Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp213662ybe; Wed, 18 Sep 2019 15:48:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqz7yKd7V+Gr29hC3zAsJSrWqLwFiw7/6Jov4NEqSywQUuSUFjN8jMzb7+sT4TWeAWGXUs9a X-Received: by 2002:a17:906:53da:: with SMTP id p26mr818483ejo.66.1568846885324; Wed, 18 Sep 2019 15:48:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568846885; cv=none; d=google.com; s=arc-20160816; b=DRiiDPdFW7ue2aqp+eO+jDxDHvuVFgkESoeUZAJGWi3Vz0Dfy3x1g9qpdu1G5i221b 5wSBa/McpYBikPPJqycV7JkCJnHBARJU1n8qrrd9mj+nKOQc7acWh/K/q4HXIxcBLjA0 CIKh7TlK/lTsMmuN1LURo89nNINxoIuFnGnM4OINijC9whX01LGZ/8VEtV6etopvd5eI uzfJ4K8NSZUEXF2GqR0ukKoaxa9tcxTwCOo3C7ENiWo/qVvGmJbAj21EwHDFmeuzHBFL wq4yNPmeHdGbg0P6g8lQRnF8eeoph+vEif79PaiwVeke6lHTeijpACC6RMdau53JEe8o +x8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=zmbXGFEWVtjHX9X1Gctkgau+tuI+qC0BzTbw+aLuRTU=; b=N6l6/D3oMkKUE2nmEre0EUrhIjtwLxtOP0HfxF7G9Hf5psgvEUbX1tGRHtpReczCM9 npPVRm9mqtgaqLYiVH/KJKObH317eZ435ozm7H0IlYXgMe4Zw6RusJgur/e1NBGX6xgE f6jrgy6A+7LW0LGn3HDXbJAbRQJg/TzeKH2jikQW32Mjk4SzMAwl3R3sXyMFHa65ofqR s6ILrMnmVjWN6Vn+MkiGPaJYASoyIcz/dHrrxCf7esLZb9BB3ysOO9zWWmBgvHbmMzem tGdFMVmw0AprteF1WXJZku1WhntM8JCSW8hLkFwmF1QN8EuZrZ0rq2Z1L03DayOAI8AP XrOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=g8RyMjdN; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c10si3491695ejk.326.2019.09.18.15.47.41; Wed, 18 Sep 2019 15:48:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=g8RyMjdN; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391196AbfIRUNt (ORCPT + 99 others); Wed, 18 Sep 2019 16:13:49 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:44276 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391137AbfIRUNt (ORCPT ); Wed, 18 Sep 2019 16:13:49 -0400 Received: by mail-lj1-f194.google.com with SMTP id m13so1175490ljj.11 for ; Wed, 18 Sep 2019 13:13:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zmbXGFEWVtjHX9X1Gctkgau+tuI+qC0BzTbw+aLuRTU=; b=g8RyMjdNFqBzYdgO0kOInb/luNvfmUgoogrNuN/uHaQmSTAkISDVuPXAX+IS8y6uPa 113T2PmQ3xMCkzcuMhaKO1jOI6snQm5pleau2vnztg3o4ImV+DP3gV+uEBDCi+BFOxCm kSQ4VNgu1hZOijED+yZ0+HFQwvWFxFemQxZvY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zmbXGFEWVtjHX9X1Gctkgau+tuI+qC0BzTbw+aLuRTU=; b=Qb0h/SBao/WfT9vmOHEMQCSE0ZsT1Nfvn2dTnCdpj8ZSC1OERUQVtmP/F7AFHvZ93S P6YTet+0Vdx+JLZZXlQJMDsfwyK96EK7rsRz7SvRV0kCFxldP2Q0vFGCMkVb8C1khNmu NFU47ucB3eZ5toyZn9cF/+vTiA4ybOLOVg5JLv41jhm9lovTJcvbmBeflIqTDKeIjYal btkWB2SoOEQLS+4y3KGAS6g+3KBJKm+mf4YSRWEDHZv77BGEjz66xRlt33bVLJ8EpscR TStWVAkLd6lWI6WgCLGPKzLNdA6yoyiNg83lYu1de5gPo+HItCNdYtkbfDKYE08IgXyK tjUw== X-Gm-Message-State: APjAAAWjvujvciYtwysPvIlmBLNT418I3mgFNgE+FnvWQAiF6qHkTHSO lrhXTLrrFLPa4hdaGMAc6V1pogSiDdk= X-Received: by 2002:a2e:884c:: with SMTP id z12mr3198130ljj.92.1568837627554; Wed, 18 Sep 2019 13:13:47 -0700 (PDT) Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com. [209.85.167.54]) by smtp.gmail.com with ESMTPSA id g10sm1161280lfb.76.2019.09.18.13.13.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 18 Sep 2019 13:13:47 -0700 (PDT) Received: by mail-lf1-f54.google.com with SMTP id r2so593693lfn.8 for ; Wed, 18 Sep 2019 13:13:46 -0700 (PDT) X-Received: by 2002:ac2:5c11:: with SMTP id r17mr3074674lfp.61.1568837626504; Wed, 18 Sep 2019 13:13:46 -0700 (PDT) MIME-Version: 1.0 References: <20190917052438.GA26923@1wt.eu> <2508489.jOnZlRuxVn@merkaba> <20190917121156.GC6762@mit.edu> <20190917123015.sirlkvy335crozmj@debian-stretch-darwi.lab.linutronix.de> <20190917160844.GC31567@gardel-login> <20190917174219.GD31798@gardel-login> <87zhj15qgf.fsf@x220.int.ebiederm.org> In-Reply-To: <87zhj15qgf.fsf@x220.int.ebiederm.org> From: Linus Torvalds Date: Wed, 18 Sep 2019 13:13:30 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Linux 5.3-rc8 To: "Eric W. Biederman" Cc: Lennart Poettering , "Ahmed S. Darwish" , "Theodore Y. Ts'o" , Willy Tarreau , Matthew Garrett , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Wed, Sep 18, 2019 at 12:56 PM Eric W. Biederman wrote: > > The cheap solution appears to be copying a random seed from a previous > boot, and I think that will take care of many many cases, and has > already been implemented. Which reduces this to a system first > boot issue. Not really. Part of the problem is that many people don't _trust_ that "previous boot entropy". The lack of trust is sometimes fundamental mistrust ("Who knows where it came from"), which also tends to cover things like not trusting rdrand or not trusting the boot loader claimed randomness data. But the lack of trust has been realistic - if you generated your disk image by cloning a pre-existing one, you may well have two (or more - up to any infinite number) of subsequent boots that use the same "random" data for initialization. And doing that "boot a pre-existing image" is not as unusual as you'd think. Some people do it to make bootup faster - there have been people who work on pre-populating bootup all the way to user mode by basically making boot be a "resume from disk" kind of event. So a large part of the problem is that we don't actually trust things that _should_ be trust-worthy, because we've seen (over and over again) people mis-using it. So then we do mix in the data into the randomness pool (because there's no downside to _that_), but we don't treat it as entropy (because while it _probably_ is, we don't actually trust it sufficiently). A _lot_ of the problems with randomness come from these trust issues. Our entropy counting is very very conservative indeed. Linus