LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Justin Forbes <jmforbes@linuxtx.org>
To: Jeremy Cline <jeremy@jcline.org>
Cc: "Theodore Y. Ts'o" <tytso@mit.edu>,
Sultan Alsawaf <sultanxda@gmail.com>, Pavel Machek <pavel@ucw.cz>,
LKML <linux-kernel@vger.kernel.org>, Jann Horn <jannh@google.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`
Date: Tue, 1 May 2018 06:52:47 -0500 [thread overview]
Message-ID: <CAFxkdAogN0S9vgQhKoO+Zpp07bXveDQYPLvwjULoTRv3Or83qQ@mail.gmail.com> (raw)
In-Reply-To: <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com>
On Mon, Apr 30, 2018 at 4:12 PM, Jeremy Cline <jeremy@jcline.org> wrote:
> On 04/29/2018 06:05 PM, Theodore Y. Ts'o wrote:
>> On Sun, Apr 29, 2018 at 01:20:33PM -0700, Sultan Alsawaf wrote:
>>> On Sun, Apr 29, 2018 at 08:41:01PM +0200, Pavel Machek wrote:
>>>> Umm. No. https://www.youtube.com/watch?v=xneBjc8z0DE
>>>
>>> Okay, but /dev/urandom isn't a solution to this problem because it isn't usable
>>> until crng init is complete, so it suffers from the same init lag as
>>> /dev/random.
>>
>> It's more accurate to say that using /dev/urandom is no worse than
>> before (from a few years ago). There are, alas, plenty of
>> distributions and user space application programmers that basically
>> got lazy using /dev/urandom, and assumed that there would be plenty of
>> entropy during early system startup.
>>
>> When they switched over the getrandom(2), the most egregious examples
>> of this caused pain (and they got fixed), but due to a bug in
>> drivers/char/random.c, if getrandom(2) was called after the entropy
>> pool was "half initialized", it would not block, but proceed.
>>
>> Is that exploitable? Well, Jann and I didn't find an _obvious_ way to
>> exploit the short coming, which is this wasn't treated like an
>> emergency situation ala the embarassing situation we had five years
>> ago[1].
>>
>> [1] https://factorable.net/paper.html
>>
>> However, it was enough to make us be uncomfortable, which is why I
>> pushed the changes that I did. At least on the devices we had at
>> hand, using the distributions that we typically use, the impact seemed
>> minimal. Unfortuantely, there is no way to know for sure without
>> rolling out change and seeing who screams. In the ideal world,
>> software would not require cryptographic randomness immediately after
>> boot, before the user logs in. And ***really***, as in [1], softwaret
>> should not be generating long-term public keys that are essential to
>> the security of the box a few seconds immediately after the device is
>> first unboxed and plugged in.i
>>
>> What would be useful is if people gave reports that listed exactly
>> what laptop and distributions they are using. Just "a high spec x86
>> laptop" isn't terribly useful, because *my* brand-new Dell XPS 13
>> running Debian testing is working just fine. The year, model, make,
>> and CPU type plus what distribution (and distro version number) you
>> are running is useful, so I can assess how wide spread the unhappiness
>> is going to be, and what mitigation steps make sense.
>
> Fedora has started seeing some bug reports on this for Fedora 27[0] and
> I've asked reporters to include their hardware details.
>
> [0] https://bugzilla.redhat.com/show_bug.cgi?id=1572944
>
We have also had reports that Fedora users are seeing this on Google
Compute Engine.
Justin
next prev parent reply other threads:[~2018-05-01 11:52 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-26 4:11 Sultan Alsawaf
2018-04-26 5:00 ` Theodore Y. Ts'o
2018-04-26 5:05 ` Sultan Alsawaf
2018-04-26 7:32 ` Theodore Y. Ts'o
2018-04-26 15:17 ` Sultan Alsawaf
2018-04-26 19:25 ` Theodore Y. Ts'o
2018-04-26 20:22 ` Sultan Alsawaf
2018-04-26 20:47 ` Christian Brauner
2018-04-27 0:00 ` Theodore Y. Ts'o
2018-04-27 15:38 ` Jason A. Donenfeld
2018-04-27 19:14 ` Theodore Y. Ts'o
2018-04-26 23:56 ` Theodore Y. Ts'o
2018-04-27 5:20 ` Sultan Alsawaf
2018-04-27 20:10 ` Theodore Y. Ts'o
2018-04-27 22:59 ` Sultan Alsawaf
2018-04-29 14:32 ` Pavel Machek
2018-04-29 17:05 ` Sultan Alsawaf
2018-04-29 18:41 ` Pavel Machek
2018-04-29 20:20 ` Sultan Alsawaf
2018-04-29 21:18 ` Pavel Machek
2018-04-29 21:34 ` Sultan Alsawaf
2018-04-29 22:05 ` Theodore Y. Ts'o
2018-04-29 22:26 ` Sultan Alsawaf
2018-04-29 22:43 ` Jason A. Donenfeld
2018-04-29 22:49 ` Sultan Alsawaf
2018-04-30 0:11 ` Theodore Y. Ts'o
2018-04-30 4:34 ` Sultan Alsawaf
2018-04-30 16:11 ` Theodore Y. Ts'o
2018-05-01 19:53 ` Pavel Machek
2018-04-29 22:43 ` Pavel Machek
2018-04-30 0:32 ` Laura Abbott
2018-04-30 21:12 ` Jeremy Cline
2018-05-01 11:52 ` Justin Forbes [this message]
2018-05-01 12:55 ` Theodore Y. Ts'o
2018-05-01 22:35 ` Justin Forbes
2018-05-02 0:02 ` Theodore Y. Ts'o
2018-05-02 12:09 ` Justin Forbes
2018-05-02 16:26 ` Theodore Y. Ts'o
2018-05-02 17:49 ` Laura Abbott
2018-05-02 22:25 ` Theodore Y. Ts'o
2018-05-03 6:19 ` Pavel Machek
2018-05-03 12:23 ` Justin Forbes
2018-05-02 0:43 ` Sultan Alsawaf
2018-05-02 0:56 ` Theodore Y. Ts'o
2018-05-02 1:11 ` Sultan Alsawaf
2018-04-29 18:30 ` Sultan Alsawaf
2018-04-29 20:08 ` Theodore Y. Ts'o
2018-05-18 1:27 ` Trent Piepho
2018-05-18 2:32 ` Theodore Y. Ts'o
2018-05-18 22:56 ` Trent Piepho
2018-05-18 23:22 ` Theodore Y. Ts'o
2018-05-21 18:39 ` Trent Piepho
2018-04-29 14:29 ` Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2018-04-24 11:48 Paul Menzel
2018-04-24 13:56 ` Theodore Y. Ts'o
2018-04-24 14:30 ` Paul Menzel
2018-04-24 15:49 ` Theodore Y. Ts'o
2018-04-24 15:56 ` Paul Menzel
2018-04-25 7:41 ` Theodore Y. Ts'o
2018-04-26 3:48 ` Paul Menzel
2018-04-29 14:22 ` Pavel Machek
2018-04-29 23:02 ` Dave Jones
2018-04-29 23:07 ` Dave Jones
2018-04-30 0:21 ` Theodore Y. Ts'o
2018-04-26 5:51 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFxkdAogN0S9vgQhKoO+Zpp07bXveDQYPLvwjULoTRv3Or83qQ@mail.gmail.com \
--to=jmforbes@linuxtx.org \
--cc=jannh@google.com \
--cc=jeremy@jcline.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=sultanxda@gmail.com \
--cc=tytso@mit.edu \
--subject='Re: Linux messages full of `random: get_random_u32 called from`' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).