From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14C57C4CECB for ; Thu, 12 Sep 2019 11:35:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E046420684 for ; Thu, 12 Sep 2019 11:35:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1568288108; bh=ysIBs7xyasl4sNXtJn0FnTX+Y4HNAIYUBNHh5rd0is4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:List-ID:From; b=b/v2E6E6+9cbQtyYczpUvFgH/SPkGU4f7KOWQ4BEejmGmjx4aACo0KtHIpV70uoWL e/QH3BIrDw/zmLc3f4MevUvxFOWdimkZVHyBqoctHFd/NWRbXyKmCcP7wQOWEyt9RC zozHQA46c5/rWqOlogMxk/uWgLstU2pQyoGhGELo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731370AbfILLfG (ORCPT ); Thu, 12 Sep 2019 07:35:06 -0400 Received: from mail-lj1-f172.google.com ([209.85.208.172]:35150 "EHLO mail-lj1-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730982AbfILLfG (ORCPT ); Thu, 12 Sep 2019 07:35:06 -0400 Received: by mail-lj1-f172.google.com with SMTP id q22so18667994ljj.2 for ; Thu, 12 Sep 2019 04:35:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EJEjXo6Uv0jyp2+Brgg1JL8WxFYC+E50/NKS1o8RgP4=; b=SoqpQsGN0urBE3TZhDDbfGxMqQFL1cSw3SqSCRD7jsTJhbHzZSr7ZZSQZhcXfxdkDc rNbyzfu3s7rI7jD4hkuWmJhs7sZYsjUnj7IUIPx0yWxF6qwKRfkFXQOSdwttIBTxaccA Gqqy35oMPqJwLuP5+0ltXVj/AffUCCXYemJFA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EJEjXo6Uv0jyp2+Brgg1JL8WxFYC+E50/NKS1o8RgP4=; b=b54qBpyfsv/jKAPy+h1iTQJEkxFzjkU06UsaJNnYyo9tBO12+OiNuXy+Kf7rf9gAw1 55tu0U+1yWoRt9C55qmEg+7ZcuIVTopceKvvWT3mq+H+yEADFcl/UOsFR8kx3JSeQLC7 VhUcYamH93lJsj9xg9lf5bNS5oYOPyHzhTn2CIPs/P7ZxJDP3hoQjlc5JhEMA11srNjP 1wRKb6v6njyxGSDYMXPdw77cIJWnAPMSTLp291DCMz3C/YqGjmLy4R6pkCmCVorDTNbH 5hAgXs6gY+2iSCA92Wxr4XO7uS50BLfheWejMxeoSdio0qlvHrGEEY/vp1xhB0f2hCBF sI9A== X-Gm-Message-State: APjAAAWLafqmSwDHXq0OiGjNNg/adD/0NR1KqYRHI6rbyrrTPiIVB6dr ShzHtyNUkno5e3hRWKLFhTcAb+mKsIKIUg== X-Google-Smtp-Source: APXvYqzQmD7B29KPodHQGPUQGnKwRgNDHg13eDWpjLHj1UWg+4KPN8sf80sMpYJofJBJqS+xeZggPQ== X-Received: by 2002:a2e:9d0d:: with SMTP id t13mr4999972lji.169.1568288103832; Thu, 12 Sep 2019 04:35:03 -0700 (PDT) Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com. [209.85.208.180]) by smtp.gmail.com with ESMTPSA id d12sm6175262lfn.93.2019.09.12.04.35.01 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 12 Sep 2019 04:35:01 -0700 (PDT) Received: by mail-lj1-f180.google.com with SMTP id y5so12435391lji.4 for ; Thu, 12 Sep 2019 04:35:01 -0700 (PDT) X-Received: by 2002:a2e:814d:: with SMTP id t13mr26938394ljg.72.1568288101290; Thu, 12 Sep 2019 04:35:01 -0700 (PDT) MIME-Version: 1.0 References: <20190910042107.GA1517@darwi-home-pc> <20190910173243.GA3992@darwi-home-pc> <20190911160729.GF2740@mit.edu> <20190911173624.GI2740@mit.edu> <20190912034421.GA2085@darwi-home-pc> <20190912082530.GA27365@mit.edu> In-Reply-To: <20190912082530.GA27365@mit.edu> From: Linus Torvalds Date: Thu, 12 Sep 2019 12:34:45 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Linux 5.3-rc8 To: "Theodore Y. Ts'o" Cc: "Ahmed S. Darwish" , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Archived-At: List-Archive: List-Post: On Thu, Sep 12, 2019 at 9:25 AM Theodore Y. Ts'o wrote: > > Hmm, one thought might be GRND_FAILSAFE, which will wait up to two > minutes before returning "best efforts" randomness and issuing a huge > massive warning if it is triggered? Yeah, based on (by now) _years_ of experience with people mis-using "get me random numbers", I think the sense of a new flag needs to be "yeah, I'm willing to wait for it". Because most people just don't want to wait for it, and most people don't think about it, and we need to make the default be for that "don't think about it" crowd, with the people who ask for randomness sources for a secure key having to very clearly and very explicitly say "Yes, I understand that this can take minutes and can only be done long after boot". Even then people will screw that up because they copy code, or some less than gifted rodent writes a library and decides "my library is so important that I need that waiting sooper-sekrit-secure random number", and then people use that broken library by mistake without realizing that it's not going to be reliable at boot time. An alternative might be to make getrandom() just return an error instead of waiting. Sure, fill the buffer with "as random as we can" stuff, but then return -EINVAL because you called us too early. Linus