Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4302855imw; Tue, 19 Jul 2022 04:12:18 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sFxJFYNUh/ExLlxMULbjBG9wcPilcWjF+JceRup/coBAEip2ys6m/+yMFUnO3vx9/+6BFH X-Received: by 2002:a05:6214:544a:b0:473:5ada:7360 with SMTP id kz10-20020a056214544a00b004735ada7360mr24592790qvb.103.1658229138403; Tue, 19 Jul 2022 04:12:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658229138; cv=none; d=google.com; s=arc-20160816; b=kMwyeDg0w0TfCtaFq6CiMGm/1w4LVGZGa8xOpOLKa+UPC+C8OcEWRHFmB05IipHPXz vL/Oz4x9RFGdspaVb11+GCDA9wnMUhVjHHbFMSfViSxGZTvhE8A3J077bPOHmxSadfIa 4GQ95VIu8ZQGTJou2TplLpnhjxZOoG073iGehnrFn+wF7pXjZFyUSASUPJO46QCB6p7n QKETgd0rfaN6KHViB6N8cXshPH1gAglZMsI+ls1J/UOirn9IBUnF5PNzD/2KmifhusLI S/w2qixx0o6s/AASVs1ppR40jvdDFmYlBGpxkIiA1yf5+UDwsZ8HRVvlfCdRqoKTXWVr 5f4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=pXDQxTx+dmJpY2x4ee5U0BedYJZnC9f95KBTc0KWQk0=; b=MXWZV/u6jyD85KXSCUpRchMcFgGNeY4wtZx6uFWk5yPxhmOjbiOc5Cex4G/tZflfhh faubCtnhQChGT8Qvvkm2p0HepP05HbiPwQ64KqT0MhM/N7RkxvMfNAYLww7ZTbgww+jy csPYqtkXHZnejD3Rv8j52vQBME0q1hoc+UYz5qEruiLlGVqMGdNYaW/fuUOVjn/vZE5b ZQpGXf+PWB9aDC3e/z/PQVakckE0owmza72CMokvtjuT1JPk4VjssRREYLeaUSlWfkvU ruySNhlq4Lz5Nt+Rp06G/YF1lp8F/NPJHTr2jriqok8GMHlX+Bpot1d580MJNibx2d+0 pUGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=iOnkJaCt; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r1-20020ae9d601000000b006af685769eesi6911100qkk.227.2022.07.19.04.11.54; Tue, 19 Jul 2022 04:12:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=iOnkJaCt; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231484AbiGSLCI (ORCPT + 99 others); Tue, 19 Jul 2022 07:02:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229886AbiGSLCG (ORCPT ); Tue, 19 Jul 2022 07:02:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64E62240A2 for ; Tue, 19 Jul 2022 04:02:05 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2537AB81AE4 for ; Tue, 19 Jul 2022 11:02:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1BD61C341C6; Tue, 19 Jul 2022 11:02:02 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="iOnkJaCt" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1658228520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pXDQxTx+dmJpY2x4ee5U0BedYJZnC9f95KBTc0KWQk0=; b=iOnkJaCt7qTmqpXwUSAGG/CVaoS/3+SyNF23LBSe8TTRdkZM3Ud1r604wO3bR7UzxlnVhX EyT+FSs3lfYUOuEBS460PqOjIk7yUQWm5fc8A3bElzzyvW8yOWLy2cRfpSoRK3+GFkjHyH 6DNSOvMrF6gAJGissgk/56xF95Sdvio= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id d795adb8 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Tue, 19 Jul 2022 11:02:00 +0000 (UTC) Date: Tue, 19 Jul 2022 13:01:56 +0200 From: "Jason A. Donenfeld" To: "Guozihua (Scott)" Cc: linux-crypto@vger.kernel.org, luto@kernel.org, tytso@mit.edu, ebiggers@kernel.org Subject: Re: Inquiry about the removal of flag O_NONBLOCK on /dev/random Message-ID: References: <13e1fa9d-4df8-1a99-ca22-d9d655f2d023@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <13e1fa9d-4df8-1a99-ca22-d9d655f2d023@huawei.com> X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, On Thu, Jul 14, 2022 at 03:33:47PM +0800, Guozihua (Scott) wrote: > Recently we noticed the removal of flag O_NONBLOCK on /dev/random by > commit 30c08efec888 ("random: make /dev/random be almost like > /dev/urandom"), it seems that some of the open_source packages e.g. > random_get_fd() of util-linux and __getrandom() of glibc. The man page > for random() is not updated either. > > Would anyone please kindly provide some background knowledge of this > flag and it's removal? Thanks! I didn't write that code, but I assume it was done this way because it doesn't really matter that much now, as /dev/random never blocks after the RNG is seeded. And now a days, the RNG gets seeded with jitter fairly quickly as a last resort, so almost nobody waits a long time. Looking at the two examples you mentioned, the one in util-linux does that if /dev/urandom fails, which means it's mostly unused code, and the one in glibc is for GNU Hurd, not Linux. I did a global code search and found a bunch of other instances pretty similar to the util-linux case, where /dev/random in O_NONBLOCK mode is used as a fallback to /dev/urandom, which means it's basically never used. (Amusingly one such user of this pattern is Ted's pwgen code from way back at the turn of the millennium.) All together, I couldn't really find anywhere that the removal of O_NONBLOCK semantics would actually pose a problem for, especially since /dev/random doesn't block at all after being initialized. So I'm slightly leaning toward the "doesn't matter, do nothing" course of action. But on the other hand, you did somehow notice this, so that's important perhaps. How did you run into it? *Does* it actually pose a problem? Or was this a mostly theoretical finding from perusing source code? Something like the below diff would probably work and isn't too invasive, but I think I'd prefer to leave it be unless this really did break some userspace of yours. So please let me know. Regards, Jason diff --git a/drivers/char/random.c b/drivers/char/random.c index 70d8d1d7e2d7..6f232ac258bf 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1347,6 +1347,10 @@ static ssize_t random_read_iter(struct kiocb *kiocb, struct iov_iter *iter) { int ret; + if (!crng_ready() && + ((kiocb->ki_flags & IOCB_NOWAIT) || (kiocb->ki_filp->f_flags & O_NONBLOCK))) + return -EAGAIN; + ret = wait_for_random_bytes(); if (ret != 0) return ret;