Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp4576702ybe; Mon, 16 Sep 2019 14:47:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqxrKULhBciSfKUW/cXhqu2n0B9rnSBCh8NDDrAPfpd9jxvnI+fVRfac6DjZdsfNtxPuzc3Z X-Received: by 2002:a17:907:20a2:: with SMTP id pw2mr1933576ejb.163.1568670454501; Mon, 16 Sep 2019 14:47:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568670454; cv=none; d=google.com; s=arc-20160816; b=t02n58jhTYxheoEQpmKfnan7CQUor7E0vYBfT4v5xi4P+yKqQiJRJGdukFiRD8lIY1 VzTRpg7TljnPJTUfDlQCCr0A4uJi/iug5NaculAWWEpF74vO6x/I+LH93zWHZCXi6DK1 yK17w8qDJMYjcU89RHKgKsbaO3CsQlE4tsdS+liZ/LpGZUMsFrN2J5uqHe52wGCDipVC hYPVZk60JumAXraKWGh58s4D9Lty8r3QiFKNrOdPx9k94bY1mXjyR8Omd+R5YGygCCpi y1GpWc/zg3MudPdV4Ez/8vgWJ7HeMyXL8KNAvVdlkca6ylcytoO0C6cn7Y3qDQUVrPV4 vQZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=4PX9Kbdf/A/a4MaGAnVuIX5oyNGr0+JJhJb/XQGXlPk=; b=tXZMIU2nkNmeCynYqkBZPke9Gz4VKm2+oTWzI05YzwQSCOP+QdoqM7oUAeCP5fI8L+ kWHyoj9LD3H038iyPKWaNd1cX8TGtJBLrSkvLnmYJkhJvf7pSNibFjm50zWiM6KxF6p4 DpHuO+LxAnVVw98hxr+PcXcHnOCXarAOZHYkzGgfmKT1w6KtRQvT8FAVzZT9OwmlaqZ8 VWu5bWhTfiAs6Rpft+Oz6HyIANiiVZWTBt/8A8gPuDn24gh9nCZ03GJAjeRhrtVM4lSS MnmZiq2ZonP9LBMK2QkYRVPeKO4OQnJhhOmQg/+poqx0U8rI19priPdMPgW9bZuZF6g4 382w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Pq/G5sgD"; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g5si88384eje.339.2019.09.16.14.47.10; Mon, 16 Sep 2019 14:47:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Pq/G5sgD"; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732536AbfIPTyH (ORCPT + 99 others); Mon, 16 Sep 2019 15:54:07 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:36523 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727884AbfIPTyH (ORCPT ); Mon, 16 Sep 2019 15:54:07 -0400 Received: by mail-wm1-f68.google.com with SMTP id t3so593216wmj.1; Mon, 16 Sep 2019 12:54:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=4PX9Kbdf/A/a4MaGAnVuIX5oyNGr0+JJhJb/XQGXlPk=; b=Pq/G5sgDBwqO7N/NZoHq6vAnLQdnmqWF3ActxfgcfBHmPcaay1k310KGeT+4zLnbtf e2VkRluXw2y5zJidKXyUAWYAncmIU6FJ4VI/aWaAxnyCkhGqW1Ka7fuUAVg0mCYfFtzx FeS9X3Iwq8Ap4EBLpRwCMPVzTLhnB9ZeflCrvj+cOzaMAMzsvvDDOcucbLp0sjc86aYT ZzUwBs+lqr2lf1VZSN+5yWugK6aXHW8mOoCnSFRXTzFfzkXDZdUKvTUju9KwPQhSR3lN iSXmY+qh8DxbLz1tDu1OmneYH5Uj1tpttrQmJQwxAFtx/HS7/9wLkRiEhurlvj/Zik7B 7uyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=4PX9Kbdf/A/a4MaGAnVuIX5oyNGr0+JJhJb/XQGXlPk=; b=E2/kGpa2REY6GI+62fRTmCCT/pWToguA8UrM7vIqxqIiEdPRboVKREdzCIQP1GjsIF JZsGyBYc6zvTUdpJiwYkYQnfvlrw362G4el2zsi5Zs7hZTVCNDbMc71ytNqoaHtHTXnr RfHkIdpRx4z7K658uMIG2cd3UqRTdflMMxAjH8K6a4JmGr/VCD24maEuM9gbi27+vE2r An1bldAGT5x7EmMjdsPVbI8tpDga7Y/9DpqyTK8bMzDvBS9b54hdzpFqCb4tEQT3oI7l QM88xb6YLCOGUxCNfy31/UMDyEj+a3obEgg6dg6kgNyNmgJBs3iaozQkQL2lGkEUvAZ9 U/Sg== X-Gm-Message-State: APjAAAXNW1V0RqHe+hQeZbNokJZDvC8kyiaIHAulaMILeXE+1LAOnj/P S8XTV8IRSUKKLP1C56GbLD0= X-Received: by 2002:a1c:4946:: with SMTP id w67mr537801wma.131.1568663644846; Mon, 16 Sep 2019 12:54:04 -0700 (PDT) Received: from darwi-home-pc (p200300D06F2D148E24CC892DA859AC81.dip0.t-ipconnect.de. [2003:d0:6f2d:148e:24cc:892d:a859:ac81]) by smtp.gmail.com with ESMTPSA id m18sm53826700wrg.97.2019.09.16.12.54.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Sep 2019 12:54:04 -0700 (PDT) Date: Mon, 16 Sep 2019 21:53:57 +0200 From: "Ahmed S. Darwish" To: "Theodore Y. Ts'o" Cc: Linus Torvalds , Willy Tarreau , Vito Caputo , Lennart Poettering , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: Linux 5.3-rc8 Message-ID: <20190916195357.GA3312@darwi-home-pc> References: <20190915065142.GA29681@gardel-login> <20190916014050.GA7002@darwi-home-pc> <20190916014833.cbetw4sqm3lq4x6m@shells.gnugeneration.com> <20190916024904.GA22035@mit.edu> <20190916042952.GB23719@1wt.eu> <20190916061252.GA24002@1wt.eu> <20190916172117.GB15263@mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190916172117.GB15263@mit.edu> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Mon, Sep 16, 2019 at 01:21:17PM -0400, Theodore Y. Ts'o wrote: > On Mon, Sep 16, 2019 at 09:17:10AM -0700, Linus Torvalds wrote: > > So the semantics that getrandom() should have had are: > > > > getrandom(0) - just give me reasonable random numbers for any of a > > million non-strict-long-term-security use (ie the old urandom) > > > > - the nonblocking flag makes no sense here and would be a no-op > > That change is what I consider highly problematic. There are a *huge* > number of applications which use cryptography which assumes that > getrandom(0) means, "I'm guaranteed to get something safe > cryptographic use". Changing his now would expose a very large number > of applications to be insecure. Part of the problem here is that > there are many different actors. There is the application or > cryptographic library developer, who may want to be sure they have > cryptographically secure random numbers. They are the ones who will > select getrandom(0). > > Then you have the distribution or consumer-grade electronics > developers who may choose to run them too early in some init script or > systemd unit files. And some of these people may do something stupid, > like run things too early, or omit the a hardware random number > generator in their design, even though it's for a security critical > purpose (say, a digital wallet for bitcoin). Ted, you're really the expert here. My apologies though, every time I see the words "too early" I get a cramp... Please check my earlier reply: https://lkml.kernel.org/r/20190912034421.GA2085@darwi-home-pc Specifically the trace_printk log of all the getrandom(2) calls during an standard Archlinux boot... where is the "too early" boundary there? It's undefinable. You either have entropy, or you don't. And if you don't, it will stay like this forever, because if you had, you wouldn't have blocked in the first place... Thanks, -- Ahmed Darwish http://darwish.chasingpointers.com