Received: by 10.192.165.148 with SMTP id m20csp554359imm;
        Wed, 2 May 2018 05:09:39 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrxObrxkBtP+EsjT3cmVCFYmlsQi5Z8RZ3uYihxs4WlNZc3DzEmGSrVmP00acyn3Mo6n3Bb
X-Received: by 2002:a17:902:bc48:: with SMTP id t8-v6mr19896737plz.133.1525262979708;
        Wed, 02 May 2018 05:09:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525262979; cv=none;
        d=google.com; s=arc-20160816;
        b=UYz1Pud591mY5zyj780sp/3deGkYIxaEfW1cSIlXim7vmURamdgUnWnSKC/BSqJo4u
         nS0UGyMnSnmxBIzJzjXyKDXoSzjorL+Epef0Lo9zRlDjE5sGyJ4MqoGAqS68Vf3a8kBF
         oeCIF2+MM0DTifFcW6zeiT4bWnt9D9GXxmIW4REwko7gZWnJBr1YrhNYB5dtQVM6B/fB
         +mmq6tRA4ksICumcYaROt+qS206qOhNIWxFHy3JqaVWf7/yYT3p3+JQ4ZsokkOu7XsGH
         hNx5hnF00d1kLL0h/bNS8rtkTfz7tEDtX87EyDuGr656ytCPEwUL/kDdq0qHu3PuWRCB
         gp9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=GzL3DOblL8gV3SbfX6YMRdNPw/JP4rZymOmu76518Wo=;
        b=Qzown5w8Q/G210kjzOiLmpaPhUiR8At3oh3hxSbhfbeLIDbu8DcZrin6p5vL2Quume
         IjQ7RtjF2CMIhc0sK/49BVrFiZLfmGF2VLrT471v5sEldbKIlzLaSG1SGM8RxvK+mYfh
         aBb5QPGcsgDtfdxy5gHiVUWuCczWJdDM8dP8bzM8gOMt8zyUgHK4Y8vxncf4AGHxXciV
         WZHPUa3te/51PyNGyPMVNJFpoghSupfiB79/V2SX5woNGyLoQdU0LFW3T9vNDHlfyDdO
         VKBcDptpb+Poc++t5op4Se+zrTktDyqfcsk/gtrdXWhp1FNx8Rzh7rQP4EmJrhRTDr8f
         tjzw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxtx.org header.s=google header.b=OGpi0S+6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a1-v6si11877315plp.567.2018.05.02.05.09.24;
        Wed, 02 May 2018 05:09:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxtx.org header.s=google header.b=OGpi0S+6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751216AbeEBMJP (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Wed, 2 May 2018 08:09:15 -0400
Received: from mail-io0-f196.google.com ([209.85.223.196]:33093 "EHLO
        mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750939AbeEBMJM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 May 2018 08:09:12 -0400
Received: by mail-io0-f196.google.com with SMTP id e78-v6so17185481iod.0
        for <linux-kernel@vger.kernel.org>; Wed, 02 May 2018 05:09:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linuxtx.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=GzL3DOblL8gV3SbfX6YMRdNPw/JP4rZymOmu76518Wo=;
        b=OGpi0S+67asyJYwTBU/1K0hllDJmTcUR/uitt67iVfC/DT3KXA1KnzRi4tfNz2C8DQ
         0js9EeYu0bL1l+0HmtpKS+rQK4iJ2oamwWX5ilAaJe9SgYXKy/2zQC2pCSMQoHZSPLdJ
         7McBI12UqWPjAoDlBkJ97aPOkE+heIjrX3vSA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=GzL3DOblL8gV3SbfX6YMRdNPw/JP4rZymOmu76518Wo=;
        b=oTwIDXkF3ldQRUIILNweY7OOC3xFsvZ+sNxkMd5egJ8Kl0rD5F0qbs467COF6R4zjq
         MnbfEohZDYNSC6jakW46OoSheo/OfbE2fmi4xS84wXj4GYNvy6mTUGSq7LMnq9bo9HAs
         ckwqqURG23S1Fm8gbWATH+KxTv1f68h3V3bG/HPfW4LImGAIR7x/Ph+75+vNHlMIF4SR
         lKdJ1bxHj7b6BB5eaO2AFgIVCEWvq5zh/71piqQikl4nPQemPX9NU92b9imwAVRuO71x
         GBsSYYO0RGaPvxJ9z1UlhLcgf9NKe2G4KNSXEdm32ASWbUAn5uoO4/mRlgns0ygNbXO3
         4opw==
X-Gm-Message-State: ALQs6tDaa3jJrvD7B39dMgnPuFcgDJazhUFO30Xwq2NW8tEGZ0H0hX+7
        SwZLdp34RdBi0p2nqhgfVpSsznqEzOZuUeGjjmk5nQ==
X-Received: by 2002:a6b:b68a:: with SMTP id g132-v6mr19574679iof.182.1525262952175;
 Wed, 02 May 2018 05:09:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:a349:0:0:0:0:0 with HTTP; Wed, 2 May 2018 05:09:11 -0700 (PDT)
In-Reply-To: <20180502000250.GI10479@thunk.org>
References: <20180427201036.GL5965@thunk.org> <20180429143205.GD13475@amd>
 <20180429170541.lrzwyihrd6d75rql@sultan-box> <20180429184101.GA31156@amd>
 <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org>
 <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com>
 <CAFxkdAogN0S9vgQhKoO+Zpp07bXveDQYPLvwjULoTRv3Or83qQ@mail.gmail.com>
 <20180501125518.GI20585@thunk.org> <CAFxkdArLwrG8x6fNtLUfHedKrH_0d97V6UEzOCBgK8Shkir9pQ@mail.gmail.com>
 <20180502000250.GI10479@thunk.org>
From:   Justin Forbes <jmforbes@linuxtx.org>
Date:   Wed, 2 May 2018 07:09:11 -0500
Message-ID: <CAFxkdAp83uWnju0KZKd2edveuzmiDW_sqMORC7uoR+pwgQECNw@mail.gmail.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`
To:     "Theodore Y. Ts'o" <tytso@mit.edu>,
        Justin Forbes <jmforbes@linuxtx.org>,
        Jeremy Cline <jeremy@jcline.org>,
        Sultan Alsawaf <sultanxda@gmail.com>,
        Pavel Machek <pavel@ucw.cz>,
        LKML <linux-kernel@vger.kernel.org>, Jann Horn <jannh@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 1, 2018 at 7:02 PM, Theodore Y. Ts'o <tytso@mit.edu> wrote:
> On Tue, May 01, 2018 at 05:35:56PM -0500, Justin Forbes wrote:
>>
>> I have not reproduced in GCE myself.  We did get some confirmation
>> that removing dracut-fips does make the problem less dire (but I
>> wouldn't call a 4 minute boot a win, but booting in 4 minutes is
>> better than not booting at all).  Specifically systemd calls libgcrypt
>> before it even opens the log with fips there, and this is before
>> virtio-rng modules could even load. Right now though, we are looking
>> at pretty much any possible options as the majority of people are
>> calling for me to backout the patches completely from rawhide.
>
> FWIW, Debian Testing is using systemd 238, and from what I can tell
> it's calling libgcrypt and it has the same (as near as I can tell)
> totally pointless hmac nonsense, and it's not a problem that I can
> see.  Of course, Debian and Fedora may have a different set of
> patches....
>
Yes, Fedora libgcrypt is carrying a patch which makes it particularly
painful for us, we have reached out to the libgcrypt maintainer to
follow up on that end. But as I said before, even without that code
path (no dracut-fips) we are seeing some instances of 4 minute boots.
This is not really a workable user experience.  And are you sure that
every cloud platform and VM platform offers, makes it possible to
config virtio-rng?

Justin