lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Sep 2019 15:02:26 +0200
From:   Laurent Vivier <lvivier@...hat.com>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     linux-kernel@...r.kernel.org, Amit Shah <amit@...nel.org>,
        linux-crypto@...r.kernel.org, Matt Mackall <mpm@...enic.com>
Subject: Re: [PATCH] hw_random: don't wait on add_early_randomness()

On 17/09/2019 14:40, Herbert Xu wrote:
> On Tue, Sep 17, 2019 at 11:54:50AM +0200, Laurent Vivier wrote:
>> add_early_randomness() is called by hwrng_register() when the
>> hardware is added. If this hardware and its module are present
>> at boot, and if there is no data available the boot hangs until
>> data are available and can't be interrupted.
>>
>> To avoid that, call rng_get_data() in non-blocking mode (wait=0)
>> from add_early_randomness().
>>
>> Signed-off-by: Laurent Vivier <lvivier@...hat.com>
>> ---
>>  drivers/char/hw_random/core.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Please provide more context in your patch description such as which
> driver actually causes a hang here.

I can add in the next version:

"For instance, in the case of virtio-rng, in some cases the host can be
not able to provide enough entropy for all the guests.

We can have two easy ways to reproduce the problem but they rely on
misconfiguration of the hypervisor or the egd daemon:

- if virtio-rng device is configured to connect to the egd daemon of the
host but when the virtio-rng driver asks for data the daemon is not
connected,

- if virtio-rng device is configured to connect to the egd daemon of the
host but the egd daemon doesn't provide data.

The guest kernel will hang at boot until the virtio-rng driver provides
enough data."

More context:

I've proposed to add a watchdog at the hypervisor level to release the
read after a timeout but this changes the behavior of the blocking read
to become non-blocking after a while, and making the call to
rng_get_data() in add_early_randomness() non-blocking seems to me a
better approach: I'm not sure it is really needed to have a blocking
call at this time in the boot sequence.

Any advice is welcome.

Thanks,
Laurent

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ