From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Christian Brauner <christian.brauner@canonical.com>,
Sultan Alsawaf <sultanxda@gmail.com>,
LKML <linux-kernel@vger.kernel.org>, Jann Horn <jannh@google.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`
Date: Fri, 27 Apr 2018 15:14:58 -0400 [thread overview]
Message-ID: <20180427191458.GJ5965@thunk.org> (raw)
In-Reply-To: <CAHmME9oVRULStf1ff+OUJLyf7GMxUTPrJebF5pxxLO7Sn2tzow@mail.gmail.com>
On Fri, Apr 27, 2018 at 05:38:52PM +0200, Jason A. Donenfeld wrote:
>
> Please correct me if I'm wrong, but my present understanding of this
> is that crng readiness used to be broken, meaning people would have a
> seeded rng without it actually being seeded. You fixed this bug, and
> now people are discovering that they don't have crng readiness during
> a late stage of their init, which is breaking all sorts of entirely
> reasonable and widely deployed userspaces.
I'd say the problem is a combination of some classes of x86 hardware
devices (so far I've mainly seen repurposed chromebooks and VM's that
don't have virtio-rng enabled) combined with some distributions that
could make themselves more amenable to platforms with minimal amounts
of entropy available to them during system startup.
> Sultan mentioned that his machine actually does trigger large
> quantities of interrupts. Is it possible that the entropy gathering
> algorithm has some issues, and Sultan's report points to a real bug
> here? Considering the crng readiness state hasn't been working until
> your recent fix, I suspect the actual entropy gathering code probably
> hasn't prompted too many bug reports, until now that is.
It's not clear when his machine is triggering the "large quantity of
interrupts". Is it during the system startup, or after he's logged
into the machine? I suspect what is going on is the Chromebook has
been engineered so that when it's idle, it doesn't issue any
interrupts at all --- which is a good thing from a power management
perspective. So if nothing is actually _querying_ the SD Card reader,
it's not generating any interrupts.
This is a feature, and not a bug. That being said, a laptop which
sends some number of interrupts as it receives, say, WiFi packets, and
a system which automatically starts looking for suitable access points
as soon as the machine is started gives us timing events which is not
easily available to an analyst sitting in Fort Meade, Maryland. In
practice, that seems to be much more of the rule and not the
exception. However, as laptops try to become much more sparing
interrupts to save power, then we either have to (a) be willing to
trust hardware random number generators available to the laptop,
and/or (b) change userspace to *wait* until after the user has logged
in to try to obtain cryptographic-graded randomness.
If you think there is an alternative besides those two, I'm all ears...
- Ted
next prev parent reply other threads:[~2018-04-27 19:15 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-26 4:11 Linux messages full of `random: get_random_u32 called from` Sultan Alsawaf
2018-04-26 5:00 ` Theodore Y. Ts'o
2018-04-26 5:05 ` Sultan Alsawaf
2018-04-26 7:32 ` Theodore Y. Ts'o
2018-04-26 15:17 ` Sultan Alsawaf
2018-04-26 19:25 ` Theodore Y. Ts'o
2018-04-26 20:22 ` Sultan Alsawaf
2018-04-26 20:47 ` Christian Brauner
2018-04-27 0:00 ` Theodore Y. Ts'o
2018-04-27 15:38 ` Jason A. Donenfeld
2018-04-27 19:14 ` Theodore Y. Ts'o [this message]
2018-04-26 23:56 ` Theodore Y. Ts'o
2018-04-27 5:20 ` Sultan Alsawaf
2018-04-27 20:10 ` Theodore Y. Ts'o
2018-04-27 22:59 ` Sultan Alsawaf
2018-04-29 14:32 ` Pavel Machek
2018-04-29 17:05 ` Sultan Alsawaf
2018-04-29 18:41 ` Pavel Machek
2018-04-29 20:20 ` Sultan Alsawaf
2018-04-29 21:18 ` Pavel Machek
2018-04-29 21:34 ` Sultan Alsawaf
2018-04-29 22:05 ` Theodore Y. Ts'o
2018-04-29 22:26 ` Sultan Alsawaf
2018-04-29 22:43 ` Jason A. Donenfeld
2018-04-29 22:49 ` Sultan Alsawaf
2018-04-30 0:11 ` Theodore Y. Ts'o
2018-04-30 4:34 ` Sultan Alsawaf
2018-04-30 16:11 ` Theodore Y. Ts'o
2018-05-01 19:53 ` Pavel Machek
2018-04-29 22:43 ` Pavel Machek
2018-04-30 0:32 ` Laura Abbott
2018-04-30 21:12 ` Jeremy Cline
2018-05-01 11:52 ` Justin Forbes
2018-05-01 12:55 ` Theodore Y. Ts'o
2018-05-01 22:35 ` Justin Forbes
2018-05-02 0:02 ` Theodore Y. Ts'o
2018-05-02 12:09 ` Justin Forbes
2018-05-02 16:26 ` Theodore Y. Ts'o
2018-05-02 17:49 ` Laura Abbott
2018-05-02 22:25 ` Theodore Y. Ts'o
2018-05-03 6:19 ` Pavel Machek
2018-05-03 12:23 ` Justin Forbes
2018-05-02 0:43 ` Sultan Alsawaf
2018-05-02 0:56 ` Theodore Y. Ts'o
2018-05-02 1:11 ` Sultan Alsawaf
2018-05-20 3:37 ` [lkp-robot] [Linux messages full of `random] 125bac9e15: stress-ng.chdir.ops_per_sec 38.8% improvement kernel test robot
2018-04-29 18:30 ` Linux messages full of `random: get_random_u32 called from` Sultan Alsawaf
2018-04-29 20:08 ` Theodore Y. Ts'o
2018-05-18 1:27 ` Trent Piepho
2018-05-18 2:32 ` Theodore Y. Ts'o
2018-05-18 22:56 ` Trent Piepho
2018-05-18 23:22 ` Theodore Y. Ts'o
2018-05-21 18:39 ` Trent Piepho
2018-04-29 14:29 ` Pavel Machek
[not found] <1524676526.3280.40.camel@armitage.org.uk>
2018-04-25 20:28 ` Theodore Y. Ts'o
-- strict thread matches above, loose matches on Subject: below --
2018-04-24 11:48 Paul Menzel
2018-04-24 13:56 ` Theodore Y. Ts'o
2018-04-24 14:30 ` Paul Menzel
2018-04-24 15:49 ` Theodore Y. Ts'o
2018-04-24 15:56 ` Paul Menzel
2018-04-25 7:41 ` Theodore Y. Ts'o
2018-04-26 3:48 ` Paul Menzel
2018-04-29 14:22 ` Pavel Machek
2018-04-29 23:02 ` Dave Jones
2018-04-29 23:07 ` Dave Jones
2018-04-30 0:21 ` Theodore Y. Ts'o
2018-04-26 5:51 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180427191458.GJ5965@thunk.org \
--to=tytso@mit.edu \
--cc=Jason@zx2c4.com \
--cc=christian.brauner@canonical.com \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sultanxda@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.