svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys

Conrad Meyer cem at freebsd.org
Wed Apr 17 17:30:56 UTC 2019


On Wed, Apr 17, 2019 at 9:06 AM John Baldwin <jhb at freebsd.org> wrote:
>
> On 4/16/19 4:48 PM, Conrad Meyer wrote:
> > Perhaps cryptographically random stack-protector cookies are simply
> > inappropriate for MIPS or RISCV.  Do we have any other examples of
> > kernel random consumers blocking after that immediate hiccup is
> > overcome?
>
> There may be MIPS and RISCV designs that do have suitable entropy available
> (especially I would expect future RISCV designs to have them), so I think
> blacklisting stack protector wholesale on those architectures is overboard.

The difficulty is how early __stack_chk_init runs vs when entropy
might be available.  If some MIPS or RISCV design shows up with a fast
HWRNG source, great!

> I think some sort of off-by-default knob (even a compile option) is fine for
> people who need fast and loose vs safe as you already agreed to earlier.
>
> Also, for development testing we still want coverage of using stack cookies
> on MIPS and RISCV even if the simulator environment gives not-very-strong
> cookie values.

Right.  There's a difference between removing random stack cookies and
removing stack cookies entirely; I agree some benefit remains for
development.

Best,
Conrad


More information about the svn-src-head mailing list