The 5.3 kernel is out

Posted Sep 16, 2019 22:21 UTC (Mon) by dkg (subscriber, #55359)
Parent article: The 5.3 kernel is out

Has this patch from Ahmed S. Darwish (or this one from Linus) already been merged? If so, this is an unacceptable security regression from the kernel.

Userspace tools like GnuPG and libgcrypt depend on the semantics of the kernel's getentropy system call these days. In particular, they rely on it blocking if the crng is not initialized, which is the right thing to do, and has been documented for years now.

If the kernel is serious about not breaking userspace, it should not change the semantics by introducing this kind of regression.