Received: by 10.192.165.148 with SMTP id m20csp831348imm; Wed, 2 May 2018 09:27:24 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrX+qXVfvDlc85AlMXK4T8Dk9zd1Xn/+BVCDHCDWX0aHljTcMwnx+b9wDX6OFKFAhGQh6ln X-Received: by 2002:a63:3c0c:: with SMTP id j12-v6mr17242031pga.203.1525278444206; Wed, 02 May 2018 09:27:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525278444; cv=none; d=google.com; s=arc-20160816; b=lTQKOp/0HpWlBlWqSKt8R2X03yUDZ9o8GfigIE2U3tmPPWjaSTZeksmJTWT/ZB92pW juj6XRZmtRIJzduCkNb740x1GY89kDF1tH4Muo2cjN16VPIJm5Y77/WRyNN29cwh4vBs Coj8v7C5lVbe7jCBuvBJVI51ZYiNKCTMJDdALWB8BiHvM76+PD3xxYj6SM6I4oNK9MjA 6sOoKHlxXbxiKZRWpDRv0fX8Y77ZnXQYnatUaBiNzB9WYR3PIGas7a3IN5ydpjsFNviv uL4AjIBPD7n0+uaWvnQfGCLpSXKV2iTxmxMYHvTz7IOhd2309nfeg0EfiSsiAmuXLeq1 nWoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=m9TUuu+Al1uQPNQi2JkTfbK/R88AHwtxrTzDdIthCR0=; b=Yg0x9xwV4ybf0q0qM+GdMdIp6g4O1X2ntCK//dp/9AuGqFgfcj2AG/PlNCpUrYrzvK r45vKApD227gx2jw9/C2YyaGE38WKXF97mLlrHDnFebFww+WPswNufJj5YvdY0TXrgMN R/wmliJFCLSmCPYb+JmrYUUGD6nTDx3DeucxAnxk11W5qq2+c4kJVAmzYNEEtpmueVRm PwXqcPgm4UtMx+2H66pEv/eh1Anz5yJ72QYUrwfYxW92XJQj69nnS/Fg6GPODJP1dw7b 9W3nRTuN50ZQuv8x2u4nGrmU2AwlZkpqDR82ZiSWNDyeyQpbPM1DOjNXnQS0+jwMLc7k +6EA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=eQrNls1V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o184si4152485pfb.157.2018.05.02.09.27.09; Wed, 02 May 2018 09:27:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=eQrNls1V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751552AbeEBQ07 (ORCPT + 99 others); Wed, 2 May 2018 12:26:59 -0400 Received: from imap.thunk.org ([74.207.234.97]:54408 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750936AbeEBQ06 (ORCPT ); Wed, 2 May 2018 12:26:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m9TUuu+Al1uQPNQi2JkTfbK/R88AHwtxrTzDdIthCR0=; b=eQrNls1V/ohwfPNVqUc/aEZT1o OI6rDKCYY6DtB/PZhbn4KcTM2oV0jazbSJbrlsRlwCna3Nyi6yg/wB0/41PRfgKz6S5DWwqGBdf/N qmMHF6XH4suBoqsKGBO3OTJ6zgHyNSgIkqOLxN2vfECLYmAj3h5SHBFmOY5nKMGlPN0Q=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1fDuak-0000Cn-5R; Wed, 02 May 2018 16:26:54 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 3F80C7A4AFF; Wed, 2 May 2018 12:26:53 -0400 (EDT) Date: Wed, 2 May 2018 12:26:53 -0400 From: "Theodore Y. Ts'o" To: Justin Forbes Cc: Jeremy Cline , Sultan Alsawaf , Pavel Machek , LKML , Jann Horn Subject: Re: Linux messages full of `random: get_random_u32 called from` Message-ID: <20180502162653.GB3461@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , Justin Forbes , Jeremy Cline , Sultan Alsawaf , Pavel Machek , LKML , Jann Horn References: <20180429170541.lrzwyihrd6d75rql@sultan-box> <20180429184101.GA31156@amd> <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org> <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com> <20180501125518.GI20585@thunk.org> <20180502000250.GI10479@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.5 (2018-04-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 02, 2018 at 07:09:11AM -0500, Justin Forbes wrote: > Yes, Fedora libgcrypt is carrying a patch which makes it particularly > painful for us, we have reached out to the libgcrypt maintainer to > follow up on that end. But as I said before, even without that code > path (no dracut-fips) we are seeing some instances of 4 minute boots. > This is not really a workable user experience. And are you sure that > every cloud platform and VM platform offers, makes it possible to > config virtio-rng? Unfortunately, the answer is no. Google Compute Engine, alas, does not currently support virtio-rng. With my Google hat on, I can't comment on future product features. With my upstream developer hat on, I'll give you three guesses what I have been advocating and pushing for internally, and the first two don't count. :-) That being said, I just booted a Debian 9 (Stable, aka Stretch) standard kernel, and then installed 4.17-rc3 (which has the CVE-2018-1108 patches). The crng_init=2 message doesn't appear immediately, and it does appear quite a bit later comapred to the standard 4.9.0-6-amd64 Debian 9 kernel. However, the lack of a fully initialized random pool doesn't prevent the standard Debian 9 image from booting: May 2 15:33:42 localhost kernel: [ 0.000000] Linux version 4.17.0-rc3-xfstests (tytso@cwcc) (gcc version 7.3.0 (Debian 7.3.0-16)) #169 SMP Wed May 2 11:28:17 EDT 2018 May 2 15:33:42 localhost kernel: [ 1.456883] random: fast init done May 2 15:33:46 rng-testing systemd[1]: Startup finished in 3.202s (kernel) + 5.963s (userspace) = 9.166s. May 2 15:33:46 rng-testing google-accounts: INFO Starting Google Accounts daemon. May 2 15:44:39 rng-testing kernel: [ 661.436664] random: crng init done So it really does appear to be something going on with Fedora's userspace; can you help try to track down what it is? Thanks, - Ted