From patchwork Fri Jun 9 01:03:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 9776895 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F2DB760393 for ; Fri, 9 Jun 2017 01:04:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E1C33285EF for ; Fri, 9 Jun 2017 01:04:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D2E37283D9; Fri, 9 Jun 2017 01:04:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 520652000A for ; Fri, 9 Jun 2017 01:04:10 +0000 (UTC) Received: (qmail 30310 invoked by uid 550); 9 Jun 2017 01:04:08 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 30164 invoked from network); 9 Jun 2017 01:03:56 -0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc :subject:date:message-id; s=mail; bh=tBnaOLjCZNweIR9UTQ9safMjqgA =; b=KOhwPD+6JuZeZonuFYPkekHzhnPXCydLDKdJDkd8ZTGBTSy5QRk7AvImOlN voLvNsV6Xhoo0E0tj4wMaSYYMb8ko0fp/6D8G74Il52aQAarZheiu6NcFQuvrJoD 668Tx6b+rne183AEK8i6063XBNqgnhVpeWLkitd75Y+P6qiyfb/ExY23qXwv2siK eZeMe6yaiM/Mid31AFLrClC+Hm1XOGu+3AzMPF1WmR6cbRTPwjE4ADyqZigBqf+g WtwEsrBvyGYowqx/shqzQA6G0lhAQ/bCI0hasg1AOXTZ2M1TCO2B+NTJojR5ClQT j1tdGnIlXUDtN6inNdUBXPZTUuQ== From: "Jason A. Donenfeld" To: tytso@mit.edu, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Cc: "Jason A. Donenfeld" Date: Fri, 9 Jun 2017 03:03:36 +0200 Message-Id: <20170609010336.28981-1-Jason@zx2c4.com> Subject: [kernel-hardening] [PATCH] random: default the warning to be on X-Virus-Scanned: ClamAV using ClamSMTP This commit is meant to be rebase-fixup'd into the one entitled: "random: warn when kernel uses unseeded randomness" if you so desire. I originally had planned to do things this way -- have it default on for all users, not just debug users. But when I saw all the log spam, I decided maybe it should, much to my dismay, be a debug-only feature. However, you very nicely solved the log spam issue by preventing same-source consecutive warnings, which makes the situation much more manageable. Thus, in order to tease out the weird obscure cases of unseeded randomness on unlikely platforms, this commit turns it on everywhere. It's fairly non-invasive now, and it will help us get some visibility into the issue that we otherwise wouldn't have. Signed-off-by: Jason A. Donenfeld --- lib/Kconfig.debug | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index c4159605bfbf..fd5e67bcd46c 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1212,7 +1212,6 @@ config STACKTRACE config WARN_UNSEEDED_RANDOM bool "Warn when kernel uses unseeded randomness" default y - depends on DEBUG_KERNEL help Some parts of the kernel contain bugs relating to their use of cryptographically secure random numbers before it's actually possible