On 16 September 2019 18:05:57 GMT-07:00, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: >On Mon, Sep 16, 2019 at 4:29 PM Ahmed S. Darwish <darwish.07@xxxxxxxxx> >wrote: >> >> Linus, in all honesty, the other case is _not_ a hypothetical . > >Oh yes it is. > >You're confusing "use" with "breakage". > >The _use_ of getrandom(0) for key generation isn't hypothetical. > >But the _breakage_ from the suggested patch that makes it time out is. > >See the difference? > >The thing is, to break, you have to > > (a) do that key generation at boot time > > (b) do it on an idle machine that doesn't have entropy Exactly the scenario where you want getrandom() to block, yes. >in order to basically reproduce the current boot-time hang situation >with the broken gdm, except with an actual "generate key". > >Then you have to ignore the big warning too. The big warning that's only printed in dmesg? -- Matthew Garrett | mjg59@xxxxxxxxxxxxx
