From: Lee Duncan Subject: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use Date: Fri, 16 Jun 2017 20:45:57 -0700 Message-ID: <02d60ed4-4207-dd7d-8826-0f9f7f4e966d@suse.com> References: <20170606174804.31124-1-Jason@zx2c4.com> <20170606174804.31124-7-Jason@zx2c4.com> <20170608024357.fhyyentj2qm7ti2q@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Theodore Ts'o , Linux Crypto Mailing List , LKML , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , David Miller , Eric Biggers , "Nicholas A. Bellinger" , Chris Leech , open-iscsi@googlegroups.com To: "Jason A. Donenfeld" Return-path: In-Reply-To: Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On 06/16/2017 05:41 PM, Jason A. Donenfeld wrote: > Hi Lee, > > On Fri, Jun 16, 2017 at 11:58 PM, Lee Duncan wrote: >> It seems like what you are doing is basically "good", i.e. if there is >> not enough random data, don't use it. But what happens in that case? The >> authentication fails? How does the user know to wait and try again? > > The process just remains in interruptible (kill-able) sleep until > there is enough entropy, so the process doesn't need to do anything. > If the waiting is interrupted by a signal, it returns -ESYSRESTART, > which follows the usual semantics of restartable syscalls. > > Jason > In your testing, how long might a process have to wait? Are we talking seconds? Longer? What about timeouts? Sorry, but your changing something that isn't exactly broken, so I just want to be sure we're not introducing some regression, like clients can't connect the first 5 minutes are a reboot. -- Lee Duncan