Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp194524imi; Wed, 20 Jul 2022 21:10:59 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sdg/B8Wp6AT7YORcLrl0HM8K4btA/iY+lwnejTBj5QtfCSPivdGfmpGIKnEEyjte8UNua6 X-Received: by 2002:a05:6402:110b:b0:43a:e0b7:1788 with SMTP id u11-20020a056402110b00b0043ae0b71788mr55423690edv.109.1658376659174; Wed, 20 Jul 2022 21:10:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658376659; cv=none; d=google.com; s=arc-20160816; b=HB66Y4pxZpYPVxt8fjsJeEqS9Uy3/rT5fUbepjCBdAk4RMW5ex6auq8JBzCK5JB8i8 Fjp5+GPbqsCLu/aHevk7KCDzfl3K3t8flbvcPJdw8NhPh3Z5+2RhDiyq7JWJ9Xp0/psl Fbup1paOkeC+1xUu8ER7w76NCQD5NsucDOBVoiEmAuLjVVoVgJU4mS+25kGqVy2xjjs9 yrNI0PhXGEWBPg5DBSI9rR2GuL3VIB7rRqtPUsfMuDFFXywh/FAl2W6E7dHMzF6xqM0i 0CBOspnWSslrTwGD/iB/ldYrLcY92YRVRVJ13OQwtbLWJgOzooZ1Bar7Dm+FiT8pICpm 8rHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=gPzAcyuRfA3KIltIhIJv+8ZIoYAJhtKR+ZjbbjlvMq4=; b=gZzRfqGo5y+ep0/RrJ5NpbsQj2QZvtEOchQI6C5cV5NcRcanYy0bYm4tBg5noFTGZ7 ndBDm+LNsNku0IYtZ5gx4a/KFrnaj0JIGgmma85BWBFxt1PxYmybx0tddqFNQuaEyLTt 7QfbvyGyXgU50G+vXyO6ImPhNxUYZWNrSRORXY00Sr7pXNKvyJm51P5Zk/S6Y5K1HAUx 8+p1N8PzbS7VSY3d+W45TLt7/S9enRPIBFec6pRJ4gexTXb+Svm9Q7NXQYiQ88Rbd4S1 5CMUgjhGHi/5lFEX9LoN6rR+yTVXnk3k2yWOL4PpP1FHdxkZo0yr58uBki2H8JktwaF9 2ckg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="s/+YlFxS"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ds1-20020a170907724100b0072f38d0b8bcsi1392231ejc.700.2022.07.20.21.10.25; Wed, 20 Jul 2022 21:10:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="s/+YlFxS"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229834AbiGUEI0 (ORCPT + 99 others); Thu, 21 Jul 2022 00:08:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231936AbiGUEHz (ORCPT ); Thu, 21 Jul 2022 00:07:55 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2267A13CEB for ; Wed, 20 Jul 2022 21:07:50 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C5D6DB8226B for ; Thu, 21 Jul 2022 04:07:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C6F7C341C6; Thu, 21 Jul 2022 04:07:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1658376467; bh=w/3+UTMt3kqH0GQg/nhdlD5vm9VIFFb8qiazKnPHDhc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=s/+YlFxShHbO5aZ84YnplW1HxmJ38ZWLQ4ChjZ9SvfNJxRVexrgWrlTxmICDOcjYL UfsFHAVEkHMbp7qQNmVYbJ/FohfSvB5MZZvbk8iMQPhjHHudfI3PNFWtRHuTHETpKq lSuG7bThpoJ7YGcC5wfLUmXbLZVHrr1G4p/M7vWEwbeV7PTAZ93RTwkolKXCRPtOnv yB1sPCWyw09cDlTca/ggGKr1ryE7idzuqpM3iHy6+xJARvKlX9AO4c76ZQyChUIu9S E8EFL5whyYzqjC87+tRo4gMSueeysGmIxvWVSgLXC5FctJzNWux6sYxWLmfhZHF/G/ KMkwhMOe+csmg== Date: Wed, 20 Jul 2022 21:07:45 -0700 From: Eric Biggers To: "Guozihua (Scott)" Cc: "Jason A. Donenfeld" , linux-crypto@vger.kernel.org, luto@kernel.org, tytso@mit.edu Subject: Re: Inquiry about the removal of flag O_NONBLOCK on /dev/random Message-ID: References: <13e1fa9d-4df8-1a99-ca22-d9d655f2d023@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jul 21, 2022 at 11:50:27AM +0800, Guozihua (Scott) wrote: > On 2022/7/19 19:01, Jason A. Donenfeld wrote: > > Hi, > > > > On Thu, Jul 14, 2022 at 03:33:47PM +0800, Guozihua (Scott) wrote: > > > Recently we noticed the removal of flag O_NONBLOCK on /dev/random by > > > commit 30c08efec888 ("random: make /dev/random be almost like > > > /dev/urandom"), it seems that some of the open_source packages e.g. > > > random_get_fd() of util-linux and __getrandom() of glibc. The man page > > > for random() is not updated either. > > > > > > Would anyone please kindly provide some background knowledge of this > > > flag and it's removal? Thanks! > > > > I didn't write that code, but I assume it was done this way because it > > doesn't really matter that much now, as /dev/random never blocks after > > the RNG is seeded. And now a days, the RNG gets seeded with jitter > > fairly quickly as a last resort, so almost nobody waits a long time. > > > > Looking at the two examples you mentioned, the one in util-linux does > > that if /dev/urandom fails, which means it's mostly unused code, and the > > one in glibc is for GNU Hurd, not Linux. I did a global code search and > > found a bunch of other instances pretty similar to the util-linux case, > > where /dev/random in O_NONBLOCK mode is used as a fallback to > > /dev/urandom, which means it's basically never used. (Amusingly one such > > user of this pattern is Ted's pwgen code from way back at the turn of > > the millennium.) > > > > All together, I couldn't really find anywhere that the removal of > > O_NONBLOCK semantics would actually pose a problem for, especially since > > /dev/random doesn't block at all after being initialized. So I'm > > slightly leaning toward the "doesn't matter, do nothing" course of > > action. > > > > But on the other hand, you did somehow notice this, so that's important > > perhaps. How did you run into it? *Does* it actually pose a problem? Or > > was this a mostly theoretical finding from perusing source code? > > Something like the below diff would probably work and isn't too > > invasive, but I think I'd prefer to leave it be unless this really did > > break some userspace of yours. So please let me know. > > > > Regards, > > Jason > > > > diff --git a/drivers/char/random.c b/drivers/char/random.c > > index 70d8d1d7e2d7..6f232ac258bf 100644 > > --- a/drivers/char/random.c > > +++ b/drivers/char/random.c > > @@ -1347,6 +1347,10 @@ static ssize_t random_read_iter(struct kiocb *kiocb, struct iov_iter *iter) > > { > > int ret; > > + if (!crng_ready() && > > + ((kiocb->ki_flags & IOCB_NOWAIT) || (kiocb->ki_filp->f_flags & O_NONBLOCK))) > > + return -EAGAIN; > > + > > ret = wait_for_random_bytes(); > > if (ret != 0) > > return ret; > > > > . > > Hi Jason, Thanks for the respond. > > The reason this comes to me is that we have an environment that is super > clean with very limited random events and with very limited random hardware > access. It would take up to 80 minutes before /dev/random is fully > initialized. I think it would be great if we can restore the O_NONBLOCK > flag. > > Would you mind merge this change into mainstream or may I have the honor? > Can you elaborate on how this change would actually solve a problem for you? Do you actually have a program that is using /dev/random with O_NONBLOCK, and that handles the EAGAIN error correctly? Just because you're seeing a program wait for the RNG to be initialized doesn't necessarily mean that this change would make a difference, as the program could just be reading from /dev/random without O_NONBLOCK or calling getrandom() without GRND_NONBLOCK. The behavior of those (more common) cases would be unchanged by Jason's proposed change. - Eric