Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-09 Thread Theodore Ts'o
On Thu, Feb 09, 2017 at 01:13:22AM -0700, Alden Tondettar wrote: > And using: > > $ qemu-system-x86_64 --version > QEMU emulator version 2.1.2 (Debian 1:2.1+dfsg-12+deb8u6), Copyright (c) > 2003-2008 Fabrice Bellard > $ qemu-system-x86_64 -nographic -enable-kvm -m 1024M -kernel bzImage -append >

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-09 Thread Theodore Ts'o
OK, I figured out what is going on with your test results. If you use qemu-system-x86_64 **without** --enable-kvm, then on both the Debian Jessie version of qemu as well as the Debian Stretch version of qemu, crng_fast_load() will be called _twice_ before crng_initialize has a chance to be called.

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-09 Thread Stephan Müller
Am Donnerstag, 9. Februar 2017, 02:04:32 CET schrieb Alden Tondettar: Hi Alden, > On Thu, Feb 09, 2017 at 07:47:25AM +0100, Greg Kroah-Hartman wrote: > > On Wed, Feb 08, 2017 at 08:31:26PM -0700, Alden Tondettar wrote: > > > In short, the situation is: > > > > > > A) No usable hardware RNG or ar

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-09 Thread Greg Kroah-Hartman
On Thu, Feb 09, 2017 at 02:04:32AM -0700, Alden Tondettar wrote: > On Thu, Feb 09, 2017 at 07:47:25AM +0100, Greg Kroah-Hartman wrote: > > On Wed, Feb 08, 2017 at 08:31:26PM -0700, Alden Tondettar wrote: > > > In short, the situation is: > > > > > > A) No usable hardware RNG or arch_get_random() (

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-09 Thread Alden Tondettar
On Thu, Feb 09, 2017 at 07:47:25AM +0100, Greg Kroah-Hartman wrote: > On Wed, Feb 08, 2017 at 08:31:26PM -0700, Alden Tondettar wrote: > > In short, the situation is: > > > > A) No usable hardware RNG or arch_get_random() (or we don't trust it...) > > Wait, why would you not trust arch_get_random

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-09 Thread Alden Tondettar
On Wed, Feb 08, 2017 at 11:19:31PM -0500, Theodore Ts'o wrote: > How did you determine when crng_initialize() was being called? On a > VM generally there are fewer interrupts than on real hardware. On > KVM, for I see the random: fast_init message being printed 3.6 seconds > into the boot. > > O

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-08 Thread Greg Kroah-Hartman
On Wed, Feb 08, 2017 at 08:31:26PM -0700, Alden Tondettar wrote: > In short, the situation is: > > A) No usable hardware RNG or arch_get_random() (or we don't trust it...) Wait, why would you not trust arch_get_random()? Is it broken somehow on some arches? If so, why not fix that as well? tha

Re: [PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-08 Thread Theodore Ts'o
On Wed, Feb 08, 2017 at 08:31:26PM -0700, Alden Tondettar wrote: > The new non-blocking system introduced in commit e192be9d9a30 ("random: > replace non-blocking pool with a Chacha20-based CRNG") can under > some circumstances report itself initialized while it still contains > dangerously little e

[PATCH] random: Don't overwrite CRNG state in crng_initialize()

2017-02-08 Thread Alden Tondettar
The new non-blocking system introduced in commit e192be9d9a30 ("random: replace non-blocking pool with a Chacha20-based CRNG") can under some circumstances report itself initialized while it still contains dangerously little entropy, as follows: Approximately every 64th call to add_interrupt_rando