Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp194524imi;
        Wed, 20 Jul 2022 21:10:59 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1sdg/B8Wp6AT7YORcLrl0HM8K4btA/iY+lwnejTBj5QtfCSPivdGfmpGIKnEEyjte8UNua6
X-Received: by 2002:a05:6402:110b:b0:43a:e0b7:1788 with SMTP id u11-20020a056402110b00b0043ae0b71788mr55423690edv.109.1658376659174;
        Wed, 20 Jul 2022 21:10:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658376659; cv=none;
        d=google.com; s=arc-20160816;
        b=HB66Y4pxZpYPVxt8fjsJeEqS9Uy3/rT5fUbepjCBdAk4RMW5ex6auq8JBzCK5JB8i8
         Fjp5+GPbqsCLu/aHevk7KCDzfl3K3t8flbvcPJdw8NhPh3Z5+2RhDiyq7JWJ9Xp0/psl
         Fbup1paOkeC+1xUu8ER7w76NCQD5NsucDOBVoiEmAuLjVVoVgJU4mS+25kGqVy2xjjs9
         yrNI0PhXGEWBPg5DBSI9rR2GuL3VIB7rRqtPUsfMuDFFXywh/FAl2W6E7dHMzF6xqM0i
         0CBOspnWSslrTwGD/iB/ldYrLcY92YRVRVJ13OQwtbLWJgOzooZ1Bar7Dm+FiT8pICpm
         8rHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=gPzAcyuRfA3KIltIhIJv+8ZIoYAJhtKR+ZjbbjlvMq4=;
        b=gZzRfqGo5y+ep0/RrJ5NpbsQj2QZvtEOchQI6C5cV5NcRcanYy0bYm4tBg5noFTGZ7
         ndBDm+LNsNku0IYtZ5gx4a/KFrnaj0JIGgmma85BWBFxt1PxYmybx0tddqFNQuaEyLTt
         7QfbvyGyXgU50G+vXyO6ImPhNxUYZWNrSRORXY00Sr7pXNKvyJm51P5Zk/S6Y5K1HAUx
         8+p1N8PzbS7VSY3d+W45TLt7/S9enRPIBFec6pRJ4gexTXb+Svm9Q7NXQYiQ88Rbd4S1
         5CMUgjhGHi/5lFEX9LoN6rR+yTVXnk3k2yWOL4PpP1FHdxkZo0yr58uBki2H8JktwaF9
         2ckg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="s/+YlFxS";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ds1-20020a170907724100b0072f38d0b8bcsi1392231ejc.700.2022.07.20.21.10.25;
        Wed, 20 Jul 2022 21:10:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="s/+YlFxS";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229834AbiGUEI0 (ORCPT <rfc822;asvdem@gmail.com> + 99 others);
        Thu, 21 Jul 2022 00:08:26 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45308 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231936AbiGUEHz (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 21 Jul 2022 00:07:55 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2267A13CEB
        for <linux-crypto@vger.kernel.org>; Wed, 20 Jul 2022 21:07:50 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id C5D6DB8226B
        for <linux-crypto@vger.kernel.org>; Thu, 21 Jul 2022 04:07:48 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C6F7C341C6;
        Thu, 21 Jul 2022 04:07:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1658376467;
        bh=w/3+UTMt3kqH0GQg/nhdlD5vm9VIFFb8qiazKnPHDhc=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=s/+YlFxShHbO5aZ84YnplW1HxmJ38ZWLQ4ChjZ9SvfNJxRVexrgWrlTxmICDOcjYL
         UfsFHAVEkHMbp7qQNmVYbJ/FohfSvB5MZZvbk8iMQPhjHHudfI3PNFWtRHuTHETpKq
         lSuG7bThpoJ7YGcC5wfLUmXbLZVHrr1G4p/M7vWEwbeV7PTAZ93RTwkolKXCRPtOnv
         yB1sPCWyw09cDlTca/ggGKr1ryE7idzuqpM3iHy6+xJARvKlX9AO4c76ZQyChUIu9S
         E8EFL5whyYzqjC87+tRo4gMSueeysGmIxvWVSgLXC5FctJzNWux6sYxWLmfhZHF/G/
         KMkwhMOe+csmg==
Date:   Wed, 20 Jul 2022 21:07:45 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     "Guozihua (Scott)" <guozihua@huawei.com>
Cc:     "Jason A. Donenfeld" <Jason@zx2c4.com>,
        linux-crypto@vger.kernel.org, luto@kernel.org, tytso@mit.edu
Subject: Re: Inquiry about the removal of flag O_NONBLOCK on /dev/random
Message-ID: <YtjREZMzuppTJHeR@sol.localdomain>
References: <13e1fa9d-4df8-1a99-ca22-d9d655f2d023@huawei.com>
 <YtaPJPkewin5uWdn@zx2c4.com>
 <b9cb514c-30ed-0b8b-5d54-75001e07bd36@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b9cb514c-30ed-0b8b-5d54-75001e07bd36@huawei.com>
X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, Jul 21, 2022 at 11:50:27AM +0800, Guozihua (Scott) wrote:
> On 2022/7/19 19:01, Jason A. Donenfeld wrote:
> > Hi,
> > 
> > On Thu, Jul 14, 2022 at 03:33:47PM +0800, Guozihua (Scott) wrote:
> > > Recently we noticed the removal of flag O_NONBLOCK on /dev/random by
> > > commit 30c08efec888 ("random: make /dev/random be almost like
> > > /dev/urandom"), it seems that some of the open_source packages e.g.
> > > random_get_fd() of util-linux and __getrandom() of glibc. The man page
> > > for random() is not updated either.
> > > 
> > > Would anyone please kindly provide some background knowledge of this
> > > flag and it's removal? Thanks!
> > 
> > I didn't write that code, but I assume it was done this way because it
> > doesn't really matter that much now, as /dev/random never blocks after
> > the RNG is seeded. And now a days, the RNG gets seeded with jitter
> > fairly quickly as a last resort, so almost nobody waits a long time.
> > 
> > Looking at the two examples you mentioned, the one in util-linux does
> > that if /dev/urandom fails, which means it's mostly unused code, and the
> > one in glibc is for GNU Hurd, not Linux. I did a global code search and
> > found a bunch of other instances pretty similar to the util-linux case,
> > where /dev/random in O_NONBLOCK mode is used as a fallback to
> > /dev/urandom, which means it's basically never used. (Amusingly one such
> > user of this pattern is Ted's pwgen code from way back at the turn of
> > the millennium.)
> > 
> > All together, I couldn't really find anywhere that the removal of
> > O_NONBLOCK semantics would actually pose a problem for, especially since
> > /dev/random doesn't block at all after being initialized. So I'm
> > slightly leaning toward the "doesn't matter, do nothing" course of
> > action.
> > 
> > But on the other hand, you did somehow notice this, so that's important
> > perhaps. How did you run into it? *Does* it actually pose a problem? Or
> > was this a mostly theoretical finding from perusing source code?
> > Something like the below diff would probably work and isn't too
> > invasive, but I think I'd prefer to leave it be unless this really did
> > break some userspace of yours. So please let me know.
> > 
> > Regards,
> > Jason
> > 
> > diff --git a/drivers/char/random.c b/drivers/char/random.c
> > index 70d8d1d7e2d7..6f232ac258bf 100644
> > --- a/drivers/char/random.c
> > +++ b/drivers/char/random.c
> > @@ -1347,6 +1347,10 @@ static ssize_t random_read_iter(struct kiocb *kiocb, struct iov_iter *iter)
> >   {
> >   	int ret;
> > +	if (!crng_ready() &&
> > +	    ((kiocb->ki_flags & IOCB_NOWAIT) || (kiocb->ki_filp->f_flags & O_NONBLOCK)))
> > +		return -EAGAIN;
> > +
> >   	ret = wait_for_random_bytes();
> >   	if (ret != 0)
> >   		return ret;
> > 
> > .
> 
> Hi Jason, Thanks for the respond.
> 
> The reason this comes to me is that we have an environment that is super
> clean with very limited random events and with very limited random hardware
> access. It would take up to 80 minutes before /dev/random is fully
> initialized. I think it would be great if we can restore the O_NONBLOCK
> flag.
> 
> Would you mind merge this change into mainstream or may I have the honor?
> 

Can you elaborate on how this change would actually solve a problem for you?  Do
you actually have a program that is using /dev/random with O_NONBLOCK, and that
handles the EAGAIN error correctly?  Just because you're seeing a program wait
for the RNG to be initialized doesn't necessarily mean that this change would
make a difference, as the program could just be reading from /dev/random without
O_NONBLOCK or calling getrandom() without GRND_NONBLOCK.  The behavior of those
(more common) cases would be unchanged by Jason's proposed change.

- Eric