Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp6554840ybn; Sun, 29 Sep 2019 23:13:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqyK1qMEWNUqdt6lqsheNM4joOyB4XQT5FnHyHMz+5bBjgr2kHzLyXc4Ag5wV4puGI2qQ/jI X-Received: by 2002:a50:8933:: with SMTP id e48mr17603197ede.51.1569824025389; Sun, 29 Sep 2019 23:13:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569824025; cv=none; d=google.com; s=arc-20160816; b=u/1GGxDf5/iG9gaTd+84V5r98RiwPj/EiOhwSC+O+F9pcZ6lWrwQ4eMHXQVNfQa5XJ ljrBzW+KwhhYZ6gZR9G5W8cLaU8lBEtOqBJ63kgRKifT/nbjaetKVmBNbx6oq7IHMRqM vKLQ4U84YhA5t88yuGj71TqFr6hLKjNMxOrn5zMysZcrlXd3PU2X9QDfBekoDnkHmtnL 4iIhaRVS2fmgYCItATSpxrE/e7GWRQ5RNs+jbOuD0da4CmbcAk6Lizb6pGw+lSiZcGbW 5/ytEtvR5+dptNfaslp4Q4/2td+vluGofzvJuT+fnu4JrvB+cfqMw7DlLHOrMnTyOp9/ h+2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=eWiTm3QIKvFb+exZ5gCuoF0D6Nbfykl9B0HLndIZs+A=; b=KPe6WZtPCcYMO3O2YEG/4iaEF4WiHOIXtLJS//krQ9ji6yLgPTaLWNt1yjxKpELHfB ETdoEfeexn3q5n3EqbmdqP5+ivKXEqaK4EIyypv+5xD7I7rC9SiJFqGJbGgmPXmrcsEG xza3SoyPFFYI8CnuAD+r/pvluzxrTypmkIBExY2YzIxXK56TDVPpV0TIPPF3TRgWQGmK wLDFGiEgI7BKonS0Tr30d214UKxeBadvXrir4CpkWqit+6PsKWovXSKLA8xKINHQYepE IYsWAGR5Wl21pnXgOOzS9h/bmnQiAdkTeete4+dV9nayPk3p1FlJ3d4jNcdeoYfoIGES QmYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Rt4Ua2Jx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x62si6569029ede.352.2019.09.29.23.13.20; Sun, 29 Sep 2019 23:13:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Rt4Ua2Jx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729536AbfI3GKV (ORCPT + 99 others); Mon, 30 Sep 2019 02:10:21 -0400 Received: from mail.skyhub.de ([5.9.137.197]:37266 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725767AbfI3GKV (ORCPT ); Mon, 30 Sep 2019 02:10:21 -0400 Received: from zn.tnic (p200300EC2F058B001D5F1DA44E6EEA2E.dip0.t-ipconnect.de [IPv6:2003:ec:2f05:8b00:1d5f:1da4:4e6e:ea2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id AA6A81EC014A; Mon, 30 Sep 2019 08:10:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1569823815; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=eWiTm3QIKvFb+exZ5gCuoF0D6Nbfykl9B0HLndIZs+A=; b=Rt4Ua2JxnLnjWZL+Di9JvAMCdTnLx1LFfrFRXk1UHsegLDEfqrGHTBRfQliuIXsGG8557Z 8SK65pH25+7bOKkivw46Vm0h9Aq4wMmEaGH8H6Zr2AYAbxybNT0PRU6d/u/fAcv9BeiLG4 xTUhz1lvV+DZoPM3JyYQ1dHvmkAunjw= Date: Mon, 30 Sep 2019 08:10:15 +0200 From: Borislav Petkov To: Linus Torvalds Cc: Thomas Gleixner , "Ahmed S. Darwish" , LKML , Theodore Ts'o , Nicholas Mc Guire , the arch/x86 maintainers , Andy Lutomirski , Kees Cook Subject: Re: x86/random: Speculation to the rescue Message-ID: <20190930061014.GC29694@zn.tnic> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 29, 2019 at 07:59:19PM -0700, Linus Torvalds wrote: > All my smoke testing looked fine - I disabled trusting the CPU, I > increased the required entropy a lot, and to actually trigger the > lockup issue without the broken user space, I made /dev/urandom do > that "wait for entropy" thing too. Hohum, seems to get rid of the longish delay during boot on my test boxes here: $ grep random /var/log/messages <--- that's before Sep 30 07:46:07 cz vmunix: [ 0.000000] random: get_random_bytes called from start_kernel+0x304/0x4ac with crng_init=0 Sep 30 07:46:07 cz vmunix: [ 1.505641] random: fast init done Sep 30 07:46:07 cz vmunix: [ 7.124808] random: dd: uninitialized urandom read (512 bytes read) Sep 30 07:46:07 cz vmunix: [ 8.507672] random: dbus-daemon: uninitialized urandom read (12 bytes read) Sep 30 07:46:07 cz vmunix: [ 8.518621] random: dbus-daemon: uninitialized urandom read (12 bytes read) Sep 30 07:46:07 cz vmunix: [ 8.565073] random: avahi-daemon: uninitialized urandom read (4 bytes read) Sep 30 07:46:21 cz vmunix: [ 23.092795] random: crng init done Sep 30 07:46:21 cz vmunix: [ 23.096419] random: 3 urandom warning(s) missed due to ratelimiting <--- that's after and we're 15 secs faster: Sep 30 07:47:53 cz vmunix: [ 0.329599] random: get_random_bytes called from start_kernel+0x304/0x4ac with crng_init=0 Sep 30 07:47:53 cz vmunix: [ 1.949216] random: fast init done Sep 30 07:47:53 cz vmunix: [ 4.806132] random: dd: uninitialized urandom read (512 bytes read) Sep 30 07:47:53 cz vmunix: [ 5.954547] random: dbus-daemon: uninitialized urandom read (12 bytes read) Sep 30 07:47:53 cz vmunix: [ 5.965483] random: dbus-daemon: uninitialized urandom read (12 bytes read) Sep 30 07:47:53 cz vmunix: [ 6.014102] random: avahi-daemon: uninitialized urandom read (4 bytes read) Sep 30 07:47:55 cz vmunix: [ 8.238514] random: crng init done Sep 30 07:47:55 cz vmunix: [ 8.240205] random: 3 urandom warning(s) missed due to ratelimiting Seeing how those uninitialized urandom read warns still happen, I added a dump_stack() to see when we do wait for the random bytes first and I got this: [ 5.522348] random: dbus-daemon: uninitialized urandom read (12 bytes read) [ 5.532008] random: dbus-daemon: uninitialized urandom read (12 bytes read) [ 5.579922] random: avahi-daemon: uninitialized urandom read (4 bytes read) [ 5.751790] elogind-daemon[1730]: New seat seat0. [ 5.756376] elogind-daemon[1730]: Watching system buttons on /dev/input/event6 (Power Button) [ 5.777381] elogind-daemon[1730]: Watching system buttons on /dev/input/event3 (Power Button) [ 5.781485] elogind-daemon[1730]: Watching system buttons on /dev/input/event5 (Lid Switch) [ 5.783547] elogind-daemon[1730]: Watching system buttons on /dev/input/event4 (Sleep Button) [ 5.885300] elogind-daemon[1730]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard) [ 5.911602] CPU: 2 PID: 1798 Comm: sshd Not tainted 5.3.0+ #1 [ 5.914672] Hardware name: HP HP EliteBook 745 G3/807E, BIOS N73 Ver. 01.39 04/16/2019 [ 5.917774] Call Trace: [ 5.920905] dump_stack+0x46/0x60 [ 5.924044] wait_for_random_bytes.part.32+0x21/0x163 [ 5.927256] ? handle_mm_fault+0x50/0xc0 [ 5.930425] ? _raw_spin_unlock_irq+0x17/0x40 [ 5.933604] ? __do_page_fault+0x225/0x500 [ 5.936763] __x64_sys_getrandom+0x70/0xb0 [ 5.939902] do_syscall_64+0x4c/0x180 [ 5.943003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 5.946152] RIP: 0033:0x7f4417f4d495 [ 5.949225] Code: 74 4c 8d 0c 37 41 ba 3e 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 4d 39 c8 73 27 4c 89 ce 31 d2 4c 89 c7 44 89 d0 4c 29 c6 0f 05 <48> 3d 00 f0 ff ff 77 2b 48 85 c0 78 0e 74 3c 49 01 c0 4d 39 c8 72 [ 5.952902] RSP: 002b:00007ffc69e6e328 EFLAGS: 00000202 ORIG_RAX: 000000000000013e [ 5.956227] RAX: ffffffffffffffda RBX: 0000000000000020 RCX: 00007f4417f4d495 [ 5.959530] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000559262c74780 [ 5.962820] RBP: 0000559262c708b0 R08: 0000559262c74780 R09: 0000559262c747a0 [ 5.966104] R10: 000000000000013e R11: 0000000000000202 R12: 00007ffc69e6e470 [ 5.969373] R13: 0000000000000002 R14: 00007f4417f4d460 R15: 000000007fffffff [ 7.852837] random: crng init done [ 7.854637] random: 3 urandom warning(s) missed due to ratelimiting [ 17.767786] elogind-daemon[1730]: New session c1 of user root. so sshd does getrandom(2) while those other userspace things don't. Oh well. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette