Received: by 10.192.165.148 with SMTP id m20csp4836278imm; Tue, 1 May 2018 04:53:17 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqcOaqOCKjcXuoiZU22uXpp33GXNa3/YC0YI/C3uuvDRWlGUqCuxxD/ibMnsd9EeQd0dvqZ X-Received: by 2002:a63:a60a:: with SMTP id t10-v6mr12954444pge.357.1525175597284; Tue, 01 May 2018 04:53:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525175597; cv=none; d=google.com; s=arc-20160816; b=s+3PTDLEViTXSzKrk97Jwx6fw/hjtXF9RuL9bLHgmpPrgndTmVglxqQosERfHvu8tu +sUYLRj9l0K0ONpWa61HmJG3kBglWV9OGC2yQXgOO8TCmfugDnnwpunCmav9wYrdZkfi GvajWLP/fg4e3PQtTRdFkZHkyYMxNW2mWV3jeNCl5Ynup0yRa3fWdmSKP3x2S7U/sCer WhYZE0p3xSxmBPkNRv5QRpaF4h2JuIbR26iiBPYMt0ybTOoebsAdnElRFqbhEAXim1RP Qh5Wvf00YAwzmQzoRCeXcFfUDg+PCCIqz/1SNx6hoS1jVctGBBBiWjoIg/CfIk7IW/SW 11+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=OW8Y5luhyVUG94ZwYTKHuA6RL9/9XM9STMvERw13FvU=; b=xx4a8IQdXWfQhqF+8tz3Gxfsml/eRqA3vGNjgwVwTv0tMCmYlrbTpdi/AhnFSJ9lOi kiGyDptU3UF7Uro9ruRDs0BjtiElb4LS4Eh9MgQf0CMxdHjwpEOYevS5OoZKa6mduqp4 kZqxniMAmqXIq/o4xnm9zeMuu+Uho0zhVk0vXx76TN2REOifZao8w2J64CTSq2+ueeY5 10Q+MD2qfqHieLLHZjLZYaZLY7Hcr2XJkLg6Yk+rt7x0AKgCZrLJ3+ln10eNYyEf749V zAcxISp9JxuX29rCzbhtxp0s9mkU/wVNyZtXjWZaBt6dGGHscdJOaRXqmedXWYNGAsPS 3b2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxtx.org header.s=google header.b=as3r2bS6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w5-v6si7689843pgt.68.2018.05.01.04.53.02; Tue, 01 May 2018 04:53:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxtx.org header.s=google header.b=as3r2bS6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754862AbeEALwu (ORCPT + 99 others); Tue, 1 May 2018 07:52:50 -0400 Received: from mail-io0-f182.google.com ([209.85.223.182]:33058 "EHLO mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754662AbeEALws (ORCPT ); Tue, 1 May 2018 07:52:48 -0400 Received: by mail-io0-f182.google.com with SMTP id e78-v6so13427354iod.0 for ; Tue, 01 May 2018 04:52:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxtx.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OW8Y5luhyVUG94ZwYTKHuA6RL9/9XM9STMvERw13FvU=; b=as3r2bS6R4QIRDkwKQaNy3QV8VhATuHLFErwrTbZV2nUekLeE75xiCx/FfwSesXfVz 0UuPHqHn4p8g19W2w+alHhxHS+qW69OIOEF69R3MEJVq8RTErSlNDTw7XD0XQ50aO/yx 1+HpJg1eackXoaTzcJmpppOLqvuawX8A1QIgw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OW8Y5luhyVUG94ZwYTKHuA6RL9/9XM9STMvERw13FvU=; b=Izo8+wlN8G6P2aXTYFU9VdXQqei6ntKYlQ5Vcx17yWiibEjvE2JOQrSGqzuirADif5 +DgJUEELYA/BqC73M6lxKRpx65NXyfspQbDM7AG87bN1QsRmYTTW6wofRXx6GzcDxGe6 XP/99/FoGi6gIUHe1cNPNzUBV0yLqrXmU71z8KfSc0iBOTMNc2EprnDMNv+lofBWKiEn IH3ShoPAkzVPmbfOXRWllqkDApuCn8Bl4qopf2WwuEZVZg/ghSJg8AjfNvBlTRdtC+gV +UaBTwVkF0nZwdIPxXP7ZL8dTArF0bNxPdIJ36sZg5mGa6UZhgfpXq/WbQqucTl46k8b MUMQ== X-Gm-Message-State: ALQs6tAS1Ij7YC+XwDmjjbcVltG0ckKSnpDqJxKgzXB9AQXG4Py8vzM1 jeRloWd3BqhXfq/+SB2cc7hOC6f5KjFP+WW5MZ+qPQ== X-Received: by 2002:a6b:ba46:: with SMTP id k67-v6mr16098203iof.289.1525175568306; Tue, 01 May 2018 04:52:48 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:a349:0:0:0:0:0 with HTTP; Tue, 1 May 2018 04:52:47 -0700 (PDT) In-Reply-To: <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com> References: <20180426192524.GD5965@thunk.org> <2add15cb-2113-0504-a732-81255ea61bf5@gmail.com> <20180426235630.GG5965@thunk.org> <3eb5761e-7b25-4178-0560-fba5eb43ce6a@gmail.com> <20180427201036.GL5965@thunk.org> <20180429143205.GD13475@amd> <20180429170541.lrzwyihrd6d75rql@sultan-box> <20180429184101.GA31156@amd> <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org> <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com> From: Justin Forbes Date: Tue, 1 May 2018 06:52:47 -0500 Message-ID: Subject: Re: Linux messages full of `random: get_random_u32 called from` To: Jeremy Cline Cc: "Theodore Y. Ts'o" , Sultan Alsawaf , Pavel Machek , LKML , Jann Horn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 30, 2018 at 4:12 PM, Jeremy Cline wrote: > On 04/29/2018 06:05 PM, Theodore Y. Ts'o wrote: >> On Sun, Apr 29, 2018 at 01:20:33PM -0700, Sultan Alsawaf wrote: >>> On Sun, Apr 29, 2018 at 08:41:01PM +0200, Pavel Machek wrote: >>>> Umm. No. https://www.youtube.com/watch?v=xneBjc8z0DE >>> >>> Okay, but /dev/urandom isn't a solution to this problem because it isn't usable >>> until crng init is complete, so it suffers from the same init lag as >>> /dev/random. >> >> It's more accurate to say that using /dev/urandom is no worse than >> before (from a few years ago). There are, alas, plenty of >> distributions and user space application programmers that basically >> got lazy using /dev/urandom, and assumed that there would be plenty of >> entropy during early system startup. >> >> When they switched over the getrandom(2), the most egregious examples >> of this caused pain (and they got fixed), but due to a bug in >> drivers/char/random.c, if getrandom(2) was called after the entropy >> pool was "half initialized", it would not block, but proceed. >> >> Is that exploitable? Well, Jann and I didn't find an _obvious_ way to >> exploit the short coming, which is this wasn't treated like an >> emergency situation ala the embarassing situation we had five years >> ago[1]. >> >> [1] https://factorable.net/paper.html >> >> However, it was enough to make us be uncomfortable, which is why I >> pushed the changes that I did. At least on the devices we had at >> hand, using the distributions that we typically use, the impact seemed >> minimal. Unfortuantely, there is no way to know for sure without >> rolling out change and seeing who screams. In the ideal world, >> software would not require cryptographic randomness immediately after >> boot, before the user logs in. And ***really***, as in [1], softwaret >> should not be generating long-term public keys that are essential to >> the security of the box a few seconds immediately after the device is >> first unboxed and plugged in.i >> >> What would be useful is if people gave reports that listed exactly >> what laptop and distributions they are using. Just "a high spec x86 >> laptop" isn't terribly useful, because *my* brand-new Dell XPS 13 >> running Debian testing is working just fine. The year, model, make, >> and CPU type plus what distribution (and distro version number) you >> are running is useful, so I can assess how wide spread the unhappiness >> is going to be, and what mitigation steps make sense. > > Fedora has started seeing some bug reports on this for Fedora 27[0] and > I've asked reporters to include their hardware details. > > [0] https://bugzilla.redhat.com/show_bug.cgi?id=1572944 > We have also had reports that Fedora users are seeing this on Google Compute Engine. Justin