Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp565313imj; Thu, 7 Feb 2019 08:29:16 -0800 (PST) X-Google-Smtp-Source: AHgI3IaDrgk2wDMT2tKU+MwmTd5IpMB9TWuMV62VmSJCAvgew0u9Ll9t/KsbblNt8SWej/afGnc7 X-Received: by 2002:a62:c711:: with SMTP id w17mr17072877pfg.50.1549556956709; Thu, 07 Feb 2019 08:29:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549556956; cv=none; d=google.com; s=arc-20160816; b=l2VvsErMR+cbrltrqukI/2YSGoK2U1ijJ9Nq7k0FNYPEzuxTCcLwti8cE44zIHS3Ur f8+qIaN6gBK0BlTMMlQY7mQpwIVxlb2xcpquscnXvJfyXdAjdIzQ8NQfkJ9VQ+S9H+tt 849odrwcGgVWkty5eyRILxmGGxTCoG98S6AXiizsCyH7V38NNQSI974pM5y1qcYw7u0Z lS9j1+1YY0Wty3skaJ5OMP8BlBiv+qbL+Gokjyt6Fkz6dsvzLAqW27x+FfB4K6CO5tuH WwI4+xPcKomg8JGaHKEw3xQ4YoJJnmFD8efPh64RBXYlEzVTOgKEsAuh+2b98IHI8xsR 269A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature; bh=+FARnEwqkOSRajl/E6Ry23luQLMmuhbk5RDV/5SSaxM=; b=lYbhagx/3BeIJC0CkI/1TpvLhXbvx9KHhAJGE5YAqAQ7YTp3BszLs0p7czUl0B3+DE vVFEwVMQDybInMbe1A7yDnq7+AhCVnAQatkXW3RDH6nRigt8aZ/Ho3V90Ghm/wK/TQEQ vTxPoehDxo/UZ/9o73NRGe+WWS+cjPwGC3o+IjBZ4DN08rk/jEvhYTlPP+N6ffjPBZc1 PNlMw4qyKUtO3FqRRpXqMqNGH7GTCWilpaOAUXWlSve7NX1kB21duAWXzKkmVX6DZA66 lwCw11330riImk2q+Jihc87yUwJlGlXcPYjHuRFd1/9aVnJufjiqm/MNiNuecblEdys0 QLHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mit.edu header.s=selector1 header.b=JqUO4Ec5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o85si4094080pfa.188.2019.02.07.08.29.01; Thu, 07 Feb 2019 08:29:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@mit.edu header.s=selector1 header.b=JqUO4Ec5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726781AbfBGQ1D (ORCPT + 99 others); Thu, 7 Feb 2019 11:27:03 -0500 Received: from mail-eopbgr820135.outbound.protection.outlook.com ([40.107.82.135]:20704 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726319AbfBGQ1C (ORCPT ); Thu, 7 Feb 2019 11:27:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+FARnEwqkOSRajl/E6Ry23luQLMmuhbk5RDV/5SSaxM=; b=JqUO4Ec5vC8gTnT/DGVvPPgt2pBuMHa+MIUyn8spHNCi8ABTF7KeElVqWQjwdj+cA2onJtGZfwF5Wr4ek3Pfuti/XhYeOV35hfO2xiQNm8OFO/25rKzoenNAf4/Et8+8ZigmU2sHJPlB7IibrSQV3a5sill8KTgp5SNYfJvmm8I= Received: from CY4PR01CA0010.prod.exchangelabs.com (2603:10b6:903:1f::20) by CY1PR01MB2043.prod.exchangelabs.com (2a01:111:e400:c610::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.19; Thu, 7 Feb 2019 16:25:19 +0000 Received: from CO1NAM03FT039.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::205) by CY4PR01CA0010.outlook.office365.com (2603:10b6:903:1f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.17 via Frontend Transport; Thu, 7 Feb 2019 16:25:19 +0000 Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=bestguesspass action=none header.from=mit.edu; Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu; Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT039.mail.protection.outlook.com (10.152.81.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.10 via Frontend Transport; Thu, 7 Feb 2019 16:25:18 +0000 Received: from callcc.thunk.org (guestnat-104-133-0-100.corp.google.com [104.133.0.100] (may be forged)) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x17GPGaQ004048 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 7 Feb 2019 11:25:17 -0500 Received: by callcc.thunk.org (Postfix, from userid 15806) id 24DA27A2DD4; Thu, 7 Feb 2019 11:25:11 -0500 (EST) Date: Thu, 7 Feb 2019 11:25:11 -0500 From: "Theodore Y. Ts'o" To: Greg KH CC: Sasha Levin , "Rantala, Tommi T. (Nokia - FI/Espoo)" , "stable@vger.kernel.org" , "keescook@chromium.org" , "linux-kernel@vger.kernel.org" Subject: Re: 4.14 "random: add a config option to trust the CPU's hwrng" Message-ID: <20190207162511.GD7387@mit.edu> Mail-Followup-To: "Theodore Y. Ts'o" , Greg KH , Sasha Levin , "Rantala, Tommi T. (Nokia - FI/Espoo)" , "stable@vger.kernel.org" , "keescook@chromium.org" , "linux-kernel@vger.kernel.org" References: <20190206192613.GB4119@sasha-vm> <20190207112809.GC3120@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20190207112809.GC3120@kroah.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.9.28.11;IPV:CAL;SCL:-1;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10019020)(376002)(136003)(346002)(39860400002)(396003)(2980300002)(189003)(199004)(6916009)(1076003)(50466002)(36756003)(90966002)(33656002)(356004)(75432002)(476003)(103686004)(786003)(305945005)(8936002)(336012)(106002)(23726003)(11346002)(126002)(16586007)(26005)(186003)(316002)(42186006)(246002)(54906003)(2616005)(58126008)(86362001)(76176011)(8676002)(446003)(52956003)(4326008)(229853002)(26826003)(47776003)(478600001)(36906005)(2906002)(6246003)(6266002)(88552002)(486006)(46406003)(97756001)(106466001)(18370500001)(42866002);DIR:OUT;SFP:1102;SCL:1;SRVR:CY1PR01MB2043;H:outgoing.mit.edu;FPR:;SPF:Pass;LANG:en;PTR:outgoing-auth-1.mit.edu;MX:1;A:1; X-Microsoft-Exchange-Diagnostics: 1;CO1NAM03FT039;1:3SKP/B/hZmqZAHGTTyk36CKt3naWYxcYVeXUGzY4aFg+WDtJOdkhIPJ55LOt/kQNKO/TTUEl+BDRxzDJWq4PiXY5zvgrnainPKe91lYccc7Em+QmhoTQyKflxsTBOHqQV6hA1Fe/6s1KJWb07XhegKg7v0l52YSkr08G1aOXaD8= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 27a4cd97-be74-4a21-b072-08d68d18d9cf X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4608076)(4709027)(2017052603328)(7153060);SRVR:CY1PR01MB2043; X-Microsoft-Exchange-Diagnostics: 1;CY1PR01MB2043;3:wuf/8nbgC7kuZL338bH29pbeZF3O8GJ7nCmblBcOkysYznwG+uBNJMzw1lsjlcZxIA81RxETusf5BhKVox7swLKoxsMvIAfaqL7/6KnFQBYZe0rzPraQbwMU4HjDYUvTD3uN48YeLMgw0x53AMiA2ASITzuWOBbtnhSR3cxzW19lFWO1UwPbv5e80W9aCFkTiqLHuWahTdl05mA0UoJOLewvwLsQtD/8mF2LizrGZaM1GMqAtBmIGviYdRfPH9BOT8NcAAz2I29nxt/WSXyOrhqWIb3+rRbNI3BSrYRcRCaOagX96T4MVH2RvxH2BNMhqslPDhtCLgb/Ey/DTJlYQd266NZoK6MJaTpnH6ISzG+Lw9aD3ol7EyxFE6AzQRt+;25:UrMN5lrsKgEGOf0I3fsf3NWpA4+4kDpW3QbYhZf9Ons8QhyV/QYSsdVb9ZgVUWxErQNtcseLc6qj0Myxg9uYqlOvN0LpoUaDxsS++bGJVACyX0lrsoXkFXOlNCGovYe5UD82akQZwBTwJZ+9gjprvmp+h+7FoVnoxgQn8fkU/cjO9n0ZX0U/sSbo8snc3EQ8DlSQkN6dqxwkITLeyheaBmDMN2fncFMGPryBk3aLjCN47dxjPJYjMbxELASl16kxLlBp//9hiEz9QuvAwFSmJ9vDlpNtuxTi6jk5j7Vfo4rDnmFOJGnMOcKKo2thKABuDlPW3hs/wvTwSjrTwleZZA== X-MS-TrafficTypeDiagnostic: CY1PR01MB2043: X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr X-Microsoft-Exchange-Diagnostics: 1;CY1PR01MB2043;31:v+qQfUY61E1gr5TRp1eI0RE19g+GHGqbVi9tpMFL+7ehvUiXOYoDUhQazTUleTGC7oyynWHC5IaHZFArs8slhIVD+DgLJPM45RrT7npUrXmetWlc6OzceNDEoOnhjmVKuFzztkYcqwge+bM6aWCfqpYT6aZKus2dSC4ekyINA+XZ4GzuFCq2tcRGpn02ONLTz+ZPQ0nfDx2doqTEwu153KOgJF8l0hX9aSzsWMjT2Po=;20:1jJSSMAtb+Q8igSUxQvaRXdlkvpwwwZhM09xHXM5cuHsB9sTRpOIMy+m8UXWqts2l89ynL1xwlAWzfBc5M1jMcj44qXf3c75qmq/PZYW06m1kPWKmkMgDCcVQoAiCWkAXSZByAUUNfPy54M3Pf00YPpjL74FDSl4dEBzHgid8dZzOKnlvE5niqiDOq5ani5QhVmkajWFjyWLzQBr/YYLOo/nm/FkY/1S28NvROyiqzN1peB7QZisP6TE4raAkdx5BMXpB/CUHuuemu7UxmtWF0Acwmwh3gu+YOHDn+SxR1f5T4jGHlohO1W0L286q9EGb/aO2TJSJ0QfVMFxTMc554W1ExF/raw5m+HzDGj/x4SqN70HkwGhY9KNmM78zszeGarLeF4U4D/FsNJOD6Z60WQlunrK/hK2t15jUW08oEwDtCVIjAv0QiYFP5qRV7nBHRpF4VWZHEgLU8gO8oMhw97gUkoiWwEn7ICBo+trqOKESRQWpG+AjMok4OAN/2y59jbF1J2roW8uDRvG4Il0ZzeBK8q4beMY4MF3Ca+zs9FLxiNQmFkQIGTwVuqE1qLRtSzouCWFE6qSDGZ92oTa/xu9WlgwdrVfY27hkqgGz6E= X-Microsoft-Antispam-PRVS: X-Microsoft-Exchange-Diagnostics: 1;CY1PR01MB2043;4:xaPyPuWunNsyTkK7BdyHxCeuE/M5reg4l9L0Kzv1dCxFQSAccND4EIl/xhC3T0gBcmHgMV+RqadqgcxzCv6yhmi5fFrxT3zXGleQ7sTU8SpBdCOOBM8cKMiMVo5BXEj6xiviu7EEK/XmGt0HybZV2+MlRn+BWH8VvYF54NGFLnJYYpUMLo6myW/FTnl+0nfoVEvvgjkWF5FSUsWDhhGvlVMfPHCLgHGRdBPwBB/n655HtfFZEWNIrVahNmmJO9EGx9GtiiWOfbuCBr5++VHKt+e3tEpHjverskDVEWGphppo44ZwPwekFVP9VQ5mjJFn X-Forefront-PRVS: 0941B96580 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;CY1PR01MB2043;23:91ERZq1RbAixNQP1Ff8Wu+wRomqBr34KVHhRPj7eA?= =?us-ascii?Q?C7pSQo7PnryC+GaeSKjLaBAITkv3SewTWzBsG01XxlruVJY96Bt2xkPQcbtv?= =?us-ascii?Q?FC9ntte/k2zapdGTTAHp673Lzk3l3IZNpkISMFrzzFygIykynM9m6mCeh8Tl?= =?us-ascii?Q?VIYLeFA2TpYpPld2V53RpyipmnFxWMAlaPFbaZnyRpAkEi3Dud/V0G01ztPx?= =?us-ascii?Q?rYWZzK9CW7TgwZZtFerZodyfjyk7rjx9CJ8PKzZB/CwJyZR20srYlOyqDK2T?= =?us-ascii?Q?BNYzXFcXb8HeEDcEBINaot7gYwz8cmpU8+WI3La6DRIz2iw9I4pI8yAB4ldZ?= =?us-ascii?Q?SGV1F5dYUA5hap5tsW86JK9q71sDfIo+KRL+dOOTW5W8TJlXmHEcGlGMA2rH?= =?us-ascii?Q?sXdofAT9u0kYpLwo52kmxCYx/FzrdH0uMGljdCvbJdF8Aj61ug1ZPK+s0VNr?= =?us-ascii?Q?3ILquF+wwWPSUQyRjj37stnE/cYeaa1Kj/sEYx//t4dZkWWjur+lHQwO0Pkw?= =?us-ascii?Q?6J6FBFToSSOXPhTGxY68vCBs5Eyx2Luh2CXz7Fj2Q7Go1FnDhH71kHEcjHA6?= =?us-ascii?Q?e4CSxdd65wQ74tfEVJTMjpj/YWiA8O1wj+QhnvxZFc2OX9W9KtDUUI+E9q23?= =?us-ascii?Q?FZYsT3ErY4jEpTPBiMUGMf2OtnDrcgAKvZBhS2uBkyCkmlV5Kx1UuXAjzvfo?= =?us-ascii?Q?BOANvbzZnC8TqPkmThR3QiniS1ljQaCXf4WJWBYMBoe1HLS51vL+tblL7GQM?= =?us-ascii?Q?c2L9wFwiiTEbRG0Nuz/N+pVUaQNW4wT0TAGOIGlbjWTpe+ntzOox8w4iftoj?= =?us-ascii?Q?K0YdkcEnEdakn5SbREJgHuxdxyU4M3cGKcHZIXWevdVJv8eA9BQHAlZ+BG12?= =?us-ascii?Q?3ehSOB1uBcq2rvkK6BNHlwGH1JtOuUxObNZKAZ4IKuMiZC+LtFAXcoHo2ZO6?= =?us-ascii?Q?fFqnpqEQGgcXEHO5Hie1JQoOhAO12xh0CgNvAZyxIxO6R4m8M2vdiPDIiybK?= =?us-ascii?Q?+udgLnladrBj8o3H3DElR+a7K40gp9U2lTEz6l9ur0xh0yXYlla5OOmlTfs0?= =?us-ascii?Q?nbiwEE96Tju4zHDlPUP7KduUPzYt2PTvEResC4SHe6fbNpxxPMj6oU9p/Buv?= =?us-ascii?Q?1TB44y5awiPKUXzIXRixm6TWeR7yCawpYNmD/jrcACzRtly8hMrRcKkbcwjy?= =?us-ascii?Q?ZQLaPr4HFck1tgQnm24VZQDPwu2XcX340imYfJeSrcphwrCNexR31QADw=3D?= =?us-ascii?Q?=3D?= X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: HCYQ1WWz/s7cffm0IIZnK0vlgfEhhCsKa27hnFqx/yCMHT7nZ35A0/9rI+x6YowI2SP2GEVe/pXaUPvJLnlZFixP2tctVroNbb4p+bAKtSThSQLDfVwiFpwSRoxQpLawhUppSnBt93bgXsD6bnoNvPr7nD9Y1XR/KoRvKThUsrggBw/s4d7mt6DuN7egIFqiTUG4xwC2Bsdfq/Gls5Thz+2KUHDvS6woCb85x8Ki1yDFLVWoPqvjT+5YuInroLJd/V/x8TRSKqpKLfFyYFuXhV4Qklq3XBxxMAqLcP10tRuuCtRNPhYKJkFWkhgfnRpZpgBNsaK//lvDqx1U50bViU9mpzOgiSngsToMVAxbcQOiJcf0dQQyDDK3oxk8DthfPukqACq2cQwSZUbibLDeLTCinclDHud3R/EXN3FE+DM= X-Microsoft-Exchange-Diagnostics: 1;CY1PR01MB2043;6:mmKoZYpJC22nXKtk96aoJGjTnFN+uTHeXHUpbLFkxvGXDJcsZL7kdOYnci3VC7+yzL8Z36On55Mo0+RGZS67Qy23NcHYjNtIaukzEvgcqO0izBxQtYzrLB7ELGLaXb/UCnQ8rCZfjfWThA9h509g6gfg/+04QuoPQpHgp+3w+8H4zA7YY1qvUOvu9szkeXV6MgSoLdziPK/Wtrs1dc5VYL71u1pm3F0XOPMu9sdggGoWtyXRxfHdQBAb+OYtSbHY6ccRM0nLs3ukQeoifQA0DmhNrkoAt4YhilmT05TxUdGJutYQjVyGHKfLJHutF4I3FLX5NBLMwNkY250YXDZ3LVKsYx9CfCszIi/f4s/QXY2U6FQQzG0ZwGg7PjF+KBTom4FGt/vU7+4p6AgV/m0/LEp7iVGUJF2u0ERd5RmfXw8m2nh6x7Kihnkj2viVw5LzmMf9qKgpEFT8W56dO2Trnw==;5:sOUeJtU6mfHI7/GFuD464dTVEW/iPS6rDtcLuUQyOHXUUofLmZH5tEpk1EokD7lvQP+vBCr7i+E87nS/t3POJuenobqhMNi3cXQQOoCw1pA0FyUKqq1iQVYUGiPgpChwrWSyvJlv5LvazNK6Pa3EOo397mv+O+DprLO+lB9vba4r+K7c60hreUsAuvyOD+aaLnrD4bl1UCjk6S06+D56yQ==;7:lO8uHIr8DvDX5+rT/479iP61cY6DQugxxiZ3CntXFfj7rQJBGX8z6ab79YcnoUqul2gqInLApqPGMlZZmhzZNBqK62G5bvbBy9mU+PW2DnFfO9xTPQs+aKwmIpcmjGLasw+cnaxf3fvULVvbUwKOQA== X-OriginatorOrg: mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2019 16:25:18.7538 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 27a4cd97-be74-4a21-b072-08d68d18d9cf X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b;Ip=[18.9.28.11];Helo=[outgoing.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR01MB2043 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 07, 2019 at 12:28:09PM +0100, Greg KH wrote: > > > These are very useful in fixing esp. first-bootup delays of VMs due to > > > entropy starvation. > > > > > > > > > commit 39a8883a2b989d1d21bd8dd99f5557f0c5e89694 > > > Author: Theodore Ts'o > > > Date: Tue Jul 17 18:24:27 2018 -0400 > > > > > > random: add a config option to trust the CPU's hwrng > > > > > > commit 9b25436662d5fb4c66eb527ead53cab15f596ee0 > > > Author: Kees Cook > > > Date: Mon Aug 27 14:51:54 2018 -0700 > > > > > > random: make CPU trust a boot parameter > > > > This really looks like a new feature to me. The "old" behaviour of not > > trusting RDRAND-like randomness was by-design rather than an oversight. > > I agree with Sasha, this looks like a new feature. If you really want > this new functionality, just use 4.19 or newer, right? This is a borderline case in my opinion. The argument for why this should perhaps be backported is the patches to address CVE-2018-1108, which were backported to stable kernels, cause kernel boots to hang. So to the extent that a newer stable kernel would cause operational problems for consumers of the stable kernels, they would pretty naturally view it as a regression. Whether or not this should justify an exception is a policy question that I'll leave to the stable kernel maintainers. The downside is that some consumers might elect to stay on an older stable kernel since it would work for them, and newer stable kernels would not work. Whether this is outweighed by prodding stable kernels users to new newer kernels is an interesting question. - Ted