Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5812528ybe; Tue, 17 Sep 2019 14:04:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqzqcj11DsLp34mum+pwToemHMuq2S7JUDaZpBuI/bP/Q9BZs1Drl/21fXQOXIXyK6nKDz4g X-Received: by 2002:a17:906:44b:: with SMTP id e11mr6663953eja.26.1568754252510; Tue, 17 Sep 2019 14:04:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568754252; cv=none; d=google.com; s=arc-20160816; b=wEOcQE9IuJOKVITqvjX70ZdP9NzWMHBnZiXsngypZcd58cpNTLDObCtLP+H4IiuSei iG+P80jkm7eNelgLiwqC8EPOc40/w7xDrO6OqUaF0e5XUh8slzo+laChCSHDOzkRZQzW k8JFqeIpjn+x8Q/X7N97evW6bDwaeiOl9PjGEoB5Ro8i1i1NRDddImQghbR3IOr6PyF6 QmULJHeFARtUP2WOry/nxprzY1XjFIrR157WOrDoBhZ/NQ/B+Zmp7O92yPemWQP/xvnq RN0dvJqQpHe0YgdBFEIHVU0oPmY3Lw6fAPWwPaZr2GvwU18WT7lC6OlhO1OYmbe6v0bj FoVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=OHrObK8b+yTwXUpTknBWom0+qFXiK3R3tZjZ4MRZwFw=; b=GpPrxaZPOmMU73Rlk1+roTDtWLZm0a2JIEWXbGSwZF0sbWDZullKzgPYR3QKL+aiok u4vabqD677Hp1aUHyC4UGFishjeVvSx+BV+qfTTxyLU8GYbkFVpaXNODiDe6CSA4kK5w /H5Fa22IQGEikvXnZL54HPSRFArdLPvxVeqypd66vMW/fOFehCpUUYV6sl99NqA7bbeI C21DuFuzdsU5hdZM2JdTAN/m2SEHLzauhV8XVT+zSw8PYAWUgks+B+SvPoQWvmimWWKD aDb6HrHNwsUFXcUC0wCif2xMb36IsYnAkoFDF8jGnIfs8jCZkfEGxzN68w0OKhV1S0It AhVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=ZGDVy1dU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h26si2034115edb.141.2019.09.17.14.03.48; Tue, 17 Sep 2019 14:04:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=ZGDVy1dU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726668AbfIQU7H (ORCPT + 99 others); Tue, 17 Sep 2019 16:59:07 -0400 Received: from mail-lj1-f196.google.com ([209.85.208.196]:45746 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726134AbfIQU7H (ORCPT ); Tue, 17 Sep 2019 16:59:07 -0400 Received: by mail-lj1-f196.google.com with SMTP id q64so4968468ljb.12 for ; Tue, 17 Sep 2019 13:59:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OHrObK8b+yTwXUpTknBWom0+qFXiK3R3tZjZ4MRZwFw=; b=ZGDVy1dUaQtKpgdgdOVfn2ocAdPPX/vdWupn5Tq0b6mOU1+upk6uZJtQVBC20v7jGw CbIdJYnxxcQqMf9qM5m5SL0B1Rfxv9frW2ay/IyXYPuQIqy8qt8R3bYEpGAA/jNcpOUh Rvj5TZaXMBPqI1vJva1Ju07IwTuegIJmAAbNs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OHrObK8b+yTwXUpTknBWom0+qFXiK3R3tZjZ4MRZwFw=; b=M74vWTUOnLpg+JM4qtQHng8B1ckDrb6Us6edjrDCYUpz7CS8ZuL1kMy110Euqfe8Qs FIsNnpSfgIOIAhsInd6Xhvr7MvQj74YCk0ZNT7dGAKzhihNFL9een1znpezVp0UsCUfS C15jqsl2m9Cgo0vhy2lu4Y4njb8B0hva2pBmgEBpgahDJJz9oEwovaxSs3tPVwSKN8ec sNKagt8qtGUchxXE7lB3+MHI7gSjRABff/WPXe8++2moR45v+v+z/LxuVSHSTtSUgEp+ Kna2c1q9yTZVLyca69fXS1ZY3fmzWqKZWlr+FEF4sUMoD/xAAxUTbwZS2uGOHmdrhejY Kkww== X-Gm-Message-State: APjAAAV2wNGN3VrLLsIyeCPIsxmLMk4fS801fBOn44ttY8b1p1OseMX0 ksKEebS38kT2LWERVSF1Gz6QhAW0y1I= X-Received: by 2002:a2e:96cc:: with SMTP id d12mr202256ljj.30.1568753945247; Tue, 17 Sep 2019 13:59:05 -0700 (PDT) Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com. [209.85.208.177]) by smtp.gmail.com with ESMTPSA id o13sm207874lji.31.2019.09.17.13.59.01 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Sep 2019 13:59:02 -0700 (PDT) Received: by mail-lj1-f177.google.com with SMTP id e17so4942009ljf.13 for ; Tue, 17 Sep 2019 13:59:01 -0700 (PDT) X-Received: by 2002:a2e:9854:: with SMTP id e20mr203592ljj.72.1568753941203; Tue, 17 Sep 2019 13:59:01 -0700 (PDT) MIME-Version: 1.0 References: <20190917052438.GA26923@1wt.eu> <2508489.jOnZlRuxVn@merkaba> <20190917121156.GC6762@mit.edu> <20190917123015.sirlkvy335crozmj@debian-stretch-darwi.lab.linutronix.de> <20190917160844.GC31567@gardel-login> <20190917174219.GD31798@gardel-login> In-Reply-To: From: Linus Torvalds Date: Tue, 17 Sep 2019 13:58:45 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Linux 5.3-rc8 To: Lennart Poettering Cc: "Ahmed S. Darwish" , "Theodore Y. Ts'o" , Willy Tarreau , Matthew Garrett , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Side note, and entirely unrelated to this particular problem, but _because_ I was looking at the entropy init and sources of randomness we have, I notice that we still don't use the ToD clock as a source. There's not a whole lot of bits there, but at least one of the attacks against entirely missing boot-time randomness was to look at the output of get_random_bytes(), and just compare it across machines. We sanitize things by going through a cryptographic hash function, but that helps hide the internal entropy buffers from direct viewing, but it still leaves the "are those internal entropy buffers the _same_ across machines" for the nasty embedded hardware case with identical hardware. Of course, some of those machines didn't even have a a time-of-day clock either. But the fact that some didn't doesn't mean we shouldn't take it into account. So adding a "add_device_randomness()" to do_settimeofday64() (which catches them all) wouldn't be a bad idea. Not perhaps "entropy", but helping against detecting the case of basically very limited entropy at all at early boot. I'm pretty sure we discussed that case when we did those things originally, but I don't actually see us doing it anywhere right now. So we definitely have some sources of differences for different systems that we could/should use, even if we might not be able to really account them as "entropy". The whole "people generated a number of the same keys" is just horrendously bad, even if they were to use /dev/urandom that doesn't have any strict entropy guarantees. Linus