Re: early x86 unseeded randomness

From: Linus Torvalds
Date: Mon Aug 14 2017 - 14:17:45 EST


On Mon, Aug 14, 2017 at 11:00 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
> On Mon, Aug 14, 2017 at 10:47:47AM -0700, Linus Torvalds wrote:
>> Plus on modern x86, you'll always get at least the hardware
>> randomness, which is fundamentally much better anyway.
>
> Right, my only intention was to get rid of those:
>
> [ 0.000000] random: get_random_bytes called from start_kernel+0x30/0x3d8 with crng_init=0

Ok, guys, you ALL need to learn that blindly just trying to get rid of
warnings IS A HORRIBLE IDEA.

People also need to learn that *adding* warnings isn't always a good
idea, exactly because then people will mindlessly react to them.

I *detest* bad compiler warnings for this reason. The number of
garbage patches that actually break working code that I've seen over
the year is mind-numbing.

> What do you propose? Keep 'em?

Keeping the warning (or removing the warning itself without changing
the code) is certainly preferable to trying to "fix" the warning by
bogus measures, yes.

> Or fix the above, snipped bit to conditionally do rdtsc() *once* or
> get_random_bytes() depending on the crng state?

Neither. Let's aim to make sure to fix the warning the *only* correct
way - by making sure the initialization _ordering_ is correct, not by
hacking around the caller code.

Maybe the warning message should be clarified to say that too. Make it
clear that the only acceptable fix is to change code ordering, not to
play games with randomness.

But maybe those places that currently trigger the warning should just
use "get_random_u32()" instead. That at least gets rid of the warning
if there's a fast architected hardware random thing (ie modern x86).

Linus