Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1086683ybe; Wed, 11 Sep 2019 09:09:52 -0700 (PDT) X-Google-Smtp-Source: APXvYqxqy3qhwCRdO0Q7sv0UCWORQAcT++8xdAxDMN81plMNTGt7+lOKsPO9eBZD09PHy5e5eTY+ X-Received: by 2002:a50:e701:: with SMTP id a1mr31489683edn.108.1568218192605; Wed, 11 Sep 2019 09:09:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568218192; cv=none; d=google.com; s=arc-20160816; b=ChzVqvvdxtx3kQKMYFBjpFOIvX8Sfxt4pUx4oc45PFc0UHhk9ll0PMOKBbJ1bXvBSH 83/iOzLk/4U2tNzrM7MoRKtC/8C1FSY6n0HFzYPz9qUbhJsS4YORh5TwFh9rprC6YDo1 o8gyBTf+ZAvOyUFyeFfXm7HsSXt4GGI6IeZPog6pK5NH5tto+Ed1poceRIZ1g+ZBGkMF 8dxp3dVIChTy8z5b5LDI9gWXz4WnZoXO60vQFvWAD5W7D1Ti8dQDIUJ7rf5aFftYh8C6 qQfh1QNupoN9DSCR+CamlOXEU/zmasVHfApkDg1SfZeFkGjc/HXTtYWqoo0UKx/wETmw YEug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=BXJV9dRcucllmBH3ItJ+PBG+vOGfErwSoGzxecDAJMw=; b=CUm26PX5APcPFXIw4XNcP2+t8IHE82DelJ6e8vz9PgHT9NIzUFGkWJCQyJ1xG3592e spKlUaFDOmj0ZJke/fN3I4l5B5+CXvCMjoU8mGv1cIuP7gGkprF+VF+ROGRHjbwA8Ezr XsiOcdhyMB79vNiMd6FKM22LZpfX0Ckw1KWurCKXejdFeoTrxom3+KeDrPVPz/SYjPzl gKCI3s3cOL7t82+gwUctJ//oh45O6FfRAj5LblWh5emtZGZdL40CWGbQG7aavlzV0aT0 lD9JTqgvX7nK6Zuv4UjHQlt24KmEEOwmo8C6Sq4ptC0JCeqmyXeT2aev8V5r4yElO6RO jvww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b33si12484919edc.265.2019.09.11.09.09.22; Wed, 11 Sep 2019 09:09:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728412AbfIKQH7 (ORCPT + 99 others); Wed, 11 Sep 2019 12:07:59 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:52526 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729017AbfIKQH7 (ORCPT ); Wed, 11 Sep 2019 12:07:59 -0400 Received: from callcc.thunk.org (38.85.69.148.rev.vodafone.pt [148.69.85.38] (may be forged)) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x8BG7Uor002355 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Sep 2019 12:07:32 -0400 Received: by callcc.thunk.org (Postfix, from userid 15806) id 7CEFF42049E; Wed, 11 Sep 2019 12:07:29 -0400 (EDT) Date: Wed, 11 Sep 2019 12:07:29 -0400 From: "Theodore Y. Ts'o" To: Linus Torvalds Cc: "Ahmed S. Darwish" , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: Linux 5.3-rc8 Message-ID: <20190911160729.GF2740@mit.edu> References: <20190910042107.GA1517@darwi-home-pc> <20190910173243.GA3992@darwi-home-pc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, Sep 10, 2019 at 07:21:54PM +0100, Linus Torvalds wrote: > On Tue, Sep 10, 2019 at 6:33 PM Ahmed S. Darwish wrote: > > > > While gnome-session is obviously at fault here by requiring > > *blocking* randomness at the boot path, it's still not requesting > > much, just (5 * 16) bytes to be exact. It doesn't matter how much randomness it's requesting. With the new cryptographic random number generator, the CRNG is either initialized.... or it's not. > Just out of curiosity, what happens if you apply a patch like this > (intentionally whitespace-damaged, I don't want anybody to pick it up > without thinking about it) thing... > Which I think is what the code really wants - it's only using jiffies > because that is the only thing _guaranteed_ to change at all. But with > the sum, you get the best of both worlds, and should basically make > the entropy estimation use the "better of two counters". > > Ted, comments? I'd hate to revert the ext4 thing just because it > happens to expose a bad thing in user space. Unfortuantely, I very much doubt this is going to work. That's because the add_disk_randomness() path is only used for legacy /dev/random (which actually only still exists because of some insane PCI compliance issues which a number of end users really care about --- or they care about because it makes the insane PCI complaince labs go away). Also, because by default, the vast majority of disks have /sys/block/XXX/queue/add_random set to zero by default. So the the way we get entropy these days for initializing the CRNG is via the add_interrupt_randomness() path, where do something really fast, and we assume that we get enough uncertainity from 8 interrupts to give us one bit of entropy (64 interrupts to give us a byte of entropy), and that we need 512 bits of entropy to consider the CRNG fully initialized. (Yeah, there's a lot of conservatism in those estimates, and so what we could do is decide to say, cut down the number of bits needed to initialize the CRNG to be 256 bits, since that's the size of the CHACHA20 cipher.) Ultimately, though, we need to find *some* way to fix userspace's assumptions that they can always get high quality entropy in early boot, or we need to get over people's distrust of Intel and RDRAND. Otherwise, future performance improvements in any part of the system which reduces the number of interrupts is always going to potentially result in somebody's misconfigured system or badly written applications to fail to boot. :-( - Ted