On Sun, Mar 29, 2020 at 03:01:36PM +0000, Bernard Metzler wrote: > -----"George Spelvin" <lkml@xxxxxxx> wrote: ----- >> Subject: [EXTERNAL] [RFC PATCH v1 42/50] drivers/ininiband: Use get_random_u32() >> >> There's no need to get_random_bytes() into a temporary buffer. >> >> This is not a no-brainer change; get_random_u32() has slightly weaker >> security guarantees, but code like this is the classic example of when >> it's appropriate: the random value is stored in the kernel for as long >> as it's valuable. >> >> TODO: Could any of the call sites be further weakened to prandom_u32()? >> If we're randomizing to avoid collisions with a *cooperating* (as opposed >> to malicious) partner, we don't need cryptographic strength. >> >> Signed-off-by: George Spelvin <lkml@xxxxxxx> >> Cc: Doug Ledford <dledford@xxxxxxxxxx> >> Cc: Jason Gunthorpe <jgg@xxxxxxxxxxxx> >> Cc: linux-rdma@xxxxxxxxxxxxxxx >> Cc: Faisal Latif <faisal.latif@xxxxxxxxx> >> Cc: Shiraz Saleem <shiraz.saleem@xxxxxxxxx> >> Cc: Bart Van Assche <bvanassche@xxxxxxx> >> Cc: Bernard Metzler <bmt@xxxxxxxxxxxxxx> >> diff --git a/drivers/infiniband/sw/siw/siw_verbs.c >> b/drivers/infiniband/sw/siw/siw_verbs.c >> index 5fd6d6499b3d7..42f3ced4ca7c7 100644 >> --- a/drivers/infiniband/sw/siw/siw_verbs.c >> +++ b/drivers/infiniband/sw/siw/siw_verbs.c >> @@ -1139,7 +1139,7 @@ int siw_create_cq(struct ib_cq *base_cq, const >> struct ib_cq_init_attr *attr, >> rv = -ENOMEM; >> goto err_out; >> } >> - get_random_bytes(&cq->id, 4); >> + cq->id = get_random_u32(); >> siw_dbg(base_cq->device, "new CQ [%u]\n", cq->id); >> >> spin_lock_init(&cq->lock); > Speaking for the siw driver only, these two changes are looking > good to me. What is needed is a pseudo-random number, not > to easy to guess for the application. get_random_u32() provides that. > > Thanks! > > Reviewed-by: Bernard Metzler <bmt@xxxxxxxxxxxxxx> Just so you know, get_random_u32() is still crypto-strength: it is unguessable even to a resourceful attacker with access to large amounts of other get_random_u32() output. prandom_u32() is much cheaper, but although well seeded and distributed (so equally resistant to accidental collisions), *is* guessable if someone really wants to work at it. Many intra-machine networks (like infiniband) are specifically not designed to be robust in the face of malicious actors on the network. A random transaction ID is sent in the clear, and a malicious actor wanting to interfere could simply copy it. In such cases, there's no need for crypto-grade numbers, because the network already assumes that nobody's actively trying to create collisions. You seem to be saying that the siw driver could use prandom_u32().
