Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2896425ybl; Sun, 26 Jan 2020 13:27:39 -0800 (PST) X-Google-Smtp-Source: APXvYqzShK9ebyT0Kk1qxt+8LDB+k0oIi8KvJYfvK9LMHysmvuTr1DL8Lc2dw6y581vkzBG/8YpL X-Received: by 2002:aca:72d0:: with SMTP id p199mr5986389oic.40.1580074059553; Sun, 26 Jan 2020 13:27:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580074059; cv=none; d=google.com; s=arc-20160816; b=uHvOwgq8LRVzgf+wSNAwe+HJOUNSWcsDNEhKMaudZw+bxqrWL+RRP4ODXC9H3bUMJb 26KvKJBBKh2qz59oEHqNHHWaagp5tPQEHWAJ30vENY4cqnVLzPhkQ6xkUsAXwIxNFTae CB6ckONVJjGZpnFl774MZ1Y4TRvIGkqFigWuoJX13o6Y3JdeTNbmdIgctCNYcRHbH8N4 hSdJhwBCCRghSa0SaIsp+IW+zCJS7OT02JF+JT71LzioyaTYx/jDG6X4byamKD/a9yV8 boYtAZLnBGLrm2XIryzEw489O/at9Q4upjncjn5YEcXZxaj5QrO2uvearEy+BZnwSY0t v/zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=2jw5pIZVv80PtH8khLiQZN3sPw4ejjFcEboqm7R/oHs=; b=mSIwuEJWOhIhDH9ruh7VNbNZ8ThZp+cuxSZm9xLNsHvtH3Q+Wy/mX9HL1IzDfthLTr hXfaShTjuGhLcf4DtcfPKfmHdxl/jiIQSCEl2VkRI1HQ1Fu5PsBPsHHK+xo0TIDLS0pJ B4kyGtv0Up+q+40paLVF19KG6TKlhkixy25DWk3hfI3tqh0KJmZLHuXm5Pui1EFQ3GQs Wp75YRz3Y5maa00fqbTNM2AMkX4Cu0rlO8YmecZSyhlBppEtp6mYNtgYUzaRmqCe4iWY FYJAYoicqyoFz1uEzju4Jdt8VZNNwjZ+MniRfHB+OwlltWwZwv+9leLo76Q6wda6m5Fz VElg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g17si6314947otk.252.2020.01.26.13.27.27; Sun, 26 Jan 2020 13:27:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726695AbgAZV02 (ORCPT + 99 others); Sun, 26 Jan 2020 16:26:28 -0500 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:60797 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726144AbgAZV02 (ORCPT ); Sun, 26 Jan 2020 16:26:28 -0500 Received: from callcc.thunk.org (rrcs-67-53-201-206.west.biz.rr.com [67.53.201.206]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 00QLQKr6014139 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 26 Jan 2020 16:26:23 -0500 Received: by callcc.thunk.org (Postfix, from userid 15806) id E98FE420324; Sun, 26 Jan 2020 16:26:19 -0500 (EST) Date: Sun, 26 Jan 2020 16:26:19 -0500 From: "Theodore Y. Ts'o" To: Toralf =?iso-8859-1?Q?F=F6rster?= Cc: Linux Kernel Subject: Re: delayed "random: get_random_bytes" line in dmesg Message-ID: <20200126212619.GA13716@mit.edu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jan 26, 2020 at 03:41:24PM +0100, Toralf F?rster wrote: > I do wonder a little bit about the timestamp of the "random: get_random_bytes" near the end b/c it is way delayed, or? The get_random_bytes call in setup_net is used to initialize value returned by net_hash_mix() for the root net namespace. So if that's not super random, an attacker might be able to use that to leverage kernel level attacks. It's at least not being used for a cryptographic purpose, though. > Linux mr-fox 5.4.15 #6 SMP Sun Jan 26 10:07:17 CET 2020 x86_64 Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz GenuineIntel GNU/Linux The E5-1650 is a (roughly) eight year old chip with the Sandy Bridge architecture, and that was the last architecture _not_ to support RDRAND. - Ted