lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <80d40405-7105-4427-c2e8-5b63e45878d3@roeck-us.net>
Date:   Fri, 27 May 2022 10:39:28 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Pavel Machek <pavel@...x.de>
Cc:     Chris.Paterson2@...esas.com, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, torvalds@...ux-foundation.org,
        akpm@...ux-foundation.org, shuah@...nel.org, patches@...nelci.org,
        lkft-triage@...ts.linaro.org, jonathanh@...dia.com,
        f.fainelli@...il.com, sudipm.mukherjee@...il.com,
        slade@...dewatkins.com
Subject: Re: [PATCH 5.10 000/163] 5.10.119-rc1 review

On 5/27/22 09:59, Guenter Roeck wrote:
> On 5/27/22 08:53, Greg Kroah-Hartman wrote:
>> On Fri, May 27, 2022 at 04:14:21PM +0200, Pavel Machek wrote:
>>> Hi!
>>>
>>>> This is the start of the stable review cycle for the 5.10.119 release.
>>>> There are 163 patches in this series, all will be posted as a response
>>>> to this one.  If anyone has any issues with these being applied, please
>>>> let me know.
>>>
>>> Is there some kind of back-story why we are doing massive changes to
>>> /dev/random? 5.19-rc1 is not even out, so third of those changes did
>>> not get much testing.
>>
>> Did you miss the posting on the stable list that described all of this:
>>     https://lore.kernel.org/all/YouECCoUA6eZEwKf@zx2c4.com/
>>
> 
> That describes _what_ is done, but not _why_ the patches needed to be
> backported to older kernels. Normally I would see those as enhancements,
> not as bug fixes. Given that we (ChromeOS) have been hit by rng related
> issues before (specifically boot stalls on some hardware), I am quite
> concerned about the possible impact of this series for stable releases.
> 

Here is the missing information: This is required by NIST SP800-90B [1].
Without this set of changes, Linux distributions are expected to fail
FIPS validation in the future.

Guenter

---
[1] https://csrc.nist.gov/publications/detail/sp/800-90b/final

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ