On Wed, Jan 29, 2020 at 07:39:39PM -0500, Theodore Y. Ts'o wrote:
On Tue, Jan 28, 2020 at 11:59:28AM -0800, Linus Torvalds wrote:
On Tue, Jan 28, 2020 at 11:34 AM Noah Meyerhans noahm@debian.org wrote:
Added torvalds and tytso to the CC list. Linus and Ted, what do you think of the idea of applying 50ee7529ec45 ("random: try to actively add entropy rather than passively wait for it") to the 4.19.y and 4.14.y kernels?
By now I suspect it's the right thing to do. Nobody has complained about it, and it fixed real issues during boot.
Some of those real issues may have ended up being just unnecessary delays rather than complete lockups, but still..
FWIW, at $WORK we backported the patch, but we also added an out of tree patch to disable it on non-x86 systems. That's mainly because I'm still hesitant about the safety of relying on this on non-x86 architectures that may have a much simpler micro-archtecture, and which don't have RDRAND. But we also have a much more stringent (paranoid?) philosophy where if there is a risk that our kernels might be penetrated by a nation-state (viz. Operation Aurora), booting lockups so we know that we might have a problem that should be examined by a human being is actually *preferable*.
Ok, I've applied this to 4.19.y. I'm guessing that anyone who had this type of problem in 4.14.y has long upgraded their kernels, and that kernel is pretty much only in already-shipping devices, not "new" things.
Let's see what breaks :)
thanks,
greg k-h