Received: by 10.192.165.148 with SMTP id m20csp78493imm; Tue, 1 May 2018 17:56:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr9s2IcJCjxTE2YSaHAMDT63QG/4hpWK7vDeTJTPtBgwyXVNSYxgdd7jOsGIA0hau+dCkZs X-Received: by 10.98.181.9 with SMTP id y9mr17410754pfe.121.1525222594478; Tue, 01 May 2018 17:56:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525222594; cv=none; d=google.com; s=arc-20160816; b=0R3oy/USNQyH7E6p1SPHfbLg4B3KPcyE8A07PWzXEjsDaFS2F6znFkE/fK+gHRmiWM Jn4YUoD6s1Ic6EL1kj+DPaYnUHLdfaLOqKRP2I13RN9p2Ghz1vkZF7deZKr54w7aDbUH WYUPAVGY5fcPlff3KBZhGEBZpBQNRhNIQcRY5mRrx68Y2RQ3gMynH3F2O7CqBCsmFeSA /RnYCYyvnSJ5B4G7sNJUps4V51zKlAgmFkZSjjGyvNcv6qmFJEy5ik/P0Nm26Ub5ejdG T1AqnQBY06tygBncIbonJPj/uXEM3mQX9URP7X1EfbbvCeK0IjoesyWtkizP9/TRKq6v tSMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=B82Ta6RCekRqxnx6LRUXC2tb+u6kJ6eXbf1QhNiv+zM=; b=wVWkP9yH7XtTe/dtnkRpgT/CLhI8fqY6pnppo6YjvNj5A9dElqy1I/uEldkJrMS0MO iwEwIecx0MXNqbzoCUc9qTkgddENYAsnMsVnOvzXtUCjCio6nm4or5WjzmcVLTAE5i48 Sii9dzxs+jBRfNB+7PgusHLnwFJGxFmE0+kIEJ22cZie1TgCKG6d2y7ZQ2LI7u2dwegr gd3AxpmGnVGsJksZwKE8jjYuQYk/ud9mdRi0Au5FVkGncJUjPCLC0dDqNEXwwow1H8kM eFaOd84DtJ+NfO/9IlwlAcODorRRMUhBQv2af0JyWwn8oIobLZleOhfOoLIx7ewRq39k GaBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=lX+8h9/y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9-v6si8539995pgv.452.2018.05.01.17.56.18; Tue, 01 May 2018 17:56:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=lX+8h9/y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751080AbeEBA4J (ORCPT + 99 others); Tue, 1 May 2018 20:56:09 -0400 Received: from imap.thunk.org ([74.207.234.97]:51366 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750863AbeEBA4H (ORCPT ); Tue, 1 May 2018 20:56:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=B82Ta6RCekRqxnx6LRUXC2tb+u6kJ6eXbf1QhNiv+zM=; b=lX+8h9/yVIPUPNCQe493DI7bHr MQphf/9kzXouQ2BUf/5/pmbSY4/+bn/2MPW6O6m64+qsagBoe71ZMWbOF7Oxzfz7S3QHwuxlePCEA 707EtUdSsKVoU/9/1IuiJEaUFKswR3JmLgfGiwZR4qU6+CAHnn7ebO1YrP9eUfaMfToQ=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1fDg3x-0004oc-56; Wed, 02 May 2018 00:56:05 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 645CD7A5D0C; Tue, 1 May 2018 20:56:04 -0400 (EDT) Date: Tue, 1 May 2018 20:56:04 -0400 From: "Theodore Y. Ts'o" To: Sultan Alsawaf Cc: Justin Forbes , Jeremy Cline , Pavel Machek , LKML , Jann Horn Subject: Re: Linux messages full of `random: get_random_u32 called from` Message-ID: <20180502005604.GJ10479@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , Sultan Alsawaf , Justin Forbes , Jeremy Cline , Pavel Machek , LKML , Jann Horn References: <20180429143205.GD13475@amd> <20180429170541.lrzwyihrd6d75rql@sultan-box> <20180429184101.GA31156@amd> <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org> <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com> <20180501125518.GI20585@thunk.org> <20180502004317.kxwiu2oephgbi6ok@sultan-box> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180502004317.kxwiu2oephgbi6ok@sultan-box> User-Agent: Mutt/1.9.5 (2018-04-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 01, 2018 at 05:43:17PM -0700, Sultan Alsawaf wrote: > > I've attached what I think is a reasonable stopgap solution until this is > actually fixed. If you're willing to revert the CVE-2018-1108 patches > completely, then I don't think you'll mind using this patch in the meantime. I would put it slightly differently; reverting the CVE-2018-1108 patches is less dangerous than what you are proposing in your attached patch. Again, I think the right answer is to fix userspace to not require cryptographic grade entropy during early system startup, and for people to *think* about what they are doing. I've looked at the systemd's use of hmac in journal-authenticate, and as near as I can tell, there isn't any kind of explanation about why it was necessary, or what threat it was trying to protect against. - Ted