Received: by 10.192.165.148 with SMTP id m20csp1779824imm;
        Thu, 3 May 2018 05:24:49 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqHJ0sU0tpnnfe01ldOL71uM9lJgJC3J4ZcfmDahj/IfHha5eRiehfmmQgPZ9cxI3JwKjm2
X-Received: by 2002:a63:744c:: with SMTP id e12-v6mr14277981pgn.4.1525350289084;
        Thu, 03 May 2018 05:24:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525350289; cv=none;
        d=google.com; s=arc-20160816;
        b=C+ra8DxAPUO1ahsk115tLV75BR/YHZbzZAoXgqxzCXt6EuL9UqEl8962z53l8snEDO
         7rPJuvUrH6JYDqqBNn2KQZU3Gedm0V2zqYdfCuy9BXAg+LynYLP5eescAid6H8b3FOSA
         0+LOYQWmjHIlnuLtCqwArwbJ1FOCeZ3K7V/sWqVsraDNeWx0pWjpZ9jIeaIZ8XX2BJW2
         n2eUmhk104pPMMjkPpKeZraG4FnZw1JSKFQghvdz4LDe1j7pBSxfY17Erad5sO9ot+CC
         cn3LJZ8oBvcKMRKcyU8Pgn03AZiMk98cXxC+eZwrQwoiIZk2nU8BbCyMMR7pepNmX4xc
         aZKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=8tOixaU8Pw4zkJZxkpow6XPdECHzScE3xVd2bNcOt+s=;
        b=Uqwr1r6W3yExgt+OJHiLCn1vhMz5kHS/wzoyGDeDzZ1bsmCRzZdwp25fpKSG+Z4nan
         nxon9zHl5g3yafr+J9GoTxvQTl1USBTQaR/Px7nogbtCkSU6PSxTRPygqTCh2u20tis3
         OxduyhCPlUvm2g3XAuMkv05PZh7TmNvVfwOMbyZyJ+c18mMmHnRvT8MnXSvMtbCOM+E/
         jh2fotA6fYzUlPdaPAhg+US4Uq5OUVyLOJC9eNFWAnl8rSPwzfudyxXCahH/pqxzafYf
         fEgcxC1Htrzn9g3o3tEi8/7OH9E1jIgQntLhu378dBK126fSZuFpAvMVobA4GwzUwxNE
         AyXw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxtx.org header.s=google header.b=Ic/3eR7+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 60-v6si13512252plc.453.2018.05.03.05.24.35;
        Thu, 03 May 2018 05:24:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxtx.org header.s=google header.b=Ic/3eR7+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752192AbeECMXv (ORCPT <rfc822;brice.berna@gmail.com>
        + 99 others); Thu, 3 May 2018 08:23:51 -0400
Received: from mail-io0-f193.google.com ([209.85.223.193]:38698 "EHLO
        mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752017AbeECMXo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 May 2018 08:23:44 -0400
Received: by mail-io0-f193.google.com with SMTP id z4-v6so21388769iof.5
        for <linux-kernel@vger.kernel.org>; Thu, 03 May 2018 05:23:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linuxtx.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=8tOixaU8Pw4zkJZxkpow6XPdECHzScE3xVd2bNcOt+s=;
        b=Ic/3eR7+YSP3+s8oslBIhHQvVeNlt8DhjzEIv1mqCxNUnyHIm861TrReIWlD3gO+ui
         Ga8o0ITkuzBoxZZv+/K65gQgTibVWaAd+kg/1ZuAKIYiRAbJvCUJ+nXlOVFTep373u/+
         UGd66oIQF17Xtqnws5BPzZ9IyXjckBn+e0F08=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=8tOixaU8Pw4zkJZxkpow6XPdECHzScE3xVd2bNcOt+s=;
        b=piaTE91cgBYm2hs4waPfWO9zDBsSsrUpJgmdiiLN3A9IkVIiy2yS8hC8Cx1Zb86uM2
         Rq1bnS4Pkl2b3wwoQDSUy9lIkm8KbOoo0LDqsqhspfojz9t0+/Xdc74lSp7QFMilwdAh
         H4Gsc9ahTKsH1gvK4ZC6jJ56gV2joDtSCv6kSQN3LvrUh2+1yJD0WH9T2BOHWto6x5Bz
         izTWYVokwXxnNrEa2bQnlu3HwZ0bYpABCZ7MNzHZOYlx51X9Qx+jHCtWMDMVO5AaMIu9
         V2+E2t01wpz7LTGUdkGqduHzjmS76eOpRRjrC23D7DcKTC45VjNt8S1xgJq2/v24b93c
         3sBQ==
X-Gm-Message-State: ALQs6tBW9nunaoGbVOAzU/W5Q/SPiyIGwZBYDomNQ/vQIO/euPL5G3fX
        0q7zBhCsJtVh1Byxg1Ip7g7c6TZqk0yYDInZUD42Dw==
X-Received: by 2002:a6b:6b02:: with SMTP id g2-v6mr18087690ioc.250.1525350223738;
 Thu, 03 May 2018 05:23:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:a349:0:0:0:0:0 with HTTP; Thu, 3 May 2018 05:23:42 -0700 (PDT)
In-Reply-To: <20180502222522.GA15457@thunk.org>
References: <20180429202033.ysmc42mj2rrk3h7p@sultan-box> <20180429220519.GQ5965@thunk.org>
 <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com>
 <CAFxkdAogN0S9vgQhKoO+Zpp07bXveDQYPLvwjULoTRv3Or83qQ@mail.gmail.com>
 <20180501125518.GI20585@thunk.org> <CAFxkdArLwrG8x6fNtLUfHedKrH_0d97V6UEzOCBgK8Shkir9pQ@mail.gmail.com>
 <20180502000250.GI10479@thunk.org> <CAFxkdAp83uWnju0KZKd2edveuzmiDW_sqMORC7uoR+pwgQECNw@mail.gmail.com>
 <20180502162653.GB3461@thunk.org> <3851ac8b-357d-3c82-2195-936e3c459212@redhat.com>
 <20180502222522.GA15457@thunk.org>
From:   Justin Forbes <jmforbes@linuxtx.org>
Date:   Thu, 3 May 2018 07:23:42 -0500
Message-ID: <CAFxkdApf7unUS0s4-NaD7RxePGN4WnNtqYcYqyQmbJJ6nnpF=Q@mail.gmail.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`
To:     "Theodore Y. Ts'o" <tytso@mit.edu>,
        Laura Abbott <labbott@redhat.com>,
        Justin Forbes <jmforbes@linuxtx.org>,
        Jeremy Cline <jeremy@jcline.org>,
        Sultan Alsawaf <sultanxda@gmail.com>,
        Pavel Machek <pavel@ucw.cz>,
        LKML <linux-kernel@vger.kernel.org>, Jann Horn <jannh@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 2, 2018 at 5:25 PM, Theodore Y. Ts'o <tytso@mit.edu> wrote:
> On Wed, May 02, 2018 at 10:49:34AM -0700, Laura Abbott wrote:
>>
>> It is a Fedora patch we're carrying
>> https://src.fedoraproject.org/rpms/libgcrypt/blob/master/f/libgcrypt-1.6.2-fips-ctor.patch#_23
>> so yes, it is a Fedora specific use case.
>> From talking to the libgcrypt team, this is a FIPS mode requirement
>> to run power on self test at the library constructor and the self
>> test of libgrcypt ends up requiring a fully seeded RNG. Citation
>> is in section 9.10 of
>> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
>
> Forgive me if this is a stupid question, but does Fedora need FIPS
> compliance?  Or is this something which is only required for RHEL?
>
> ("Here's to FIPS: the cause of, and solution to, all of Life's
> problems."  :-)
>
One of the advantages of carrying such things in Fedora is we find
these problems before RHEL does and hopefully there is a solution in
place before they ever even see it.

From the rawhide end, I just brought in virtio-rng as inline vs
module, this works around the issue for lots of users, but not all.
GCE is still impacted, and a user came to complain about it already
last night.  And of course any other virt platform without virtio-rng,
or some hardware. Most hardware installs don't have dracut-fips so
they will boot, eventually.

Justin