On Fri, Feb 11, 2022 at 1:08 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
Maybe. And this is why this is a request for grumbles patch: the Linus Jitter Dance relies on random_get_entropy() returning a cycle counter value.
Yeah. I think this patch is fine for architectures that do have that cycle counter value. Considering that the jitter thing has been there for 2.5 years by now, and nobody has really complained about it (*), I think we can call that thing a success. And on those architectures where try_to_generate_entropy() works, removing the code that then does that GRND_INSECURE makes sense. We just don't have any such case any more. BUT. When try_to_generate_entropy() doesn't work, I think you now removed the possible fallback for user space to say "yeah, just give me best effort". And you might re-introduce a deadlock as a result. Those systems are arguably broken from a randomness standpoint - what the h*ll are you supposed to do if there's nothing generating entropy - but broken or not, I suspect they still exists. Those horrendous MIPS things were quite common in embedded networking (routers, access points - places that *should* care) Do I have a constructive suggestion for those broken platforms? No, I don't. That arguably is the reason for GRND_INSECURE existing, and the reason to keep it around. Long story short: I like your patch, but I worry that it would cause problems on broken platforms. And almost nobody tests those broken platforms: even people who build new kernels for those embedded networking things probably end up using said kernels with an existing user space setup - where people have some existing saved source of pseudo-entropy. So they might not ever even trigger the "first boot problem" that tends to be the worst case. I'd be willing to apply such a thing anyway - at some point "worry about broken platforms" ends up being too weak an excuse not to just apply it - but I'd like to hear more of a reason for this simplification. If it's just "slight cleanup", maybe we should just keep the stupid stuff around as a "doesn't hurt good platforms, might help broken ones". Linus (*) Honestly, I think all the complaints would have been from the theoretical posers that don't have any practical suggestions anyway