Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp3334371ybe; Sun, 15 Sep 2019 12:57:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqym3kwmle0rCwnlyJM66qVuMckdvRnCWaCjpA1Wx+XUv7S3uDZHgWeBvGW/3S5teY45YcCq X-Received: by 2002:a17:906:bc2:: with SMTP id y2mr49391829ejg.148.1568577438012; Sun, 15 Sep 2019 12:57:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568577438; cv=none; d=google.com; s=arc-20160816; b=gGT06LMe/8KgBU9bCRVoHMvUYV7qoQZYyxvnM0p+FCaYBM4iDqhZ7HeIM40Hwzbnnr 3uXjevppaNSsSctP/wHl8BAnBeLx1Bje/BgB9LwoICylm0n3m/oBF9Pj29IBZ9OrVCf8 D9zfJoY1a8sEEco3weVOnNmliUXrpB6THYu1CnAzBEQpTDNBPIcbG03ywGl5+SzB1PSi WMWHSeVfgtYAHZT7WC4zgeprkdiibDQQFKr2hDdGszet02CQN9oENbyuJGvomT3VcQnI gPctevWOJhvNvEohthAGt9DtNhR8GMzn2aRnYYsHi0BnLeG804M3fdIofFsFfSUGxOKv bwVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=v14FZoR9HDm5boG+prpwVppxyA0Rr3wMGuI823gH7Mg=; b=gmbkh2mGINxTVQ8ktQ4SLadak6ZA9m2CSONkRKs+9dpR1vcRAjUXYtfbl1/zBFJxjA fcNuAkWwwNDbr1T2BNRdR+0idQE+QkR5x6HAq1LcWdkr/hWafSRPalALizN9Hqq94lqS AtPtM6A43vq8O86uGsLqSNcauJL+UTRVyadqL0Te/q8Jo1Y+oW0lGKuRF2EDFkWHDZ+P dPZW5gdSk/AlVvLJ2g1KPmMsfWLiM3IteXlX6nXxyB8bWYgDsVK4SlR4YlClr/32rUZB Y0R24n9c5F7GE1c4QGc4SPmNHzri26QRgZMnxGxMcpJDKaEwLAblRghrcmSsFlh5zPSz 065A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r13si17623255ejz.319.2019.09.15.12.56.45; Sun, 15 Sep 2019 12:57:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726222AbfIOSdH (ORCPT + 99 others); Sun, 15 Sep 2019 14:33:07 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:45394 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726136AbfIOSdH (ORCPT ); Sun, 15 Sep 2019 14:33:07 -0400 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id x8FIWecx023178; Sun, 15 Sep 2019 20:32:40 +0200 Date: Sun, 15 Sep 2019 20:32:40 +0200 From: Willy Tarreau To: Linus Torvalds Cc: "Theodore Y. Ts'o" , "Alexander E. Patrakov" , "Ahmed S. Darwish" , Michael Kerrisk , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , linux-ext4@vger.kernel.org, lkml , Lennart Poettering Subject: Re: [PATCH RFC v2] random: optionally block in getrandom(2) when the CRNG is uninitialized Message-ID: <20190915183240.GA23155@1wt.eu> References: <20190911173624.GI2740@mit.edu> <20190912034421.GA2085@darwi-home-pc> <20190912082530.GA27365@mit.edu> <20190914122500.GA1425@darwi-home-pc> <008f17bc-102b-e762-a17c-e2766d48f515@gmail.com> <20190915052242.GG19710@mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Sun, Sep 15, 2019 at 10:32:15AM -0700, Linus Torvalds wrote: > * We will block for at most 15 seconds at a time, and if called > * sequentially will decrease the blocking amount so that we'll > * block for at most 30s total - and if people continue to ask > * for blocking, at that point we'll just return whatever random > * state we have acquired. I think that the exponential decay will either not be used or be totally used, so in practice you'll always end up with 0 or 30s depending on the entropy situation, because I really do not see any valid reason for entropy to suddenly start to appear after 15s if it didn't prior to this. As such I do think that a single timeout should be enough. In addition, since you're leaving the door open to bikeshed around the timeout valeue, I'd say that while 30s is usually not huge in a desktop system's life, it actually is a lot in network environments when it delays a switchover. It can cause other timeouts to occur and leave quite a long embarrassing black out. I'd guess that a max total wait time of 2-3s should be OK though since application timeouts rarely are lower due to TCP generally starting to retransmit at 3s. And even in 3s we're supposed to see quite some interrupts or it's unlikely that much more will happen between 3 and 30s. If the setting had to be made user-changeable then it could make sense to let it be overridden on the kernel's command line though I don't think that it should be necessary with a low enough value. Thanks, Willy