linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Theodore Tso <tytso@mit.edu>,
	Ard Biesheuvel <ardb@kernel.org>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 208/237] random: credit cpu and bootloader seeds by default
Date: Thu, 23 Jun 2022 18:44:02 +0200	[thread overview]
Message-ID: <20220623164349.133205684@linuxfoundation.org> (raw)
In-Reply-To: <20220623164343.132308638@linuxfoundation.org>

From: Jason A. Donenfeld <Jason@zx2c4.com>

[ Upstream commit 846bb97e131d7938847963cca00657c995b1fce1 ]

This commit changes the default Kconfig values of RANDOM_TRUST_CPU and
RANDOM_TRUST_BOOTLOADER to be Y by default. It does not change any
existing configs or change any kernel behavior. The reason for this is
several fold.

As background, I recently had an email thread with the kernel
maintainers of Fedora/RHEL, Debian, Ubuntu, Gentoo, Arch, NixOS, Alpine,
SUSE, and Void as recipients. I noted that some distros trust RDRAND,
some trust EFI, and some trust both, and I asked why or why not. There
wasn't really much of a "debate" but rather an interesting discussion of
what the historical reasons have been for this, and it came up that some
distros just missed the introduction of the bootloader Kconfig knob,
while another didn't want to enable it until there was a boot time
switch to turn it off for more concerned users (which has since been
added). The result of the rather uneventful discussion is that every
major Linux distro enables these two options by default.

While I didn't have really too strong of an opinion going into this
thread -- and I mostly wanted to learn what the distros' thinking was
one way or another -- ultimately I think their choice was a decent
enough one for a default option (which can be disabled at boot time).
I'll try to summarize the pros and cons:

Pros:

- The RNG machinery gets initialized super quickly, and there's no
  messing around with subsequent blocking behavior.

- The bootloader mechanism is used by kexec in order for the prior
  kernel to initialize the RNG of the next kernel, which increases
  the entropy available to early boot daemons of the next kernel.

- Previous objections related to backdoors centered around
  Dual_EC_DRBG-like kleptographic systems, in which observing some
  amount of the output stream enables an adversary holding the right key
  to determine the entire output stream.

  This used to be a partially justified concern, because RDRAND output
  was mixed into the output stream in varying ways, some of which may
  have lacked pre-image resistance (e.g. XOR or an LFSR).

  But this is no longer the case. Now, all usage of RDRAND and
  bootloader seeds go through a cryptographic hash function. This means
  that the CPU would have to compute a hash pre-image, which is not
  considered to be feasible (otherwise the hash function would be
  terribly broken).

- More generally, if the CPU is backdoored, the RNG is probably not the
  realistic vector of choice for an attacker.

- These CPU or bootloader seeds are far from being the only source of
  entropy. Rather, there is generally a pretty huge amount of entropy,
  not all of which is credited, especially on CPUs that support
  instructions like RDRAND. In other words, assuming RDRAND outputs all
  zeros, an attacker would *still* have to accurately model every single
  other entropy source also in use.

- The RNG now reseeds itself quite rapidly during boot, starting at 2
  seconds, then 4, then 8, then 16, and so forth, so that other sources
  of entropy get used without much delay.

- Paranoid users can set random.trust_{cpu,bootloader}=no in the kernel
  command line, and paranoid system builders can set the Kconfig options
  to N, so there's no reduction or restriction of optionality.

- It's a practical default.

- All the distros have it set this way. Microsoft and Apple trust it
  too. Bandwagon.

Cons:

- RDRAND *could* still be backdoored with something like a fixed key or
  limited space serial number seed or another indexable scheme like
  that. (However, it's hard to imagine threat models where the CPU is
  backdoored like this, yet people are still okay making *any*
  computations with it or connecting it to networks, etc.)

- RDRAND *could* be defective, rather than backdoored, and produce
  garbage that is in one way or another insufficient for crypto.

- Suggesting a *reduction* in paranoia, as this commit effectively does,
  may cause some to question my personal integrity as a "security
  person".

- Bootloader seeds and RDRAND are generally very difficult if not all
  together impossible to audit.

Keep in mind that this doesn't actually change any behavior. This
is just a change in the default Kconfig value. The distros already are
shipping kernels that set things this way.

Ard made an additional argument in [1]:

    We're at the mercy of firmware and micro-architecture anyway, given
    that we are also relying on it to ensure that every instruction in
    the kernel's executable image has been faithfully copied to memory,
    and that the CPU implements those instructions as documented. So I
    don't think firmware or ISA bugs related to RNGs deserve special
    treatment - if they are broken, we should quirk around them like we
    usually do. So enabling these by default is a step in the right
    direction IMHO.

In [2], Phil pointed out that having this disabled masked a bug that CI
otherwise would have caught:

    A clean 5.15.45 boots cleanly, whereas a downstream kernel shows the
    static key warning (but it does go on to boot). The significant
    difference is that our defconfigs set CONFIG_RANDOM_TRUST_BOOTLOADER=y
    defining that on top of multi_v7_defconfig demonstrates the issue on
    a clean 5.15.45. Conversely, not setting that option in a
    downstream kernel build avoids the warning

[1] https://lore.kernel.org/lkml/CAMj1kXGi+ieviFjXv9zQBSaGyyzeGW_VpMpTLJK8PJb2QHEQ-w@mail.gmail.com/
[2] https://lore.kernel.org/lkml/c47c42e3-1d56-5859-a6ad-976a1a3381c6@raspberrypi.com/

Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/char/Kconfig | 54 +++++++++++++++++++++++++++-----------------
 1 file changed, 33 insertions(+), 21 deletions(-)

diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 3efb8a74dc01..e329d1cc019a 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -588,29 +588,41 @@ config TILE_SROM
 
 source "drivers/char/xillybus/Kconfig"
 
-endmenu
-
 config RANDOM_TRUST_CPU
-	bool "Trust the CPU manufacturer to initialize Linux's CRNG"
-	depends on X86 || S390 || PPC
-	default n
+	bool "Initialize RNG using CPU RNG instructions"
+	default y
+	depends on ARCH_RANDOM
 	help
-	Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or
-	RDRAND, IBM for the S390 and Power PC architectures) is trustworthy
-	for the purposes of initializing Linux's CRNG.  Since this is not
-	something that can be independently audited, this amounts to trusting
-	that CPU manufacturer (perhaps with the insistence or mandate
-	of a Nation State's intelligence or law enforcement agencies)
-	has not installed a hidden back door to compromise the CPU's
-	random number generation facilities. This can also be configured
-	at boot with "random.trust_cpu=on/off".
+	  Initialize the RNG using random numbers supplied by the CPU's
+	  RNG instructions (e.g. RDRAND), if supported and available. These
+	  random numbers are never used directly, but are rather hashed into
+	  the main input pool, and this happens regardless of whether or not
+	  this option is enabled. Instead, this option controls whether the
+	  they are credited and hence can initialize the RNG. Additionally,
+	  other sources of randomness are always used, regardless of this
+	  setting.  Enabling this implies trusting that the CPU can supply high
+	  quality and non-backdoored random numbers.
+
+	  Say Y here unless you have reason to mistrust your CPU or believe
+	  its RNG facilities may be faulty. This may also be configured at
+	  boot time with "random.trust_cpu=on/off".
 
 config RANDOM_TRUST_BOOTLOADER
-	bool "Trust the bootloader to initialize Linux's CRNG"
+	bool "Initialize RNG using bootloader-supplied seed"
+	default y
 	help
-	Some bootloaders can provide entropy to increase the kernel's initial
-	device randomness. Say Y here to assume the entropy provided by the
-	booloader is trustworthy so it will be added to the kernel's entropy
-	pool. Otherwise, say N here so it will be regarded as device input that
-	only mixes the entropy pool. This can also be configured at boot with
-	"random.trust_bootloader=on/off".
+	  Initialize the RNG using a seed supplied by the bootloader or boot
+	  environment (e.g. EFI or a bootloader-generated device tree). This
+	  seed is not used directly, but is rather hashed into the main input
+	  pool, and this happens regardless of whether or not this option is
+	  enabled. Instead, this option controls whether the seed is credited
+	  and hence can initialize the RNG. Additionally, other sources of
+	  randomness are always used, regardless of this setting. Enabling
+	  this implies trusting that the bootloader can supply high quality and
+	  non-backdoored seeds.
+
+	  Say Y here unless you have reason to mistrust your bootloader or
+	  believe its RNG facilities may be faulty. This may also be configured
+	  at boot time with "random.trust_bootloader=on/off".
+
+endmenu
-- 
2.35.1




  parent reply	other threads:[~2022-06-23 17:43 UTC|newest]

Thread overview: 240+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-23 16:40 [PATCH 4.14 000/237] 4.14.285-rc1 review Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 001/237] 9p: missing chunk of "fs/9p: Dont update file type when updating file attributes" Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 002/237] crypto: chacha20 - Fix keystream alignment for chacha20_block() Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 003/237] random: always fill buffer in get_random_bytes_wait Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 004/237] random: optimize add_interrupt_randomness Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 005/237] drivers/char/random.c: remove unused dont_count_entropy Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 006/237] random: Fix whitespace pre random-bytes work Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 007/237] random: Return nbytes filled from hw RNG Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 008/237] random: add a config option to trust the CPUs hwrng Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 009/237] random: remove preempt disabled region Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 010/237] random: Make crng state queryable Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 011/237] random: make CPU trust a boot parameter Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 012/237] drivers/char/random.c: constify poolinfo_table Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 013/237] drivers/char/random.c: remove unused stuct poolinfo::poolbits Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 014/237] drivers/char/random.c: make primary_crng static Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 015/237] random: only read from /dev/random after its pool has received 128 bits Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 016/237] random: move rand_initialize() earlier Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 017/237] random: document get_random_int() family Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 018/237] latent_entropy: avoid build error when plugin cflags are not set Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 019/237] random: fix soft lockup when trying to read from an uninitialized blocking pool Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 020/237] random: Support freezable kthreads in add_hwgenerator_randomness() Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 021/237] fdt: add support for rng-seed Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 022/237] random: Use wait_event_freezable() in add_hwgenerator_randomness() Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 023/237] char/random: Add a newline at the end of the file Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 024/237] Revert "hwrng: core - Freeze khwrng thread during suspend" Greg Kroah-Hartman
2022-06-23 16:40 ` [PATCH 4.14 025/237] crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 026/237] crypto: blake2s - generic C library implementation and selftest Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 027/237] lib/crypto: blake2s: move hmac construction into wireguard Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 028/237] lib/crypto: sha1: re-roll loops to reduce code size Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 029/237] random: Dont wake crng_init_wait when crng_init == 1 Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 030/237] random: Add a urandom_read_nowait() for random APIs that dont warn Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 031/237] random: add GRND_INSECURE to return best-effort non-cryptographic bytes Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 032/237] random: ignore GRND_RANDOM in getentropy(2) Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 033/237] random: make /dev/random be almost like /dev/urandom Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 034/237] char/random: silence a lockdep splat with printk() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 035/237] random: fix crash on multiple early calls to add_bootloader_randomness() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 036/237] random: remove the blocking pool Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 037/237] random: delete code to pull data into pools Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 038/237] random: remove kernel.random.read_wakeup_threshold Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 039/237] random: remove unnecessary unlikely() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 040/237] random: convert to ENTROPY_BITS for better code readability Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 041/237] random: Add and use pr_fmt() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 042/237] random: fix typo in add_timer_randomness() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 043/237] random: remove some dead code of poolinfo Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 044/237] random: split primary/secondary crng init paths Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 045/237] random: avoid warnings for !CONFIG_NUMA builds Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 046/237] x86: Remove arch_has_random, arch_has_random_seed Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 047/237] powerpc: " Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 048/237] s390: " Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 049/237] linux/random.h: " Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 050/237] linux/random.h: Use false with bool Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 051/237] linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 052/237] powerpc: Use bool in archrandom.h Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 053/237] random: add arch_get_random_*long_early() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 054/237] random: avoid arch_get_random_seed_long() when collecting IRQ randomness Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 055/237] random: remove dead code left over from blocking pool Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 056/237] MAINTAINERS: co-maintain random.c Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 057/237] crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 058/237] crypto: blake2s - adjust include guard naming Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 059/237] random: document add_hwgenerator_randomness() with other input functions Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 060/237] random: remove unused irq_flags argument from add_interrupt_randomness() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 061/237] random: use BLAKE2s instead of SHA1 in extraction Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 062/237] random: do not sign extend bytes for rotation when mixing Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 063/237] random: do not re-init if crng_reseed completes before primary init Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 064/237] random: mix bootloader randomness into pool Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 065/237] random: harmonize "crng init done" messages Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 066/237] random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 067/237] random: initialize ChaCha20 constants with correct endianness Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 068/237] random: early initialization of ChaCha constants Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 069/237] random: avoid superfluous call to RDRAND in CRNG extraction Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 070/237] random: dont reset crng_init_cnt on urandom_read() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 071/237] random: fix typo in comments Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 072/237] random: cleanup poolinfo abstraction Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 073/237] crypto: chacha20 - Fix chacha20_block() keystream alignment (again) Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 074/237] random: cleanup integer types Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 075/237] random: remove incomplete last_data logic Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 076/237] random: remove unused extract_entropy() reserved argument Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 077/237] random: try to actively add entropy rather than passively wait for it Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 078/237] random: rather than entropy_store abstraction, use global Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 079/237] random: remove unused OUTPUT_POOL constants Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 080/237] random: de-duplicate INPUT_POOL constants Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 081/237] random: prepend remaining pool constants with POOL_ Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 082/237] random: cleanup fractional entropy shift constants Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 083/237] random: access input_pool_data directly rather than through pointer Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 084/237] random: simplify arithmetic function flow in account() Greg Kroah-Hartman
2022-06-23 16:41 ` [PATCH 4.14 085/237] random: continually use hwgenerator randomness Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 086/237] random: access primary_pool directly rather than through pointer Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 087/237] random: only call crng_finalize_init() for primary_crng Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 088/237] random: use computational hash for entropy extraction Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 089/237] random: simplify entropy debiting Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 090/237] random: use linear min-entropy accumulation crediting Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 091/237] random: always wake up entropy writers after extraction Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 092/237] random: make credit_entropy_bits() always safe Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 093/237] random: remove use_input_pool parameter from crng_reseed() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 094/237] random: remove batched entropy locking Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 095/237] random: fix locking in crng_fast_load() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 096/237] random: use RDSEED instead of RDRAND in entropy extraction Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 097/237] random: inline leaves of rand_initialize() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 098/237] random: ensure early RDSEED goes through mixer on init Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 099/237] random: do not xor RDRAND when writing into /dev/random Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 100/237] random: absorb fast pool into input pool after fast load Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 101/237] random: use hash function for crng_slow_load() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 102/237] random: remove outdated INT_MAX >> 6 check in urandom_read() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 103/237] random: zero buffer after reading entropy from userspace Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 104/237] random: tie batched entropy generation to base_crng generation Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 105/237] random: remove ifdefd out interrupt bench Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 106/237] random: remove unused tracepoints Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 107/237] random: add proper SPDX header Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 108/237] random: deobfuscate irq u32/u64 contributions Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 109/237] random: introduce drain_entropy() helper to declutter crng_reseed() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 110/237] random: remove useless header comment Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 111/237] random: remove whitespace and reorder includes Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 112/237] random: group initialization wait functions Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 113/237] random: group entropy extraction functions Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 114/237] random: group entropy collection functions Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 115/237] random: group userspace read/write functions Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 116/237] random: group sysctl functions Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 117/237] random: rewrite header introductory comment Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 118/237] random: defer fast pool mixing to worker Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 119/237] random: do not take pool spinlock at boot Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 120/237] random: unify early init crng load accounting Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 121/237] random: check for crng_init == 0 in add_device_randomness() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 122/237] random: pull add_hwgenerator_randomness() declaration into random.h Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 123/237] random: clear fast pool, crng, and batches in cpuhp bring up Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 124/237] random: round-robin registers as ulong, not u32 Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 125/237] random: only wake up writers after zap if threshold was passed Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 126/237] random: cleanup UUID handling Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 127/237] random: unify cycles_t and jiffies usage and types Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 128/237] random: do crng pre-init loading in worker rather than irq Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 129/237] random: give sysctl_random_min_urandom_seed a more sensible value Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 130/237] random: dont let 644 read-only sysctls be written to Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 131/237] random: replace custom notifier chain with standard one Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 132/237] random: use SipHash as interrupt entropy accumulator Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 133/237] random: make consistent usage of crng_ready() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 134/237] random: reseed more often immediately after booting Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 135/237] random: check for signal and try earlier when generating entropy Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 136/237] random: skip fast_init if hwrng provides large chunk of entropy Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 137/237] random: treat bootloader trust toggle the same way as cpu trust toggle Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 138/237] random: re-add removed comment about get_random_{u32,u64} reseeding Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 139/237] random: mix build-time latent entropy into pool at init Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 140/237] random: do not split fast init input in add_hwgenerator_randomness() Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 141/237] random: do not allow user to keep crng key around on stack Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 142/237] random: check for signal_pending() outside of need_resched() check Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 143/237] random: check for signals every PAGE_SIZE chunk of /dev/[u]random Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 144/237] random: make random_get_entropy() return an unsigned long Greg Kroah-Hartman
2022-06-23 16:42 ` [PATCH 4.14 145/237] random: document crng_fast_key_erasure() destination possibility Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 146/237] random: fix sysctl documentation nits Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 147/237] init: call time_init() before rand_initialize() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 148/237] ia64: define get_cycles macro for arch-override Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 149/237] s390: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 150/237] parisc: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 151/237] alpha: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 152/237] powerpc: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 153/237] timekeeping: Add raw clock fallback for random_get_entropy() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 154/237] m68k: use fallback for random_get_entropy() instead of zero Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 155/237] mips: use fallback for random_get_entropy() instead of just c0 random Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 156/237] arm: use fallback for random_get_entropy() instead of zero Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 157/237] nios2: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 158/237] x86/tsc: Use " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 159/237] um: use " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 160/237] sparc: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 161/237] xtensa: " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 162/237] random: insist on random_get_entropy() existing in order to simplify Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 163/237] random: do not use batches when !crng_ready() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 164/237] random: do not pretend to handle premature next security model Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 165/237] random: order timer entropy functions below interrupt functions Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 166/237] random: do not use input pool from hard IRQs Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 167/237] random: help compiler out with fast_mix() by using simpler arguments Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 168/237] siphash: use one source of truth for siphash permutations Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 169/237] random: use symbolic constants for crng_init states Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 170/237] random: avoid initializing twice in credit race Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 171/237] random: remove ratelimiting for in-kernel unseeded randomness Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 172/237] random: use proper jiffies comparison macro Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 173/237] random: handle latent entropy and command line from random_init() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 174/237] random: credit architectural init the exact amount Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 175/237] random: use static branch for crng_ready() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 176/237] random: remove extern from functions in header Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 177/237] random: use proper return types on get_random_{int,long}_wait() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 178/237] random: move initialization functions out of hot pages Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 179/237] random: move randomize_page() into mm where it belongs Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 180/237] random: convert to using fops->write_iter() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 181/237] random: wire up fops->splice_{read,write}_iter() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 182/237] random: check for signals after page of pool writes Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 183/237] Revert "random: use static branch for crng_ready()" Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 184/237] crypto: drbg - add FIPS 140-2 CTRNG for noise source Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 185/237] crypto: drbg - always seeded with SP800-90B compliant " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 186/237] crypto: drbg - prepare for more fine-grained tracking of seeding state Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 187/237] crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 188/237] crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 189/237] crypto: drbg - always try to free Jitter RNG instance Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 190/237] crypto: drbg - make reseeding from get_random_bytes() synchronous Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 191/237] random: avoid checking crng_ready() twice in random_init() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 192/237] random: mark bootloader randomness code as __init Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 193/237] random: account for arch randomness in bits Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 194/237] ASoC: cs42l52: Fix TLV scales for mixer controls Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 195/237] ASoC: cs53l30: Correct number of volume levels on SX controls Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 196/237] ASoC: cs42l52: Correct TLV for Bypass Volume Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 197/237] ASoC: cs42l56: Correct typo in minimum level for SX volume controls Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 198/237] ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 199/237] ASoC: wm8962: Fix suspend while playing music Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 200/237] scsi: vmw_pvscsi: Expand vcpuHint to 16 bits Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 201/237] scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 202/237] scsi: ipr: Fix missing/incorrect resource cleanup in error case Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 203/237] scsi: pmcraid: Fix missing " Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 204/237] virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed Greg Kroah-Hartman
2022-06-23 16:43 ` [PATCH 4.14 205/237] nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 206/237] ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 207/237] net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag Greg Kroah-Hartman
2022-06-23 16:44 ` Greg Kroah-Hartman [this message]
2022-06-23 16:44 ` [PATCH 4.14 209/237] pNFS: Dont keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 210/237] i40e: Fix call trace in setup_tx_descriptors Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 211/237] tty: goldfish: Fix free_irq() on remove Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 212/237] misc: atmel-ssc: Fix IRQ check in ssc_probe Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 213/237] net: bgmac: Fix an erroneous kfree() in bgmac_remove() Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 214/237] arm64: ftrace: fix branch range checks Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 215/237] certs/blacklist_hashes.c: fix const confusion in certs blacklist Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 216/237] irqchip/gic/realview: Fix refcount leak in realview_gic_of_init Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 217/237] comedi: vmk80xx: fix expression for tx buffer size Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 218/237] USB: serial: option: add support for Cinterion MV31 with new baseline Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 219/237] USB: serial: io_ti: add Agilent E5805A support Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 220/237] usb: dwc2: Fix memory leak in dwc2_hcd_init Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 221/237] usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 222/237] serial: 8250: Store to lsr_save_flags after lsr read Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 223/237] ext4: fix bug_on ext4_mb_use_inode_pa Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 224/237] ext4: make variable "count" signed Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 225/237] ext4: add reserved GDT blocks check Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 226/237] virtio-pci: Remove wrong address verification in vp_del_vqs() Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 227/237] l2tp: dont use inet_shutdown on ppp session destroy Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 228/237] l2tp: fix race in pppol2tp_release with session object destroy Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 229/237] s390/mm: use non-quiescing sske for KVM switch to keyed guest Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 230/237] usb: gadget: u_ether: fix regression in setting fixed MAC address Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 231/237] xprtrdma: fix incorrect header size calculations Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 232/237] tcp: add some entropy in __inet_hash_connect() Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 233/237] tcp: use different parts of the port_offset for index and offset Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 234/237] tcp: add small random increments to the source port Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 235/237] tcp: dynamically allocate the perturb table used by source ports Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 236/237] tcp: increase source port perturb table to 2^16 Greg Kroah-Hartman
2022-06-23 16:44 ` [PATCH 4.14 237/237] tcp: drop the hash_32() part from the index calculation Greg Kroah-Hartman
2022-06-24 23:34 ` [PATCH 4.14 000/237] 4.14.285-rc1 review Guenter Roeck
2022-06-25 13:50 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220623164349.133205684@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=Jason@zx2c4.com \
    --cc=ardb@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).