Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp186184imi; Wed, 20 Jul 2022 20:54:36 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sv6dpn2lFy+JiStw6NHh/AuRjlMjUO/HtQ+o3ErOH5IsTaaLXkGPMuZCPJC/xhypVDhiap X-Received: by 2002:a63:2a89:0:b0:412:6e07:78fd with SMTP id q131-20020a632a89000000b004126e0778fdmr35674566pgq.161.1658375676363; Wed, 20 Jul 2022 20:54:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658375676; cv=none; d=google.com; s=arc-20160816; b=JW8NTrVJjOuQIsQygIXJbfeaC14/vYQec5DQBYeLqVWTjVmOMsh1u8jaVV3nS7ykrC rmyxj257KPCWqsvdY73AxpsZlpuP2tpRHbFK1Qw4ru3GMYmrZ+SlnwIoEOVYFil/8fmw fTWWuhZaoGGiMPwQfotaYl0Gm16FxoRa2QF2L4eijGGCAS/jNS8OHa/QtN8Khiyjfsqw UMOV/daOEfg1IbEOQDPHZ5NI0IBwG1GJG59fuQNmI3VxQWiEKbf3o0jaB1n0YoyoTF9F RxPdbFSLqUJn93zxAsK5Sfr7P+PppLCIXZPNlYb1aOWKIOGQA/26t7eqjUbYNtFZE1CF Atxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=96XCEfPaIpmidBKICoGyF6ybpWYZ8vgzg5fF0oxlPZg=; b=n0EdREjjPjmPf7AXLUizzD+E3tozJTt2TIdIO+yCIvCkCQjPYG1T04BdajpqVpqhrG dhaamUISg6tDgLnplstCtidnDZl9FjuODAJOyLx0V+My7qH84VtBo3E9Sf+XHwTK6Lqq bmXKkGPS1KQRql5ndQMu0dMuXARdukAUGEOARktx+ACvmtvqRiPiMS9Abrol9NKF3LIC e6mFUugDgWWgsC/O/yPZV5Sj6Zj+/0BOfw3pRjcH+SITj1RNBD4F+3GWKUf8gQAsuCEb rLu8r5l0sceegxGZhVmUqMzp5Tw91h8pGk34IXC0iQiQ1YNZrd0S4qfj2b8w/8McsFMT hcrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s25-20020a639259000000b00408a759223fsi757963pgn.776.2022.07.20.20.54.09; Wed, 20 Jul 2022 20:54:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229927AbiGUDv0 (ORCPT + 99 others); Wed, 20 Jul 2022 23:51:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231184AbiGUDvH (ORCPT ); Wed, 20 Jul 2022 23:51:07 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EFC7425290 for ; Wed, 20 Jul 2022 20:51:05 -0700 (PDT) Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.57]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4LpJVb6N5GzFqQK; Thu, 21 Jul 2022 11:49:59 +0800 (CST) Received: from [10.67.110.173] (10.67.110.173) by dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 21 Jul 2022 11:50:38 +0800 Message-ID: Date: Thu, 21 Jul 2022 11:50:27 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: Inquiry about the removal of flag O_NONBLOCK on /dev/random Content-Language: en-US To: "Jason A. Donenfeld" CC: , , , References: <13e1fa9d-4df8-1a99-ca22-d9d655f2d023@huawei.com> From: "Guozihua (Scott)" In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.110.173] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To dggpemm500024.china.huawei.com (7.185.36.203) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 2022/7/19 19:01, Jason A. Donenfeld wrote: > Hi, > > On Thu, Jul 14, 2022 at 03:33:47PM +0800, Guozihua (Scott) wrote: >> Recently we noticed the removal of flag O_NONBLOCK on /dev/random by >> commit 30c08efec888 ("random: make /dev/random be almost like >> /dev/urandom"), it seems that some of the open_source packages e.g. >> random_get_fd() of util-linux and __getrandom() of glibc. The man page >> for random() is not updated either. >> >> Would anyone please kindly provide some background knowledge of this >> flag and it's removal? Thanks! > > I didn't write that code, but I assume it was done this way because it > doesn't really matter that much now, as /dev/random never blocks after > the RNG is seeded. And now a days, the RNG gets seeded with jitter > fairly quickly as a last resort, so almost nobody waits a long time. > > Looking at the two examples you mentioned, the one in util-linux does > that if /dev/urandom fails, which means it's mostly unused code, and the > one in glibc is for GNU Hurd, not Linux. I did a global code search and > found a bunch of other instances pretty similar to the util-linux case, > where /dev/random in O_NONBLOCK mode is used as a fallback to > /dev/urandom, which means it's basically never used. (Amusingly one such > user of this pattern is Ted's pwgen code from way back at the turn of > the millennium.) > > All together, I couldn't really find anywhere that the removal of > O_NONBLOCK semantics would actually pose a problem for, especially since > /dev/random doesn't block at all after being initialized. So I'm > slightly leaning toward the "doesn't matter, do nothing" course of > action. > > But on the other hand, you did somehow notice this, so that's important > perhaps. How did you run into it? *Does* it actually pose a problem? Or > was this a mostly theoretical finding from perusing source code? > Something like the below diff would probably work and isn't too > invasive, but I think I'd prefer to leave it be unless this really did > break some userspace of yours. So please let me know. > > Regards, > Jason > > diff --git a/drivers/char/random.c b/drivers/char/random.c > index 70d8d1d7e2d7..6f232ac258bf 100644 > --- a/drivers/char/random.c > +++ b/drivers/char/random.c > @@ -1347,6 +1347,10 @@ static ssize_t random_read_iter(struct kiocb *kiocb, struct iov_iter *iter) > { > int ret; > > + if (!crng_ready() && > + ((kiocb->ki_flags & IOCB_NOWAIT) || (kiocb->ki_filp->f_flags & O_NONBLOCK))) > + return -EAGAIN; > + > ret = wait_for_random_bytes(); > if (ret != 0) > return ret; > > . Hi Jason, Thanks for the respond. The reason this comes to me is that we have an environment that is super clean with very limited random events and with very limited random hardware access. It would take up to 80 minutes before /dev/random is fully initialized. I think it would be great if we can restore the O_NONBLOCK flag. Would you mind merge this change into mainstream or may I have the honor? -- Best GUO Zihua