lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 May 2022 10:39:28 -0700 From: Guenter Roeck <linux@...ck-us.net> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Pavel Machek <pavel@...x.de> Cc: Chris.Paterson2@...esas.com, linux-kernel@...r.kernel.org, stable@...r.kernel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, shuah@...nel.org, patches@...nelci.org, lkft-triage@...ts.linaro.org, jonathanh@...dia.com, f.fainelli@...il.com, sudipm.mukherjee@...il.com, slade@...dewatkins.com Subject: Re: [PATCH 5.10 000/163] 5.10.119-rc1 review On 5/27/22 09:59, Guenter Roeck wrote: > On 5/27/22 08:53, Greg Kroah-Hartman wrote: >> On Fri, May 27, 2022 at 04:14:21PM +0200, Pavel Machek wrote: >>> Hi! >>> >>>> This is the start of the stable review cycle for the 5.10.119 release. >>>> There are 163 patches in this series, all will be posted as a response >>>> to this one. If anyone has any issues with these being applied, please >>>> let me know. >>> >>> Is there some kind of back-story why we are doing massive changes to >>> /dev/random? 5.19-rc1 is not even out, so third of those changes did >>> not get much testing. >> >> Did you miss the posting on the stable list that described all of this: >> https://lore.kernel.org/all/YouECCoUA6eZEwKf@zx2c4.com/ >> > > That describes _what_ is done, but not _why_ the patches needed to be > backported to older kernels. Normally I would see those as enhancements, > not as bug fixes. Given that we (ChromeOS) have been hit by rng related > issues before (specifically boot stalls on some hardware), I am quite > concerned about the possible impact of this series for stable releases. > Here is the missing information: This is required by NIST SP800-90B [1]. Without this set of changes, Linux distributions are expected to fail FIPS validation in the future. Guenter --- [1] https://csrc.nist.gov/publications/detail/sp/800-90b/final
Powered by blists - more mailing lists