Received: by 10.192.165.148 with SMTP id m20csp554359imm; Wed, 2 May 2018 05:09:39 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrxObrxkBtP+EsjT3cmVCFYmlsQi5Z8RZ3uYihxs4WlNZc3DzEmGSrVmP00acyn3Mo6n3Bb X-Received: by 2002:a17:902:bc48:: with SMTP id t8-v6mr19896737plz.133.1525262979708; Wed, 02 May 2018 05:09:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525262979; cv=none; d=google.com; s=arc-20160816; b=UYz1Pud591mY5zyj780sp/3deGkYIxaEfW1cSIlXim7vmURamdgUnWnSKC/BSqJo4u nS0UGyMnSnmxBIzJzjXyKDXoSzjorL+Epef0Lo9zRlDjE5sGyJ4MqoGAqS68Vf3a8kBF oeCIF2+MM0DTifFcW6zeiT4bWnt9D9GXxmIW4REwko7gZWnJBr1YrhNYB5dtQVM6B/fB +mmq6tRA4ksICumcYaROt+qS206qOhNIWxFHy3JqaVWf7/yYT3p3+JQ4ZsokkOu7XsGH hNx5hnF00d1kLL0h/bNS8rtkTfz7tEDtX87EyDuGr656ytCPEwUL/kDdq0qHu3PuWRCB gp9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=GzL3DOblL8gV3SbfX6YMRdNPw/JP4rZymOmu76518Wo=; b=Qzown5w8Q/G210kjzOiLmpaPhUiR8At3oh3hxSbhfbeLIDbu8DcZrin6p5vL2Quume IjQ7RtjF2CMIhc0sK/49BVrFiZLfmGF2VLrT471v5sEldbKIlzLaSG1SGM8RxvK+mYfh aBb5QPGcsgDtfdxy5gHiVUWuCczWJdDM8dP8bzM8gOMt8zyUgHK4Y8vxncf4AGHxXciV WZHPUa3te/51PyNGyPMVNJFpoghSupfiB79/V2SX5woNGyLoQdU0LFW3T9vNDHlfyDdO VKBcDptpb+Poc++t5op4Se+zrTktDyqfcsk/gtrdXWhp1FNx8Rzh7rQP4EmJrhRTDr8f tjzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxtx.org header.s=google header.b=OGpi0S+6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1-v6si11877315plp.567.2018.05.02.05.09.24; Wed, 02 May 2018 05:09:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxtx.org header.s=google header.b=OGpi0S+6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751216AbeEBMJP (ORCPT + 99 others); Wed, 2 May 2018 08:09:15 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:33093 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750939AbeEBMJM (ORCPT ); Wed, 2 May 2018 08:09:12 -0400 Received: by mail-io0-f196.google.com with SMTP id e78-v6so17185481iod.0 for ; Wed, 02 May 2018 05:09:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxtx.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=GzL3DOblL8gV3SbfX6YMRdNPw/JP4rZymOmu76518Wo=; b=OGpi0S+67asyJYwTBU/1K0hllDJmTcUR/uitt67iVfC/DT3KXA1KnzRi4tfNz2C8DQ 0js9EeYu0bL1l+0HmtpKS+rQK4iJ2oamwWX5ilAaJe9SgYXKy/2zQC2pCSMQoHZSPLdJ 7McBI12UqWPjAoDlBkJ97aPOkE+heIjrX3vSA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=GzL3DOblL8gV3SbfX6YMRdNPw/JP4rZymOmu76518Wo=; b=oTwIDXkF3ldQRUIILNweY7OOC3xFsvZ+sNxkMd5egJ8Kl0rD5F0qbs467COF6R4zjq MnbfEohZDYNSC6jakW46OoSheo/OfbE2fmi4xS84wXj4GYNvy6mTUGSq7LMnq9bo9HAs ckwqqURG23S1Fm8gbWATH+KxTv1f68h3V3bG/HPfW4LImGAIR7x/Ph+75+vNHlMIF4SR lKdJ1bxHj7b6BB5eaO2AFgIVCEWvq5zh/71piqQikl4nPQemPX9NU92b9imwAVRuO71x GBsSYYO0RGaPvxJ9z1UlhLcgf9NKe2G4KNSXEdm32ASWbUAn5uoO4/mRlgns0ygNbXO3 4opw== X-Gm-Message-State: ALQs6tDaa3jJrvD7B39dMgnPuFcgDJazhUFO30Xwq2NW8tEGZ0H0hX+7 SwZLdp34RdBi0p2nqhgfVpSsznqEzOZuUeGjjmk5nQ== X-Received: by 2002:a6b:b68a:: with SMTP id g132-v6mr19574679iof.182.1525262952175; Wed, 02 May 2018 05:09:12 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:a349:0:0:0:0:0 with HTTP; Wed, 2 May 2018 05:09:11 -0700 (PDT) In-Reply-To: <20180502000250.GI10479@thunk.org> References: <20180427201036.GL5965@thunk.org> <20180429143205.GD13475@amd> <20180429170541.lrzwyihrd6d75rql@sultan-box> <20180429184101.GA31156@amd> <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org> <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com> <20180501125518.GI20585@thunk.org> <20180502000250.GI10479@thunk.org> From: Justin Forbes Date: Wed, 2 May 2018 07:09:11 -0500 Message-ID: Subject: Re: Linux messages full of `random: get_random_u32 called from` To: "Theodore Y. Ts'o" , Justin Forbes , Jeremy Cline , Sultan Alsawaf , Pavel Machek , LKML , Jann Horn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 1, 2018 at 7:02 PM, Theodore Y. Ts'o wrote: > On Tue, May 01, 2018 at 05:35:56PM -0500, Justin Forbes wrote: >> >> I have not reproduced in GCE myself. We did get some confirmation >> that removing dracut-fips does make the problem less dire (but I >> wouldn't call a 4 minute boot a win, but booting in 4 minutes is >> better than not booting at all). Specifically systemd calls libgcrypt >> before it even opens the log with fips there, and this is before >> virtio-rng modules could even load. Right now though, we are looking >> at pretty much any possible options as the majority of people are >> calling for me to backout the patches completely from rawhide. > > FWIW, Debian Testing is using systemd 238, and from what I can tell > it's calling libgcrypt and it has the same (as near as I can tell) > totally pointless hmac nonsense, and it's not a problem that I can > see. Of course, Debian and Fedora may have a different set of > patches.... > Yes, Fedora libgcrypt is carrying a patch which makes it particularly painful for us, we have reached out to the libgcrypt maintainer to follow up on that end. But as I said before, even without that code path (no dracut-fips) we are seeing some instances of 4 minute boots. This is not really a workable user experience. And are you sure that every cloud platform and VM platform offers, makes it possible to config virtio-rng? Justin