From: "Theodore Ts'o" <tytso@mit.edu>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Naveen Nathan <naveen@lastninja.net>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kevin Easton <kevin@guarana.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] random: urandom reads block when CRNG is not initialized.
Date: Mon, 27 May 2019 13:05:39 -0400 [thread overview]
Message-ID: <20190527170539.GC8585@mit.edu> (raw)
In-Reply-To: <CAHmME9qvdKy6zCHQEUp1zp-dL0Sco1Ujtn7jXK=EFde_yDx8wA@mail.gmail.com>
On Mon, May 27, 2019 at 05:43:03PM +0200, Jason A. Donenfeld wrote:
>
> Really, it's a chicken & egg thing. If people who make userspaces
> never have an option to design around the correct behavior, they'll
> continue to rely on the broken behavior. But if we give them a way to
> compile their kernels with the correct behavior, eventually some
> userspaces will run fine with it. "But they should just use
> getrandom()!" you shout. Yes, and maybe the code most userspace
> builders provide does do this. But people like to plug-in plenty of
> third party things into their userspaces, and I think there's some
> value in a userspace being able to say, "we've dealt with the
> /dev/urandom situation, and we now do the right thing, so we can
> enable this option, and now the code you run on our userspace will
> give good randomness."
The challenge is that in some cases, there *is* no good solution. If
you don't have decent hardware support, there's not a whole lot you
can do as a systems integrator or the distro. Enabling this feature
will be a support nightmare, so I predict that darned few
distributions will be to enable it.
At the very least, we need to document the reality as it exists today,
which is that systems with systemd and Openwrt (and its derivitives),
*will* hang if this option is selected. And we need to make sure that
zero-day testing with randconfig doesn't try to select this option
(hiding it behind CONFIG_EXPERIMENTAL should do the trick), since we
won't want to get spammed by the zero-day test bot. That's how much
this option is guaranteed to break systems --- our continuous
integration testing systems are guaranteed to trip against it.
- Ted
prev parent reply other threads:[~2019-05-27 17:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-27 12:26 [PATCH] random: urandom reads block when CRNG is not initialized Naveen Nathan
2019-05-27 14:06 ` Theodore Ts'o
2019-05-27 15:35 ` Naveen Nathan
2019-05-27 15:43 ` Jason A. Donenfeld
2019-05-27 17:05 ` Theodore Ts'o [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190527170539.GC8585@mit.edu \
--to=tytso@mit.edu \
--cc=Jason@zx2c4.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=kevin@guarana.org \
--cc=linux-kernel@vger.kernel.org \
--cc=naveen@lastninja.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox