Re: Linux 5.3-rc8

From: Linus Torvalds
Date: Sat Sep 14 2019 - 15:20:04 EST

Next message: Srinivas Pandruvada: "Re: [PATCH 0/5] tools/power/x86/intel-speed-select: New command and"
Previous message: Palmer Dabbelt: "Re: [PATCH] irqchip/sifive-plic: add irq_mask and irq_unmask"
In reply to: Alexander E. Patrakov: "Re: Linux 5.3-rc8"
Next in thread: Lennart Poettering: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 14, 2019 at 10:09 AM Alexander E. Patrakov
<patrakov@xxxxxxxxx> wrote:
>
> > Which means that we're all kinds of screwed. The whole "we guarantee
> > entropy" model is broken.
>
> I agree here. Given that you suggested "to just fill the buffer and
> return 0" in the previous mail (well, I think you really meant "return
> buflen", otherwise ENOENTROPY == 0 and your previous objection applies),

Right.

The question remains when we should WARN_ON(), though.

For example, if somebody did save entropy between boots, we probably
should accept that - at least in the sense of not warning when they
then ask for randomness data back.

And if the hardware does have a functioning rdrand, we probably should
accept that too - simply because not accepting it and warning sounds a
bit too annoying.

But we definitely *should* have a warning for people who build
embedded devices that we can't see any reasonable amount of possible
entropy. Those have definitely happened, and it's a serious and real
security issue.

> let's do just that. As a bonus, it saves applications from the complex
> dance with retrying via /dev/urandom and finally brings a reliable API
> (modulo old and broken kernels) to get random numbers (well, as random
> as possible right now) without needing a file descriptor.

Yeah, well, the question in the end always is "what is reliable".

Waiting has definitely not been reliable, and has only ever caused problems.

Returning an error (or some status while still doing a best effort)
would be reasonable, but I really do think that people will mis-use
that. We just have too much of a history of people having the mindset
that they can just fall back to something better - like waiting - and
they are always wrong.

Just returning random data is the right thing, but we do need to make
sure that system developers see a warning if they do something
obviously wrong (so that the embedded people without even a real-time
clock to initialize any bits of entropy AT ALL won't think that they
can generate a system key on their router).

Linus

Next message: Srinivas Pandruvada: "Re: [PATCH 0/5] tools/power/x86/intel-speed-select: New command and"
Previous message: Palmer Dabbelt: "Re: [PATCH] irqchip/sifive-plic: add irq_mask and irq_unmask"
In reply to: Alexander E. Patrakov: "Re: Linux 5.3-rc8"
Next in thread: Lennart Poettering: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]