On Sun, Aug 25, 2019 at 10:17:23PM +0200, Borislav Petkov wrote: > > I think WARN_ONCE() is good. It's big enough that it will show up in > > dmesg if anybody looks, and if nobody looks I think distros still have > > logging for things like that, don't they? > > Probably. Lemme research that.
So there's a whole bunch of daemons doing desktop notifications along with a desktop notifications spec, yadda yadda: https://wiki.archlinux.org/index.php/Desktop_notifications but installing an openSUSE Leap 15.1 in a guest and that is a default desktop installation doesn't give me any notifications. I installed notification-daemon and whatnot but nada. Which means, that we cannot guarantee that every user would see it. There might be installations which miss it. So the only thing I can think of right now is to make that single line pr_emerg() so that it atleast spews into the terminals when suspending: linux-6qfo:~ # echo "suspend" > /sys/power/disk linux-6qfo:~ # echo "mem" > /sys/power/state <--- resume guest. Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.416145] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.423091] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.427426] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.434699] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.442587] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.449047] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.456328] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.462198] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.470120] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.477302] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.484605] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.490115] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.497508] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.505350] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" Message from syslogd@linux-6qfo at Aug 26 14:48:05 ... kernel:[ 40.513336] RDRAND gives funky smelling output, might consider not using it by booting with "nordrand" --- Assuming the user has at least a single terminal open. But someone might have a better idea. Current diff: --- commit d46b23c4be1b4acae7d21c97be189131e200f6d0 (HEAD -> refs/heads/rc5+1-rdrand) Author: Borislav Petkov <b...@suse.de> Date: Sun Aug 25 22:50:18 2019 +0200 WIP Suggested-by: Linus Torvalds <torva...@linux-foundation.org> Signed-off-by: Borislav Petkov <b...@suse.de> diff --git a/arch/x86/kernel/cpu/rdrand.c b/arch/x86/kernel/cpu/rdrand.c index 5c900f9527ff..b02d1ce91081 100644 --- a/arch/x86/kernel/cpu/rdrand.c +++ b/arch/x86/kernel/cpu/rdrand.c @@ -29,7 +29,8 @@ __setup("nordrand", x86_rdrand_setup); #ifdef CONFIG_ARCH_RANDOM void x86_init_rdrand(struct cpuinfo_x86 *c) { - unsigned long tmp; + unsigned int changed = 0; + unsigned long tmp, prev; int i; if (!cpu_has(c, X86_FEATURE_RDRAND)) @@ -42,5 +43,27 @@ void x86_init_rdrand(struct cpuinfo_x86 *c) return; } } + + /* + * Stupid sanity-check whether RDRAND does *actually* generate + * some at least random-looking data. + */ + prev = tmp; + for (i = 0; i < SANITY_CHECK_LOOPS; i++) { + if (rdrand_long(&tmp)) { + if (prev != tmp) + changed++; + + prev = tmp; + } + } + + if (!changed) { + pr_emerg( +"RDRAND gives funky smelling output, might consider not using it by booting with \"nordrand\""); + WARN_ON_ONCE(1); + } + + } #endif --- -- Regards/Gruss, Boris. SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 247165, AG München