Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp2750533rdb;
        Mon, 4 Dec 2023 06:40:23 -0800 (PST)
X-Google-Smtp-Source: AGHT+IH6xKsE8PCbkbgME7hWWgM+KlxN+xZzCASZFglV52guUMCYQEAV/OZ7qT6Vy5IBSGVRIz0g
X-Received: by 2002:a05:6102:48b:b0:464:77f2:557 with SMTP id n11-20020a056102048b00b0046477f20557mr1815958vsa.41.1701700823638;
        Mon, 04 Dec 2023 06:40:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701700823; cv=none;
        d=google.com; s=arc-20160816;
        b=fPYfc9hqMlIEBmGzrpKoEBqtpPuY0HdnbDRqh5N0kgCSOqdqOznNvDkZxhiapKC8BA
         fQpXbk4gQUSIXRLQx0tEeb2Q2JD2iNaFdrr4Z7VzAmOwFC1fCfTM5hELel1LZBiJK/TQ
         ODq1pt/9ZLmyOnEkcnW5jzpwc1Fe67Kg0+D/9/YvOJtcL7nj05XM8m5dFm9a4XeSMBwG
         RtvE8cD7meCY9kJ+rcBzGTjcOtKI+wQTNihx9g+zSHA68nJ6+JnQwf8cPHqePRRUz66D
         GoScsy6qFwBBY4sAjgeeADBjrzhTCpsdAHXREL++ymPji0r5BEM6z+zZM4doXMhxi2HW
         CeiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id;
        bh=+OfY6Vcw4t+asqNBtq8hg7+MOiLJkUvcIzq817EtTGE=;
        fh=7t4Ytrx7wNSMbJYETnfvLUqJfQxr+uF9Hey32Iitt34=;
        b=YGctC5eLJyGwURpUWsiiLor8+uwu+HYrn7fC03PZmw2lQssVRohrssdRZqTIfK2dMu
         HzN40CskY1XOqQ6y0bCH0thp56CvWag2dI9xPL6uydn2b4g2lF4+2ccOkauBZiaa25cI
         autGb0gcGBXOmS8oq3v2Ohqr8Mm8supnmG7EaR77OUUgiKWBjCvXHrOw0MvBLZM4dI6G
         nqcrDOXYuO/5Z7t9LClI/jFT8zw+8p3jIl3LNgoB66pvaHvX70HXaOA85j31HG2KPKD6
         26NKgp73TCuJAKKO8cqUq0WdcxcoDzF168KEN7zdHib0pkhi8oxK9d1cgmvEvpoMNADw
         p6lQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto+bounces-536-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-536-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-crypto+bounces-536-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id e14-20020a056102354e00b004648f9fcb18si331544vss.736.2023.12.04.06.40.23
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Dec 2023 06:40:23 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-536-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto+bounces-536-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-536-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 48FA91C20B7D
	for <linux.lists.archive@gmail.com>; Mon,  4 Dec 2023 14:40:23 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B4B1E28DC4
	for <linux.lists.archive@gmail.com>; Mon,  4 Dec 2023 14:40:22 +0000 (UTC)
X-Original-To: linux-crypto@vger.kernel.org
Received: from www.kot-begemot.co.uk (ns1.kot-begemot.co.uk [217.160.28.25])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB814A7
	for <linux-crypto@vger.kernel.org>; Mon,  4 Dec 2023 04:50:38 -0800 (PST)
Received: from [192.168.17.6] (helo=jain.kot-begemot.co.uk)
	by www.kot-begemot.co.uk with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <anton.ivanov@kot-begemot.co.uk>)
	id 1rA8PA-007FyB-66; Mon, 04 Dec 2023 12:50:32 +0000
Received: from jain.kot-begemot.co.uk ([192.168.3.3])
	by jain.kot-begemot.co.uk with esmtp (Exim 4.96)
	(envelope-from <anton.ivanov@kot-begemot.co.uk>)
	id 1rA8P7-00AJ5F-0e;
	Mon, 04 Dec 2023 12:50:31 +0000
Message-ID: <2ea67aa8-3a6c-0f2e-93c6-446ea28f8b2f@kot-begemot.co.uk>
Date: Mon, 4 Dec 2023 12:50:28 +0000
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.1
Subject: Re: jitterentropy vs. simulation
Content-Language: en-US
To: Benjamin Beichler <Benjamin.Beichler@uni-rostock.de>,
 Johannes Berg <johannes@sipsolutions.net>, linux-um@lists.infradead.org
Cc: linux-crypto@vger.kernel.org, =?UTF-8?Q?Stephan_M=c3=bcller?=
 <smueller@chronox.de>
References: <e4800de3138d3987d9f3c68310fcd9f3abc7a366.camel@sipsolutions.net>
 <7db861e3-60e4-0ed4-9b28-25a89069a9db@kot-begemot.co.uk>
 <8ddb48606cebe4e404d17a627138aa5c5af6dccd.camel@sipsolutions.net>
 <6cffe622-bf4b-4cba-bfac-037c5aa89a25@uni-rostock.de>
From: Anton Ivanov <anton.ivanov@kot-begemot.co.uk>
In-Reply-To: <6cffe622-bf4b-4cba-bfac-037c5aa89a25@uni-rostock.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.0
X-Spam-Score: -2.0
X-Clacks-Overhead: GNU Terry Pratchett



On 04/12/2023 12:06, Benjamin Beichler wrote:
> Am 01.12.2023 um 19:35 schrieb Johannes Berg:
>> [I guess we should keep the CCs so other see it]
>>
>>> Looking at the stuck check it will be bogus in simulations.
>>
>> True.
>>
>>> You might as well ifdef that instead.
>>>
>>> If a simulation is running insert the entropy regardless and do not compute the derivatives used in the check.
>>
>> Actually you mostly don't want anything inserted in that case, so it's
>> not bad to skip it.
>>
>> I was mostly thinking this might be better than adding a completely
>> unrelated ifdef. Also I guess in real systems with a bad implementation
>> of random_get_entropy(), the second/third derivates might be
>> constant/zero for quite a while, so may be better to abort?
> Maybe dump question: could we simply implement a timex.h for UM which delegates in non-timetravel mode to the x86 variant 

Sounds reasonable.

> and otherwise pull some randomness from the host or from a file/pipe configurable from the UML commandline for random_get_entropy()?

Second one.

We can run haveged in pipe mode and read from the pipe. Additionally, this will allow deterministic simulation if need be. You can record the haveged output and use it for more than one simulation.

> 
> I would say, if the random jitter is truly deterministic for a simulation, that seems to be good enough.
> 
> Said that, it would be nice to be able to configure all random sources to pull entropy from some file that we are able to configure from the command line, but that is a different topic.
> 
>>
>> In any case, I couldn't figure out any way to not configure this into
>> the kernel when any kind of crypto is also in ...
>>
>> johannes
>>
>>
> 
> 
> 
> 
> 

-- 
Anton R. Ivanov
https://www.kot-begemot.co.uk/