ACK/Cmnt: [[SCRIPT=remove_re|Re: [SRU][F/aws][PATCH 0/5] AWS: fix out of entropy on Graviton 2 instances types (mg6.*)]]

Tim Gardner tim.gardner at canonical.com
Fri May 7 14:59:21 UTC 2021



On 5/7/21 7:26 AM, Andrea Righi wrote:
> On Fri, May 07, 2021 at 05:31:09AM -0600, Tim Gardner wrote:
>> Acked-by: Tim Gardner <tim.gardner at canonical.com>
>>
>> I'm not sure I fully understand patch 5, but it is a clean cherry-pick and
>> testing shows it to at least not block anymore. As for how random the
>> information is that is returned I can't say.
> 
> Thanks for the review, Tim.
> 
> Patch 5 changes the read semantic of /dev/random.
> 
> Before, the kernel was using two separate pools of random data: one for
> /dev/random and another for /dev/urandom. The pool for
> /dev/random was a blocking pool (reads blocked until enogh entropy is
> available) filled with "real" random data.
> 
> After the change the blocking pool is not used anymore by /dev/random
> reads, reads will only block until the CRNG (cryptographic
> random-number-generator has been initialized - function crng_ready()).
> Once the CRNG is initialized all reads from /dev/random will never
> block and will consume data generated by the CRNG and real random
> events.
> 
> Basically after the change the kernel trusts the numbers generated by
> the CRNG and before we were trusting only numbers generated by truly
> random events.
> 
> This change is covered very well in this article:
> https://lwn.net/Articles/808575/
> 
> -Andrea
Thanks for the pointer. That was quite informative.

rtg
-----------
Tim Gardner
Canonical, Inc



More information about the kernel-team mailing list