On Wed, Jan 29, 2020 at 07:39:39PM -0500, Theodore Y. Ts'o wrote:
> On Tue, Jan 28, 2020 at 11:59:28AM -0800, Linus Torvalds wrote:
> > On Tue, Jan 28, 2020 at 11:34 AM Noah Meyerhans <noahm@xxxxxxxxxx> wrote:
> > >
> > > Added torvalds and tytso to the CC list. Linus and Ted, what do you
> > > think of the idea of applying 50ee7529ec45 ("random: try to actively add
> > > entropy rather than passively wait for it") to the 4.19.y and 4.14.y
> > > kernels?
> >
> > By now I suspect it's the right thing to do. Nobody has complained
> > about it, and it fixed real issues during boot.
> >
> > Some of those real issues may have ended up being just unnecessary
> > delays rather than complete lockups, but still..
>
> FWIW, at $WORK we backported the patch, but we also added an out of
> tree patch to disable it on non-x86 systems. That's mainly because
> I'm still hesitant about the safety of relying on this on non-x86
> architectures that may have a much simpler micro-archtecture, and
> which don't have RDRAND. But we also have a much more stringent
> (paranoid?) philosophy where if there is a risk that our kernels might
> be penetrated by a nation-state (viz. Operation Aurora), booting
> lockups so we know that we might have a problem that should be
> examined by a human being is actually *preferable*.
Ok, I've applied this to 4.19.y. I'm guessing that anyone who had this
type of problem in 4.14.y has long upgraded their kernels, and that
kernel is pretty much only in already-shipping devices, not "new"
things.
Let's see what breaks :)
thanks,
greg k-h
