| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Apr 2019 23:35:46 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Jon DeVree <nuxi@...lt24.org>
Cc: linux-kernel@...r.kernel.org, Jason@...c4.com
Subject: Re: [PATCH] random: fix CRNG initialization when random.trust_cpu=1
On Tue, Mar 19, 2019 at 01:28:47PM -0400, Jon DeVree wrote:
> When the system boots with random.trust_cpu=1 it doesn't initialize the
> per-NUMA CRNGs because it skips the rest of the CRNG startup code. This
> means that the code from 1e7f583af67b ("random: make /dev/urandom scalable
> for silly userspace programs") is not used when random.trust_cpu=1.
>
> crash> dmesg | grep random:
> [ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x530 with crng_init=0
> [ 0.314029] random: crng done (trusting CPU's manufacturer)
> crash> print crng_node_pool
> $6 = (struct crng_state **) 0x0
>
> After adding the missing call to numa_crng_init() the per-NUMA CRNGs are
> initialized again:
>
> crash> dmesg | grep random:
> [ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x530 with crng_init=0
> [ 0.314031] random: crng done (trusting CPU's manufacturer)
> crash> print crng_node_pool
> $1 = (struct crng_state **) 0xffff9a915f4014a0
>
> The call to invalidate_batched_entropy() was also missing. This is
> important for architectures like PPC and S390 which only have the
> arch_get_random_seed_* functions.
>
> Fixes: 39a8883a2b98 ("random: add a config option to trust the CPU's hwrng")
> Signed-off-by: Jon DeVree <nuxi@...lt24.org>
Thanks, applied.
- Ted
Powered by blists - more mailing lists