Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp338586ybj; Thu, 19 Sep 2019 15:20:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqzorwYT0OsRl7sk0RaQvM+aC9xfw0Ay1tfFg0hXLQfz2ihCm8orAARtuQgDWWraRn4ZdKEK X-Received: by 2002:a50:98c6:: with SMTP id j64mr18611057edb.34.1568931638158; Thu, 19 Sep 2019 15:20:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568931638; cv=none; d=google.com; s=arc-20160816; b=l10yp2byAEBTFHOHKSHm2s8OwpexeXmeBfQ0GAx0TDCAsPzavBGfPjggGUCLtQRvw4 mZi3SJ3/yPgappRFRQLllVpFcApO9KkYYfZipe9VSVoSl2PKKsMjg9yWMp4I8s9jYyr5 xBpiNOmMqdrGB7QYPVlFnk1r6GRprAr1S+gu5Y9h7NWCxdl2FJ2YOOyEYwkyWDDryAmU XyhDUeKyV0KPp3x7doQ/Hip3ytuiUhujB7NJ/MjWRCwOKLnU/K3v3nZ9m1NrgtvQgR5+ 9BguVxqftEsgvRmypNLaMmEGbVYNovi6+ZJifQz/FtMTrYfR4u5Z0wkhAAqJslMe/Eo8 /0YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=edBNiUCAkfvN/3XpQNySJ3URni0Ib/sxF2qoxmEcdPs=; b=0eYYZtZDhl1DTP8i/Y1eNrL7TxElhtz/ymdhm5phSLFh6/if417TfkWz2XANJHkLak bupj6P6aeFlk/Vvw45yxXE7WCZd48hTZoHC/XDBM9QlN08evPGD+9svgVdGSbt2PVuQ2 Jlzdhps9hDV7zjtuWIfZs7JqvLLel068iHfDlwenwcnCE+KnovHjbVq9RS4oQI7FwUly xdc1t8uPP5AznDYe3sBg2mKnTF09Pe4N3A+aJniatN34RQWb39xStL/ozHxi+1138ueT LvpOb4ndvxuYKEhG8A/yAoy+OHvoxFJzIHBoPGPm74W2ofXrhXG7jg7GSNhbyWBSrvJ5 UHqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=aVaV1zCj; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v53si74135edc.378.2019.09.19.15.20.13; Thu, 19 Sep 2019 15:20:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=aVaV1zCj; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733030AbfISVsS (ORCPT + 99 others); Thu, 19 Sep 2019 17:48:18 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:46726 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732082AbfISVsR (ORCPT ); Thu, 19 Sep 2019 17:48:17 -0400 Received: by mail-lj1-f194.google.com with SMTP id e17so5044901ljf.13 for ; Thu, 19 Sep 2019 14:48:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=edBNiUCAkfvN/3XpQNySJ3URni0Ib/sxF2qoxmEcdPs=; b=aVaV1zCjOFb/oCr3LlveP0iW40Bbf85kACXi2TPOzhPig+J6nPBdquOOmmczmq3Pvz eAU+3Jy03OQ31MfO232+fud/OluIqVj1sjHgRJxGMQN/Cu5OAgjExkpNb+RVnX54oHiP ko0EAsEVkDpJzJdh060J1gEBSzBA17aW3PG2Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=edBNiUCAkfvN/3XpQNySJ3URni0Ib/sxF2qoxmEcdPs=; b=Xd84LXDEA6lDex7i/06qm3tQftB+J+X9RSa5UET323R4ZEkV3SSxyUAVzXzTMlC/IM Fri1nPWeC/crBbi6yblCfuB77iB3idkr5zBXQ0c3E7ZYWd5JJ5QNpO1z2QY2jnxcGVRG GKuFDHKWsXYcVLIJeaGUvDIdyvB5+JxnRbZ7cA3nyM2doPyEHwDrY1BXfijlVrfUzA00 /Iw31o2uTDv4XL4J04APU1zVxBbwwlFvOyjmbPS3cPbV7yrBsUhkMqsjgcCEnVCjxEE2 skS5DODQ7eev7/7FmzrYtzwN0VCkaSZiOr7OZK0CrHM2LbKCgEuhIY9MDTRMJVhQBeU/ pZqg== X-Gm-Message-State: APjAAAUlRO2NuboYjSGf9+YPTqYhLlvDlL3BzduATSu9+84vD6NYtA91 t4I8PBM6wLZX0hRrxwisRpPvZavOwKA= X-Received: by 2002:a2e:9890:: with SMTP id b16mr6523172ljj.189.1568929695061; Thu, 19 Sep 2019 14:48:15 -0700 (PDT) Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com. [209.85.167.51]) by smtp.gmail.com with ESMTPSA id q88sm1948751lje.57.2019.09.19.14.48.14 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 19 Sep 2019 14:48:14 -0700 (PDT) Received: by mail-lf1-f51.google.com with SMTP id q11so3453517lfc.11 for ; Thu, 19 Sep 2019 14:48:14 -0700 (PDT) X-Received: by 2002:ac2:47f8:: with SMTP id b24mr6182150lfp.134.1568929693778; Thu, 19 Sep 2019 14:48:13 -0700 (PDT) MIME-Version: 1.0 References: <20190912034421.GA2085@darwi-home-pc> <20190912082530.GA27365@mit.edu> <20190914122500.GA1425@darwi-home-pc> <008f17bc-102b-e762-a17c-e2766d48f515@gmail.com> <20190915052242.GG19710@mit.edu> <20190918211503.GA1808@darwi-home-pc> <20190918211713.GA2225@darwi-home-pc> <20190919143427.GQ6762@mit.edu> <6adb02d4-c486-a945-7f51-d007d6de45b2@gmail.com> In-Reply-To: <6adb02d4-c486-a945-7f51-d007d6de45b2@gmail.com> From: Linus Torvalds Date: Thu, 19 Sep 2019 14:47:57 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RFC v4 1/1] random: WARN on large getrandom() waits and introduce getrandom2() To: "Alexander E. Patrakov" Cc: "Theodore Y. Ts'o" , "Ahmed S. Darwish" , Lennart Poettering , "Eric W. Biederman" , Michael Kerrisk , lkml , linux-ext4@vger.kernel.org, linux-man@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Thu, Sep 19, 2019 at 1:45 PM Alexander E. Patrakov wrote: > > This already resembles in-kernel haveged (except that it doesn't credit > entropy), and Willy Tarreau said "collect the small entropy where it is, > period" today. So, too many people touched upon the topic in one day, > and therefore I'll bite. I'm one of the people who aren't entirely convinced by the jitter entropy - I definitely believe it exists, I just am not necessarily convinced about the actual entropy calculations. So while I do think we should take things like the cycle counter into account just because I think it's a a useful way to force some noise, I am *not* a huge fan of the jitter entropy driver either, because of the whole "I'm not convinced about the amount of entropy". The whole "third order time difference" thing would make sense if the time difference was some kind of smooth function - which it is at a macro level. But at a micro level, I could easily see the time difference having some very simple pattern - say that your cycle counter isn't really cycle-granular, and the load takes 5.33 "cycles" and you see a time difference pattern of (5, 5, 6, 5, 5, 6, ...). No real entropy at all there, it is 100% reliable. At a macro level, that's a very smooth curve, and you'd say "ok, time difference is 5.3333 (repeating)". But that's not what the jitter entropy code does. It just does differences of differences. And that completely non-random pattern has a first-order difference of 0, 1, 1, 0, 1, 1.. and a second order of 1, 0, 1, 1, 0, and so on forever. So the "jitter entropy" logic will assign that completely repeatable thing entropy, because the delta difference doesn't ever go away. Maybe I misread it. We used to (we still do, but we used to too) do that same third-order delta difference ourselves for the interrupt timing entropy estimation in add_timer_randomness(). But I think it's more valid with something that likely has more noise (interrupt timing really _should_ be noisy). It's not clear that the jitterentropy load really has all that much noise. That said, I'm _also_ not a fan of the user mode models - they happen too late anyway for some users, and as you say, it leaves us open to random (heh) user mode distribution choices that may be more or less broken. I would perhaps be willing to just put my foot down, and say "ok, we'll solve the 'getrandom(0)' issue by just saying that if that blocks too much, we'll do the jitter entropy thing". Making absolutely nobody happy, but working in practice. And maybe encouraging the people who don't like jitter entropy to use GRND_SECURE instead. Linus