Received: by 10.192.165.148 with SMTP id m20csp1079651imm; Fri, 27 Apr 2018 12:17:30 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpJSz0Q7CqZGhgH1JFRPdvvLm/Q8DtI4Tt2PFUurpAVpZjfmoEu28kTNFwPs3cm7HvzrRAK X-Received: by 2002:a17:902:76c1:: with SMTP id j1-v6mr3313991plt.284.1524856650839; Fri, 27 Apr 2018 12:17:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524856650; cv=none; d=google.com; s=arc-20160816; b=FRP0FE8sNHWiT5+krIBgkoVx3lTH6UjgIyWIq4+hVGj3CKzliyePaqjN2NHga/n2Sy UuQHLijweEm+RCKRu/CLmZpD7N7soxB4DKSO1Vk1S8XaVnWT3tpOxiv3i2J5CBo2zmYp +VgDU8F6y5YghJq37GoTn3OIkK3hMqJzf5nUQh/tZBxfgyRbfuElxevKT6tygBN8rPRN 0qmRrMc2MWky4cX4kPNM0RuZ1/lB5yVUvvPfgGOF2VEOHd70QJmXSheDLBiVAlHp8lHA quP6jRWaw8AzkHJhjjarg2xw8gmCEbyEiILfTlwehoGNtZVRfay/FybVo1kr2gp8G33R 0jZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=RE71r1IdnBMbSvzphw5yuxx5HtO584dLzdcRCym5jwI=; b=vn9vVjex9Gy18rIrfjbJTlYchUx4MphXU6rqdmHX5y94oE35856XGBRDm11RgOK3vw upqtR2sZZfll4xdVKZlSRjLQVsjs4Wh1fbfNconaGGdlgvu+3l4T1T8WrVxX2jFdX/SD rY41ZRNLyLxQGOQTdaT5cB05PmiJCj2X5fHtpzfLt8BXSwvwAjZDmZC0pDk3q5P4+s4B oTSZ7E3LxpcrwQNyKvDP7psRes8r2KH8vF5Pl3eYAIRmQJvVXfojytxoPt/48VfU8knC Gm9Omq/1SepQPwADrlDuIE7dN5n9mjpGXzUd9XqnoaLnzFZXIxUiugQfhSGSlV6d5BtZ abLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=OofPN+DW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t64-v6si1708665pgc.160.2018.04.27.12.17.16; Fri, 27 Apr 2018 12:17:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=OofPN+DW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758796AbeD0TPH (ORCPT + 99 others); Fri, 27 Apr 2018 15:15:07 -0400 Received: from imap.thunk.org ([74.207.234.97]:40080 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758062AbeD0TPC (ORCPT ); Fri, 27 Apr 2018 15:15:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RE71r1IdnBMbSvzphw5yuxx5HtO584dLzdcRCym5jwI=; b=OofPN+DW6T4hUIhxZ2wiKdq7Xp U9Nt8uLeCkoKzRiJoqM8rKKTOZfO5qGaeU9n6GoeVyYWSX4aburSRAf45JNgF3TzeDjKBBTQwwYkK d6znYty7Fq2jDFUs6AispFjQ5hN90WJ8CkLQFYGrONwuRsL6r+DPA26L4X089+lvZhu4=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1fC8pf-0007et-HD; Fri, 27 Apr 2018 19:14:59 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 5DBFF7A0147; Fri, 27 Apr 2018 15:14:58 -0400 (EDT) Date: Fri, 27 Apr 2018 15:14:58 -0400 From: "Theodore Y. Ts'o" To: "Jason A. Donenfeld" Cc: Christian Brauner , Sultan Alsawaf , LKML , Jann Horn Subject: Re: Linux messages full of `random: get_random_u32 called from` Message-ID: <20180427191458.GJ5965@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , "Jason A. Donenfeld" , Christian Brauner , Sultan Alsawaf , LKML , Jann Horn References: <20180426050056.GF18803@thunk.org> <20180426073255.GH18803@thunk.org> <20180426192524.GD5965@thunk.org> <2add15cb-2113-0504-a732-81255ea61bf5@gmail.com> <20180426204748.GA7540@gmail.com> <20180427000013.GH5965@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.5 (2018-04-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 27, 2018 at 05:38:52PM +0200, Jason A. Donenfeld wrote: > > Please correct me if I'm wrong, but my present understanding of this > is that crng readiness used to be broken, meaning people would have a > seeded rng without it actually being seeded. You fixed this bug, and > now people are discovering that they don't have crng readiness during > a late stage of their init, which is breaking all sorts of entirely > reasonable and widely deployed userspaces. I'd say the problem is a combination of some classes of x86 hardware devices (so far I've mainly seen repurposed chromebooks and VM's that don't have virtio-rng enabled) combined with some distributions that could make themselves more amenable to platforms with minimal amounts of entropy available to them during system startup. > Sultan mentioned that his machine actually does trigger large > quantities of interrupts. Is it possible that the entropy gathering > algorithm has some issues, and Sultan's report points to a real bug > here? Considering the crng readiness state hasn't been working until > your recent fix, I suspect the actual entropy gathering code probably > hasn't prompted too many bug reports, until now that is. It's not clear when his machine is triggering the "large quantity of interrupts". Is it during the system startup, or after he's logged into the machine? I suspect what is going on is the Chromebook has been engineered so that when it's idle, it doesn't issue any interrupts at all --- which is a good thing from a power management perspective. So if nothing is actually _querying_ the SD Card reader, it's not generating any interrupts. This is a feature, and not a bug. That being said, a laptop which sends some number of interrupts as it receives, say, WiFi packets, and a system which automatically starts looking for suitable access points as soon as the machine is started gives us timing events which is not easily available to an analyst sitting in Fort Meade, Maryland. In practice, that seems to be much more of the rule and not the exception. However, as laptops try to become much more sparing interrupts to save power, then we either have to (a) be willing to trust hardware random number generators available to the laptop, and/or (b) change userspace to *wait* until after the user has logged in to try to obtain cryptographic-graded randomness. If you think there is an alternative besides those two, I'm all ears... - Ted