[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wiB0e_uGpidYHf+dV4eeT+XmG-+rQBx=JJ110R48QFFWw@mail.gmail.com>
Date: Sat, 14 Sep 2019 09:52:49 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: "Alexander E. Patrakov" <patrakov@...il.com>
Cc: "Ahmed S. Darwish" <darwish.07@...il.com>,
"Theodore Y. Ts'o" <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
Lennart Poettering <lennart@...ttering.net>,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8
On Sat, Sep 14, 2019 at 9:35 AM Alexander E. Patrakov
<patrakov@...il.com> wrote:
>
> Let me repeat: not -EINVAL, please. Please find some other error code,
> so that the application could sensibly distinguish between this case
> (low quality entropy is in the buffer) and the "kernel is too dumb" case
> (and no entropy is in the buffer).
I'm not convinced we want applications to see that difference.
The fact is, every time an application thinks it cares, it has caused
problems. I can just see systemd saying "ok, the kernel didn't block,
so I'll just do
while (getrandom(x) == -ENOENTROPY)
sleep(1);
instead. Which is still completely buggy garbage.
The fact is, we can't guarantee entropy in general. It's probably
there is practice, particularly with user space saving randomness from
last boot etc, but that kind of data may be real entropy, but the
kernel cannot *guarantee* that it is.
And people don't like us guaranteeing that rdrand/rdseed is "real
entropy" either, since they don't trust the CPU hw either.
Which means that we're all kinds of screwed. The whole "we guarantee
entropy" model is broken.
Linus
Powered by blists - more mailing lists