2019-07-25 05:48:09

by Alex Xu (Hello71)

[permalink] [raw]
Subject: [PATCH] random: print a message when waiting for random

- many programs now use getrandom on startup, including for cases which
may not be security-sensitive (e.g. hash tables)
- boot times are faster than ever with the widespread use of high-speed
SSD storage
- no major distributions currently use RNDADDENTROPY ioctl when
restoring the random seed, including systemd and OpenRC. systemd may
add this functionality soon
(https://github.com/systemd/systemd/pull/13137) but it seems to have
some special requirements (systemd-boot) and/or require special
opt-in.
- despite the availability of virtio-rng, many hosts do not offer it,
and many/most distributions do not configure rngd by default

in combination, many programs (e.g. sshd, gdm) now block on startup,
sometimes for many minutes. in the kernel, we can't fix this easily, but
we should at least notify users why their program is stuck.

Signed-off-by: Alex Xu (Hello71) <[email protected]>
---
drivers/char/random.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 5d5ea4ce1442..e4490c6c9c84 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -511,6 +511,8 @@ static struct ratelimit_state unseeded_warning =
RATELIMIT_STATE_INIT("warn_unseeded_randomness", HZ, 3);
static struct ratelimit_state urandom_warning =
RATELIMIT_STATE_INIT("warn_urandom_randomness", HZ, 3);
+static struct ratelimit_state wait_for_random_warning =
+ RATELIMIT_STATE_INIT("warn_wait_for_random", HZ, 3);

static int ratelimit_disable __read_mostly;

@@ -1745,6 +1747,9 @@ int wait_for_random_bytes(void)
{
if (likely(crng_ready()))
return 0;
+ if (__ratelimit(&wait_for_random_warning))
+ pr_info("random: %s: waiting for randomness\n",
+ current->comm);
return wait_event_interruptible(crng_init_wait, crng_ready());
}
EXPORT_SYMBOL(wait_for_random_bytes);
@@ -1901,6 +1906,7 @@ int __init rand_initialize(void)
if (ratelimit_disable) {
urandom_warning.interval = 0;
unseeded_warning.interval = 0;
+ wait_for_random_warning.interval = 0;
}
return 0;
}
--
2.22.0