Received: by 10.192.165.148 with SMTP id m20csp71743imm; Tue, 1 May 2018 17:45:21 -0700 (PDT) X-Google-Smtp-Source: AB8JxZouoi4cDr/LR0qAu/gQe49BTrpNfsmE6Xa0/JrJJ3aDGlZkVatnKrmeYzxoTybt/AV5LtLr X-Received: by 2002:a65:5686:: with SMTP id v6-v6mr14025678pgs.92.1525221921062; Tue, 01 May 2018 17:45:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525221921; cv=none; d=google.com; s=arc-20160816; b=aSxVc0x3jAAxQ4/x39/Du12D6Rt24XpFJy5p+rITw57uhSBRnBsDejdfLI9KFBT9v0 KhdXPhlw6d2mlHHyyuqKH9jJV8Pz6KwH8vxcAdiwXVSwHOkSnH+PfcpZSHRkVVIQA5OZ 8wvnfNKLt9ccp/LaCMJM/17LnBYCJTJBGdqJZgn4PCnWH0+6wAk/jtGEbwt0kCTzhEmt Vayh7/27RsfaWpm+6ovua4OY+XEv/i7fhgxuewPUpNdeF21R7qGRgLvZpr6YJ6eNXUkR gKMEx/hJXz4nEFsNWnBVYCIGSQMVZa9XVXbUVgl+v7X2UicDkVg4KD7k3/U3HpADavGZ iUIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=HqNOuTG57i9D9NXJ32a+9nHstwz3bfCjxUKV4sqx4aw=; b=wlosoyAgsFxHsF0TavJxB34s/shkxCdO2MHwvG2FIywPULMrU8QAPrMG9F7TKZkKdI zJyYBTyGvzJEZqsWfPDWgHFWFlqBKRYNdCiNINbR85ejrF3ClE+Zn/uHXv0KYprDkL8P 7pugRf0VnwK6xPyO5F00NYwT6eVkPcRyWqFNyuwQ2CllRN+T+ttfP34vObDfWJAsK6Vv nylkM/kWeT+ceV6LSpU28Dt1EO1vXR8cMvWMinMUl2Fi9Q/gJDa17dUA9VSCq/5PtmiO 0+FIUOM8bYGtHYZGo97GeJUdEskQ5VTsWVR+o6cefV2skR+Vs309idQ1ptMnmgxYhKQS M79A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ErTS+nLa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v11-v6si8509263pgo.643.2018.05.01.17.45.07; Tue, 01 May 2018 17:45:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ErTS+nLa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750969AbeEBAn0 (ORCPT + 99 others); Tue, 1 May 2018 20:43:26 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:45540 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750743AbeEBAnW (ORCPT ); Tue, 1 May 2018 20:43:22 -0400 Received: by mail-oi0-f68.google.com with SMTP id b130-v6so11457578oif.12 for ; Tue, 01 May 2018 17:43:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=HqNOuTG57i9D9NXJ32a+9nHstwz3bfCjxUKV4sqx4aw=; b=ErTS+nLaElsSGC4EmNnxRu9oH1XchDzRRALmFJYUmujmt2POjfv/eVeSOwGxvLC/2V IWcuLk2nObPSTJCrFFKxul/WIXiSbeEH3nJCe4V6Y1I6reGdOrB5Osif0KBVVj84UNvQ oM6ptGpagGeIfVUH1Ll3zqznIddLeZ65Zbomfu3LgoBGuxYKYaYDgw9KvJxtssFr0s7q o7d0X/6F5+VQ7v0ENc0j1ql375tZUjIeOfXzaix/n0SHqkGWDuau++eIuvI4H2UTvIJQ HOXooWR1n3cq3qSUAiCq7jaB9FDAQjGLPO5XGuqlF/AF1XD4v43pcjSeqeWO2xJIQa2S uJlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=HqNOuTG57i9D9NXJ32a+9nHstwz3bfCjxUKV4sqx4aw=; b=fxoI4m07bYk8MaBHVHz41Gt10TCKvNWXDqPhpPf9fCUqD/oTwiRw8gVr9o6Aj9dljm WDP17Pcp7EGbXvyOuUvqQtOjIjgWWP2jTNgHew4mo10i4D7l4k8n5Y8lGUI3+nmXz8I6 o/1RCixND0c46PEdDemn2y9x70fEho4IVAdE91460C2Milq9tl2xr1hzUwoOvHNF4r4Q oe0IMnBqtynDErcJr8VHYXZ8zWcLp+tG6gex+b5tNv/DpJMmBuOcIslDteIf2VqaoQ// V4h20GDnW6ADPWA+LhyLOxao1K7tinPNcYfchuQtLavlp7oCSAIDM7L47Zjqz9aNQtP+ zgWg== X-Gm-Message-State: ALQs6tCylJ0BCT1sDWEKC0BKerDopGlAdvM5clxQzsfSH6we0e7dlL2K YjspcBDaToViecUxlR+3nx4= X-Received: by 2002:aca:e308:: with SMTP id a8-v6mr11379539oih.237.1525221801510; Tue, 01 May 2018 17:43:21 -0700 (PDT) Received: from sultan-box ([107.193.118.89]) by smtp.gmail.com with ESMTPSA id a6-v6sm6330165oti.70.2018.05.01.17.43.19 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 01 May 2018 17:43:20 -0700 (PDT) Date: Tue, 1 May 2018 17:43:17 -0700 From: Sultan Alsawaf To: Justin Forbes Cc: "Theodore Y. Ts'o" , Jeremy Cline , Pavel Machek , LKML , Jann Horn Subject: Re: Linux messages full of `random: get_random_u32 called from` Message-ID: <20180502004317.kxwiu2oephgbi6ok@sultan-box> References: <20180427201036.GL5965@thunk.org> <20180429143205.GD13475@amd> <20180429170541.lrzwyihrd6d75rql@sultan-box> <20180429184101.GA31156@amd> <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org> <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com> <20180501125518.GI20585@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 01, 2018 at 05:35:56PM -0500, Justin Forbes wrote: > > I have not reproduced in GCE myself. We did get some confirmation > that removing dracut-fips does make the problem less dire (but I > wouldn't call a 4 minute boot a win, but booting in 4 minutes is > better than not booting at all). Specifically systemd calls libgcrypt > before it even opens the log with fips there, and this is before > virtio-rng modules could even load. Right now though, we are looking > at pretty much any possible options as the majority of people are > calling for me to backout the patches completely from rawhide. I've attached what I think is a reasonable stopgap solution until this is actually fixed. If you're willing to revert the CVE-2018-1108 patches completely, then I don't think you'll mind using this patch in the meantime. Sultan From 5be2efdde744d3c55db3df81c0493fc67dc35620 Mon Sep 17 00:00:00 2001 From: Sultan Alsawaf Date: Tue, 1 May 2018 17:36:17 -0700 Subject: [PATCH] random: use urandom instead of random for now and speed up crng init With the fixes for CVE-2018-1108, /dev/random now requires user-provided entropy on quite a few machines lacking high levels of boot entropy in order to complete its initialization. This causes issues on environments where userspace depends on /dev/random in order to finish booting completely (i.e., userspace will remain stuck, unable to boot, waiting for entropy more-or-less indefinitely until the user provides it via something like keystrokes or mouse movements). As a temporary workaround, redirect /dev/random to /dev/urandom instead, and speed up the initialization process by slightly relaxing the threshold for interrupts to go towards adding one bit of entropy credit (only until initialization is complete). Signed-off-by: Sultan Alsawaf --- drivers/char/mem.c | 3 ++- drivers/char/random.c | 9 ++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index ffeb60d3434c..cc9507f01c79 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -870,7 +870,8 @@ static const struct memdev { #endif [5] = { "zero", 0666, &zero_fops, 0 }, [7] = { "full", 0666, &full_fops, 0 }, - [8] = { "random", 0666, &random_fops, 0 }, + /* Redirect /dev/random to /dev/urandom until /dev/random is fixed */ + [8] = { "random", 0666, &urandom_fops, 0 }, [9] = { "urandom", 0666, &urandom_fops, 0 }, #ifdef CONFIG_PRINTK [11] = { "kmsg", 0644, &kmsg_fops, 0 }, diff --git a/drivers/char/random.c b/drivers/char/random.c index d9e38523b383..bce3b43cdd3b 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1200,9 +1200,12 @@ void add_interrupt_randomness(int irq) return; } - if ((fast_pool->count < 64) && - !time_after(now, fast_pool->last + HZ)) - return; + if (fast_pool->count < 64) { + unsigned long timeout = crng_ready() ? HZ : HZ / 4; + + if (!time_after(now, fast_pool->last + timeout)) + return; + } r = &input_pool; if (!spin_trylock(&r->lock)) -- 2.14.1