago
Random In The vDSO)
- Reference: 0001475942
- News link: https://www.phoronix.com/news/Linus-Torvalds-No-Random-vDSO
- Source link:
While there were plans of [1]adding getrandom() in the vDSO with the upcoming Linux 6.11 merge window to speed up user-space random number generation access, Linus Torvalds is unconvinced by the work and intends to reject any pull request with it for Linux 6.11.
This getrandom() work in the vDSO has been through 20+ rounds of review over the past 2+ years, but Linus Torvalds isn't yet content with its design or even the need. Torvalds took some time out of his US Independence Day to argue the merits of the patches on the Linux kernel mailing list.
Torvalds kicked things off by [2]writing :
"Nobody has explained to me what has changed since your last vdso getrandom, and I'm not planning on pulling it unless that fundamental flaw is fixed.
Why is this _so_ critical that it needs a vdso?
Why isn't user space just doing it itself?
What's so magical about this all?
This all seems entirely pointless to me still, because it's optimizing something that nobody seems to care about, adding new VM infrastructure, new magic system calls, yadda yadda.
I was very sceptical last time, and absolutely _nothing_ has changed. Not a peep on why it's now suddenly so hugely important again.
We don't add stuff "just because we can". We need to have a damn good reason for it. And I still don't see the reason, and I haven't seen anybody even trying to explain the reason."
And then he responded to himself [3]adding :
"IOW, I want to see actual *users* piping up and saying "this is a problem, here's my real load that spends 10% of time on getrandom(), and this fixes it".
I'm not AT ALL interested in microbenchmarks or theoretical "if users need high-performance random numbers".
I need a real actual live user that says "I can't just use rdrand and my own chacha mixing on top" and explains why having a SSE2 chachacha in kernel code exposed as a vdso is so critical, and a magical buffer maintained by the kernel."
Torvalds also [4]added in a third message:
"One final note: the reason I'm so negative about this all is that the random number subsystem has such an absolutely _horrendous_ history of two main conflicting issues: people wanting reasonable usable random numbers on one side, and then the people that discuss what the word "entropy" means on the other side.
And honestly, I don't want the kernel stuck even *more* in the middle of that morass. I strongly suspect that one reason why glibc people would want this is the exact same reason: _they_ don't want to be stuck in the same padded room with the crazies _either_, so they love the concept of "somebody else's problem".
So no. I do not think "libc people want this" is an argument at all for the kernel doing it. Quite the reverse. It's a "pass the hot potato" thing. Which is why I really really want those real users standing up and saying "we can't use rdrand and rdtsc and our own mixing"."
After some back-and-forth with Jason Donenfeld as the lead developer of the patches, Torvalds [5]commented :
"Jason. This smells. It's BS.
Christ, let's make a deal: do a five-liner patch that adds the generation number to the vdso data, and basically document it as a "the kernel thinks you need to reseed your buffers using getrandom" flag.
And *if* it turns out in the future that there is then any major reason why that doesn't work, I'll take the 1000+ line thing, ok?
Deal?"
Given Torvalds' comments, it looks like these random vDSO patches will not be picked up for the upcoming Linux 6.11 cycle.
[1] https://www.phoronix.com/news/getrandom-vDSO-RNG-Linux-6.11
[2] https://lore.kernel.org/all/CAHk-=wiGk+1eNy4Vk6QsEgM=Ru3jE40qrDwgq_CSKgqwLgMdRg@mail.gmail.com/
[3] https://lore.kernel.org/all/CAHk-=wgiqw3q_W-B4faLHXgkDMvz-wdUHYuSweg0LJvKuw0qzg@mail.gmail.com/
[4] https://lore.kernel.org/all/CAHk-=whmVf0Wj0FMRJtb9ofKtZ30tQFosQ6fNqO6_uEEYXa1CA@mail.gmail.com/
[5] https://lore.kernel.org/all/CAHk-=wh47WSNQYuSWqdu_8XeRzfpWbozzTDL6KtkGbSmLrWU4g@mail.gmail.com/
This getrandom() work in the vDSO has been through 20+ rounds of review over the past 2+ years, but Linus Torvalds isn't yet content with its design or even the need. Torvalds took some time out of his US Independence Day to argue the merits of the patches on the Linux kernel mailing list.
Torvalds kicked things off by [2]writing :
"Nobody has explained to me what has changed since your last vdso getrandom, and I'm not planning on pulling it unless that fundamental flaw is fixed.
Why is this _so_ critical that it needs a vdso?
Why isn't user space just doing it itself?
What's so magical about this all?
This all seems entirely pointless to me still, because it's optimizing something that nobody seems to care about, adding new VM infrastructure, new magic system calls, yadda yadda.
I was very sceptical last time, and absolutely _nothing_ has changed. Not a peep on why it's now suddenly so hugely important again.
We don't add stuff "just because we can". We need to have a damn good reason for it. And I still don't see the reason, and I haven't seen anybody even trying to explain the reason."
And then he responded to himself [3]adding :
"IOW, I want to see actual *users* piping up and saying "this is a problem, here's my real load that spends 10% of time on getrandom(), and this fixes it".
I'm not AT ALL interested in microbenchmarks or theoretical "if users need high-performance random numbers".
I need a real actual live user that says "I can't just use rdrand and my own chacha mixing on top" and explains why having a SSE2 chachacha in kernel code exposed as a vdso is so critical, and a magical buffer maintained by the kernel."
Torvalds also [4]added in a third message:
"One final note: the reason I'm so negative about this all is that the random number subsystem has such an absolutely _horrendous_ history of two main conflicting issues: people wanting reasonable usable random numbers on one side, and then the people that discuss what the word "entropy" means on the other side.
And honestly, I don't want the kernel stuck even *more* in the middle of that morass. I strongly suspect that one reason why glibc people would want this is the exact same reason: _they_ don't want to be stuck in the same padded room with the crazies _either_, so they love the concept of "somebody else's problem".
So no. I do not think "libc people want this" is an argument at all for the kernel doing it. Quite the reverse. It's a "pass the hot potato" thing. Which is why I really really want those real users standing up and saying "we can't use rdrand and rdtsc and our own mixing"."
After some back-and-forth with Jason Donenfeld as the lead developer of the patches, Torvalds [5]commented :
"Jason. This smells. It's BS.
Christ, let's make a deal: do a five-liner patch that adds the generation number to the vdso data, and basically document it as a "the kernel thinks you need to reseed your buffers using getrandom" flag.
And *if* it turns out in the future that there is then any major reason why that doesn't work, I'll take the 1000+ line thing, ok?
Deal?"
Given Torvalds' comments, it looks like these random vDSO patches will not be picked up for the upcoming Linux 6.11 cycle.
[1] https://www.phoronix.com/news/getrandom-vDSO-RNG-Linux-6.11
[2] https://lore.kernel.org/all/CAHk-=wiGk+1eNy4Vk6QsEgM=Ru3jE40qrDwgq_CSKgqwLgMdRg@mail.gmail.com/
[3] https://lore.kernel.org/all/CAHk-=wgiqw3q_W-B4faLHXgkDMvz-wdUHYuSweg0LJvKuw0qzg@mail.gmail.com/
[4] https://lore.kernel.org/all/CAHk-=whmVf0Wj0FMRJtb9ofKtZ30tQFosQ6fNqO6_uEEYXa1CA@mail.gmail.com/
[5] https://lore.kernel.org/all/CAHk-=wh47WSNQYuSWqdu_8XeRzfpWbozzTDL6KtkGbSmLrWU4g@mail.gmail.com/
pdbecid