Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1452168pxb; Sat, 23 Apr 2022 07:05:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzLawe4714LDY0t/IHHNdKpicCvQYVLNHpBSbUp1O6hb73s8EzlvcMoOgph95IF7xMH/oTb X-Received: by 2002:a17:90b:4b89:b0:1c7:d452:4bc1 with SMTP id lr9-20020a17090b4b8900b001c7d4524bc1mr11082653pjb.134.1650722737131; Sat, 23 Apr 2022 07:05:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650722737; cv=none; d=google.com; s=arc-20160816; b=V2aA+eDiQ3plSFLq+2UVRN1QDOGk4XW86Q1GbRU+Dj35FvmXNP7gHce+Fa3iOgL98T iA+70R3q7OV4VN5WJyWfzIRG45K3QBMT54KSjwV/6TiCOsVr0qovE08vQozGL3aEfQ0Z j6KKGPfeCOHMK1Fu18QdWv8G4OGM2IfyDyQSNV1nG7vOHtjZvB2faJMtuESlx7Bjo6Qg +6q1pNUDByZD+6D6uICJB1ley5tZ1wR3vuQrsFo0U1/4SovIMwIldtfXUwmudL1mtbdl 0mgOKYScHRtP97rr7HhOzz1CtOpTSJKpZDny+WzSYCF8LJEHKrwe5L/55yeTdLWAxNnv jrBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=9R0Eg/CRNtKLpWzpMCYm6Btgzdkg1gctUTsNegEGWlM=; b=mnfKfYaFfa8QKN/QxM1c4J8TeOHoMeIqL4oHHJmm+TSvX+LT+mZZ6eMNWXTTuNZLDZ 46bgQfK4XPUCw8euLAlzvbKO3KMqT/C5nEB0iDEHRrXKKGsjpCafyzRaaZIy2RQDAdYN ucrHUwgTkMHC3nJ+s32w4VxbnPFHzrVft9yAMBGOa/U9vDk8cSWdi5b+4IGaKLR3MiQa iv1jPIZe7jXyWgqux+KbZ+3Rm06WATq4yoaU/0UDxA81MmXOQ7CnNnsGv6rGFfCTV3ZQ MYL8didBWhXsSACzeKA4XtTLsdcdc1kRmgHiNqRg5wedSKpCSYx34xyS9HsMVAwXNuBq fUFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Wr8k4l38; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h5-20020a056a00218500b004fa3a8e0084si11712619pfi.315.2022.04.23.07.05.03; Sat, 23 Apr 2022 07:05:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Wr8k4l38; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233993AbiDWN7f (ORCPT + 99 others); Sat, 23 Apr 2022 09:59:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232696AbiDWN7c (ORCPT ); Sat, 23 Apr 2022 09:59:32 -0400 Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 442A8EA9; Sat, 23 Apr 2022 06:56:34 -0700 (PDT) Received: by mail-oi1-x22a.google.com with SMTP id v65so7407161oig.10; Sat, 23 Apr 2022 06:56:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=9R0Eg/CRNtKLpWzpMCYm6Btgzdkg1gctUTsNegEGWlM=; b=Wr8k4l382g+3NU7GdO4bZQhLS3tkaq1xWN4EwUxxIC2X32IoWloyzSF3bdOwXZq+yj iNswazFUaRowyji9sL/LuelCUvvtzXUpvqFq+6vfUYpu334rdp0GfptWrDAw1zR4rb/L zPXKQITLjC5OIdeSujAJ6P08/UmUY5LWbho81OWNsZimhmx8U12cW3ACEXwW1NO/Pn1Q Kth1QGm/58HjB9TeLpsQToaeemTn1dURh0BZBxi0KUWq7hNccVVwdLyU3V6veR5JpqZ0 /0k1EURXc/NB7aUkZLQYt9Zd08y4Bzqo75FwNisafvkLPlELIoVCTZ6iDlgCROcD0reW nmzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=9R0Eg/CRNtKLpWzpMCYm6Btgzdkg1gctUTsNegEGWlM=; b=SHhwMQTn+H7ExRfqEUFx8tR/ZP2jkm7rWgIUA+FR0qwiroCKINNL6Sd/BVTQHMYpMJ DxaQ3xsQy+DN6jHjBmaqDx0+uR86FD8USne5pBbb/pk/b4GgCPl5hIzabKbFzOj5kzi1 NaVCbGrGitOi8DxOa60hUwo0rX9qp24IzSKPEWF3HhWQnPNSguIx/5VfGlZXx3wiWh/N 4cnKCOHqdx+TEhvcmlzCGc9L9aPeYYGTN6Y6M4XVW8A+Eylc+kXKBAo1C32TUDg8im2B wD3adgyZZhs1BQxKYafBWxMy4iRmmvU32xwIczF9t9XNFqv3/Z2N3QYzz/rQa2WP5el/ SMeA== X-Gm-Message-State: AOAM531W72W5VFH3XD7G5reBqVICr3NcnsVLE3GjMswadayO1Et/Hzo1 5ve5eFZNf8Zoa+xIyThSMJk= X-Received: by 2002:a05:6808:1992:b0:322:ca0b:cce3 with SMTP id bj18-20020a056808199200b00322ca0bcce3mr4410515oib.168.1650722193655; Sat, 23 Apr 2022 06:56:33 -0700 (PDT) Received: from server.roeck-us.net ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id 1-20020a05687011c100b000de98359b43sm1631885oav.1.2022.04.23.06.56.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 23 Apr 2022 06:56:33 -0700 (PDT) Sender: Guenter Roeck Date: Sat, 23 Apr 2022 06:56:31 -0700 From: Guenter Roeck To: "Jason A. Donenfeld" Cc: LKML , Linux Crypto Mailing List , linux-arch , Dinh Nguyen , Nick Hu , Max Filippov , Palmer Dabbelt , "David S . Miller" , Yoshinori Sato , Michal Simek , Borislav Petkov , Guo Ren , Geert Uytterhoeven , Joshua Kinard , David Laight , Dominik Brodowski , Eric Biggers , Ard Biesheuvel , Arnd Bergmann , Thomas Gleixner , Andy Lutomirski , Kees Cook , Lennart Poettering , Konstantin Ryabitsev , Linus Torvalds , Greg Kroah-Hartman , Theodore Ts'o Subject: Re: [PATCH v1] random: block in /dev/urandom Message-ID: <20220423135631.GB3958174@roeck-us.net> References: <20220217162848.303601-1-Jason@zx2c4.com> <20220322155820.GA1745955@roeck-us.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Apr 22, 2022 at 03:42:46PM +0200, Jason A. Donenfeld wrote: > Hey Guenter, > > On Tue, Mar 22, 2022 at 6:56 PM Guenter Roeck wrote: > > > > On 3/22/22 10:09, Jason A. Donenfeld wrote: > > > Hey Guenter, > > > > > > On Tue, Mar 22, 2022 at 08:58:20AM -0700, Guenter Roeck wrote: > > >> On Thu, Feb 17, 2022 at 05:28:48PM +0100, Jason A. Donenfeld wrote: > > >>> This topic has come up countless times, and usually doesn't go anywhere. > > >>> This time I thought I'd bring it up with a slightly narrower focus, > > >>> updated for some developments over the last three years: we finally can > > >>> make /dev/urandom always secure, in light of the fact that our RNG is > > >>> now always seeded. > > >>> > > >> > > >> [ ... ] > > >> > > >> This patch (or a later version of it) made it into mainline and causes a > > >> large number of qemu boot test failures for various architectures (arm, > > >> m68k, microblaze, sparc32, xtensa are the ones I observed). Common > > >> denominator is that boot hangs at "Saving random seed:". A sample bisect > > >> log is attached. Reverting this patch fixes the problem. > > > > > > As Linus said, it was worth a try, but I guess it just didn't work. For > > > my own curiosity, though, do you have a link to those QEMU VMs you could > > > share? I'd sort of like to poke around, and if we do ever reattempt this > > > sometime down the road, it seems like understanding everything about why > > > the previous time failed might be a good idea. > > > > > > > Everything - including the various root file systems - is at > > git@github.com:groeck/linux-build-test.git. Look into rootfs/ for the > > various boot tests. I'll be happy to provide some qemu command lines > > if needed. > > I've been playing with a few things, and I'm wondering how close I am > to making this problem go away. I just made this branch: > https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/log/?h=jd/for-guenter > > Any interest in setting your tests on that and seeing if it still > breaks? Or, perhaps better, do you have a single script that runs all Looks like your code is already in -next; I see the same failures in your tree and there. openrisc generates a warning backtrace. WARNING: CPU: 0 PID: 0 at drivers/char/random.c:1006 rand_initialize+0x148/0x174 Missing cycle counter and fallback timer; RNG entropy collection will consequently suffer. parisc crashes. [ 0.000000] Kernel Fault: Code=15 (Data TLB miss fault) at addr 00000000 [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0-rc3-32bit+ #1 [ 0.000000] [ 0.000000] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [ 0.000000] PSW: 00000000000001001011111100001110 Not tainted [ 0.000000] r00-03 0004bf0e 10f2c978 10773aa0 10e74300 [ 0.000000] r04-07 00000004 10e74208 10e869d0 10e83978 [ 0.000000] r08-11 f0023b90 f0023390 0004000e 10104f68 [ 0.000000] r12-15 00000002 00000000 00000008 fffffff9 [ 0.000000] r16-19 00000028 00080000 00000000 10dc6364 [ 0.000000] r20-23 10dc6364 00000000 00000000 fefefeff [ 0.000000] r24-27 00000000 00000004 00000000 10dc6178 [ 0.000000] r28-31 0073a08d 80000000 10e74340 00000000 [ 0.000000] sr00-03 00000000 00000000 00000000 00000000 [ 0.000000] sr04-07 00000000 00000000 00000000 00000000 [ 0.000000] [ 0.000000] IASQ: 00000000 00000000 IAOQ: 1024d09c 1024d0a0 [ 0.000000] IIR: 0f401096 ISR: 00000000 IOR: 00000000 [ 0.000000] CPU: 0 CR30: 10e869d0 CR31: 00000000 [ 0.000000] ORIG_R28: 10e83ce8 [ 0.000000] IAOQ[0]: random_get_entropy_fallback+0x18/0x38 [ 0.000000] IAOQ[1]: random_get_entropy_fallback+0x1c/0x38 [ 0.000000] RP(r2): add_device_randomness+0x30/0xc8 [ 0.000000] Backtrace: [ 0.000000] [<10773aa0>] add_device_randomness+0x30/0xc8 [ 0.000000] [<10108734>] collect_boot_cpu_data+0x44/0x270 [ 0.000000] [<10104f28>] setup_arch+0x98/0xd4 [ 0.000000] [<10100a90>] start_kernel+0x8c/0x6d0 s390 crashes silently, no crash log. Hope that helps, Guenter