Skip to content

Commit 7dff99b

Browse files
committed
Remove WARN_ALL_UNSEEDED_RANDOM kernel config option
This config option goes way back - it used to be an internal debug option to random.c (at that point called DEBUG_RANDOM_BOOT), then was renamed and exposed as a config option as CONFIG_WARN_UNSEEDED_RANDOM, and then further renamed to the current CONFIG_WARN_ALL_UNSEEDED_RANDOM. It was all done with the best of intentions: the more limited rate-limited reports were reporting some cases, but if you wanted to see all the gory details, you'd enable this "ALL" option. However, it turns out - perhaps not surprisingly - that when people don't care about and fix the first rate-limited cases, they most certainly don't care about any others either, and so warning about all of them isn't actually helping anything. And the non-ratelimited reporting causes problems, where well-meaning people enable debug options, but the excessive flood of messages that nobody cares about will hide actual real information when things go wrong. I just got a kernel bug report (which had nothing to do with randomness) where two thirds of the the truncated dmesg was just variations of random: get_random_u32 called from __get_random_u32_below+0x10/0x70 with crng_init=0 and in the process early boot messages had been lost (in addition to making the messages that _hadn't_ been lost harder to read). The proper way to find these things for the hypothetical developer that cares - if such a person exists - is almost certainly with boot time tracing. That gives you the option to get call graphs etc too, which is likely a requirement for fixing any problems anyway. See Documentation/trace/boottime-trace.rst for that option. And if we for some reason do want to re-introduce actual printing of these things, it will need to have some uniqueness filtering rather than this "just print it all" model. Fixes: cc1e127 ("random: remove ratelimiting for in-kernel unseeded randomness") Acked-by: Jason Donenfeld <Jason@zx2c4.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 551d442 commit 7dff99b

3 files changed

Lines changed: 1 addition & 39 deletions

File tree

drivers/char/random.c

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -96,8 +96,7 @@ static ATOMIC_NOTIFIER_HEAD(random_ready_notifier);
9696
/* Control how we warn userspace. */
9797
static struct ratelimit_state urandom_warning =
9898
RATELIMIT_STATE_INIT_FLAGS("urandom_warning", HZ, 3, RATELIMIT_MSG_ON_RELEASE);
99-
static int ratelimit_disable __read_mostly =
100-
IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM);
99+
static int ratelimit_disable __read_mostly = 0;
101100
module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
102101
MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
103102

@@ -168,12 +167,6 @@ int __cold execute_with_initialized_rng(struct notifier_block *nb)
168167
return ret;
169168
}
170169

171-
#define warn_unseeded_randomness() \
172-
if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \
173-
printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \
174-
__func__, (void *)_RET_IP_, crng_init)
175-
176-
177170
/*********************************************************************
178171
*
179172
* Fast key erasure RNG, the "crng".
@@ -434,7 +427,6 @@ static void _get_random_bytes(void *buf, size_t len)
434427
*/
435428
void get_random_bytes(void *buf, size_t len)
436429
{
437-
warn_unseeded_randomness();
438430
_get_random_bytes(buf, len);
439431
}
440432
EXPORT_SYMBOL(get_random_bytes);
@@ -523,8 +515,6 @@ type get_random_ ##type(void) \
523515
struct batch_ ##type *batch; \
524516
unsigned long next_gen; \
525517
\
526-
warn_unseeded_randomness(); \
527-
\
528518
if (!crng_ready()) { \
529519
_get_random_bytes(&ret, sizeof(ret)); \
530520
return ret; \

kernel/configs/debug.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,6 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
2929
# CONFIG_UBSAN_ALIGNMENT is not set
3030
# CONFIG_UBSAN_DIV_ZERO is not set
3131
# CONFIG_UBSAN_TRAP is not set
32-
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
3332
CONFIG_DEBUG_FS=y
3433
CONFIG_DEBUG_FS_ALLOW_ALL=y
3534
CONFIG_DEBUG_IRQFLAGS=y

lib/Kconfig.debug

Lines changed: 0 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1766,33 +1766,6 @@ config STACKTRACE
17661766
It is also used by various kernel debugging features that require
17671767
stack trace generation.
17681768

1769-
config WARN_ALL_UNSEEDED_RANDOM
1770-
bool "Warn for all uses of unseeded randomness"
1771-
default n
1772-
help
1773-
Some parts of the kernel contain bugs relating to their use of
1774-
cryptographically secure random numbers before it's actually possible
1775-
to generate those numbers securely. This setting ensures that these
1776-
flaws don't go unnoticed, by enabling a message, should this ever
1777-
occur. This will allow people with obscure setups to know when things
1778-
are going wrong, so that they might contact developers about fixing
1779-
it.
1780-
1781-
Unfortunately, on some models of some architectures getting
1782-
a fully seeded CRNG is extremely difficult, and so this can
1783-
result in dmesg getting spammed for a surprisingly long
1784-
time. This is really bad from a security perspective, and
1785-
so architecture maintainers really need to do what they can
1786-
to get the CRNG seeded sooner after the system is booted.
1787-
However, since users cannot do anything actionable to
1788-
address this, by default this option is disabled.
1789-
1790-
Say Y here if you want to receive warnings for all uses of
1791-
unseeded randomness. This will be of use primarily for
1792-
those developers interested in improving the security of
1793-
Linux kernels running on their architecture (or
1794-
subarchitecture).
1795-
17961769
config DEBUG_KOBJECT
17971770
bool "kobject debugging"
17981771
depends on DEBUG_KERNEL

0 commit comments

Comments
 (0)