On Wed, 2016-05-18 at 14:14 +0200, Daniel Borkmann wrote: > Start address randomization and blinding in BPF currently use > prandom_u32(). prandom_u32() values are not exposed to unpriviledged > user space to my knowledge, but given other kernel facilities such as > ASLR, stack canaries, etc make use of stronger get_random_int(), we > better make use of it here as well given blinding requests successively > new random values. get_random_int() has minimal entropy pool depletion, > is not cryptographically secure, but doesn't need to be for our use > cases here.
Well, if it is not crypto secure, what is the point using it instead of prandom_u32() ? I do not think changing this is fundamentally changing something, it looks like code churn or magic incantation to me. There is little amount of entropy since the hole is constrained by PAGE_SIZE. Have you had any report of an actual attack ? If yes, we seriously need to reconsider this whole schem.
