Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp4565878ybe; Mon, 16 Sep 2019 14:34:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqxEtCWp4kJcf4l7R+u82/UqQdh2D+ncnEAv0GulYbvxC7LeDCgsWBjB55meb9cY0WVH4s4E X-Received: by 2002:aa7:c355:: with SMTP id j21mr1440126edr.210.1568669659772; Mon, 16 Sep 2019 14:34:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568669659; cv=none; d=google.com; s=arc-20160816; b=HHbHd6SLfmKQiplsH0UnEHdfkS87hd7NzetO5e1TBTfmdmP0tFMLmOlpMIYJn9arxh uMzbQIaENmMRe6M1IohlxA9SxRPyc2ti0XZlaooaXi9+wTtzeybTwyD8MbOMvKP1ZQ9N nEukqIUA1EGN6CpfLPLGv7wAJgUeOTFbt+lvlHe4au4Fudr4IZNFJkLeWtBbfYXH6jNc IgHuNNVVsJFJ7wPfVEJpiKCG7k1sagAdquO2lqRlVKsjmVz1UUhgZYR9+u/nKNN+OMpr RuJhuBR+Elj4Hy6gfmItdB8tBgj5M7kxgKZcRTINFVZwMOTn1m9lhoyMVEZXA58BD4Y5 Vosg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Qm5nFp4L20gwZCk9xWhvdF6dE9PnPMuHjDPFlxhyVHw=; b=PAo6QwCVNXy/quQO4/4xqICo2YRkqMQ1n1hbfpnHZGDzsN008PGYtGNcM7eZIcitA4 pY2jzPvZIvyggD2x2IO54cpNwjiBmPvAM8AQ+2MveB9/4GTkgcAK46quKwFS3yI6U3Ii rO0cS2NUzbJ8kH7PKXCYU+WtwbtzzzHZHmiLbvxlbzTwFZbdvWgPcvZPjPAF1UA+Duq6 WSppX69Dh/d4Ghcq5RAhayUQuJBS/qrA2mpmZSXYnhiFPEkqs2oMDt7Z3PmS68I6Y7j0 khRne9ev0oZr2N6SzPHNOZuVzM0mEYEPbriSTUQCfzHRtTFm1YM5e0Z1pEd2GHUlnLmr xR+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=MwiU5mWX; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h17si207318eda.54.2019.09.16.14.33.48; Mon, 16 Sep 2019 14:34:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=MwiU5mWX; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725866AbfIPQRa (ORCPT + 99 others); Mon, 16 Sep 2019 12:17:30 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:46083 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725270AbfIPQRa (ORCPT ); Mon, 16 Sep 2019 12:17:30 -0400 Received: by mail-lf1-f68.google.com with SMTP id t8so379706lfc.13 for ; Mon, 16 Sep 2019 09:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Qm5nFp4L20gwZCk9xWhvdF6dE9PnPMuHjDPFlxhyVHw=; b=MwiU5mWXMBSXfDgbMXxLnobo8HMGeJQR80lomHYctbelSfvBbvltS81l9dAKTU1gLz dsS8BFsV+weSgE45H3VfjD88vhb4mAU1RPEwWm+45it3Ah1tAVI/MAkb/nAk+iJU0WeD g8hBBvmDRQhs1SLCmtlw/SSvnhl9EIlxC1+wA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Qm5nFp4L20gwZCk9xWhvdF6dE9PnPMuHjDPFlxhyVHw=; b=TyoHNvnYxb5H40rmaCrfJFP0MEE1ibl4jQXlD0JBX3bCBqaJ7qZH7pJ4ORU/xcQ3kw fuNneWH2ny0aduDmrzroS7fJtR1WaJXzOZTLzvQfExp4YuV/lGYvaHYk5EuXv4OUwUK1 2EiXHmuy/RWuBodKDC/K6vuD+AvVemIz/vJkoofpgkI5w0h5oMtgZiIx7S0y0ybT9K6S iuUmCxb/aAYU3PwikWuZZXKe6XjC7F2J84q4a+HJ7//uPFiuWnc7CkbWpJ8MOBQdhRiw S0cC/uNGPJHDBQuogbFEfPSwGYWX9gR5y/6H5hQcWJYxJab86Uo6Ojq94woPL1VWSOIM NQqw== X-Gm-Message-State: APjAAAVeAj53DK1SZZHonC/g1iBTGW1AzTD9gwYpQht+ZJUaI7y2TxfH MBTLOnwcaATJ9/aRIXF+b1aBo6sXq3k= X-Received: by 2002:ac2:5181:: with SMTP id u1mr141947lfi.114.1568650647850; Mon, 16 Sep 2019 09:17:27 -0700 (PDT) Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com. [209.85.167.48]) by smtp.gmail.com with ESMTPSA id w13sm4370153ljh.104.2019.09.16.09.17.27 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Sep 2019 09:17:27 -0700 (PDT) Received: by mail-lf1-f48.google.com with SMTP id q11so390026lfc.11 for ; Mon, 16 Sep 2019 09:17:27 -0700 (PDT) X-Received: by 2002:a19:f204:: with SMTP id q4mr116710lfh.29.1568650646859; Mon, 16 Sep 2019 09:17:26 -0700 (PDT) MIME-Version: 1.0 References: <20190914150206.GA2270@darwi-home-pc> <20190915065142.GA29681@gardel-login> <20190916014050.GA7002@darwi-home-pc> <20190916014833.cbetw4sqm3lq4x6m@shells.gnugeneration.com> <20190916024904.GA22035@mit.edu> <20190916042952.GB23719@1wt.eu> <20190916061252.GA24002@1wt.eu> In-Reply-To: <20190916061252.GA24002@1wt.eu> From: Linus Torvalds Date: Mon, 16 Sep 2019 09:17:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Linux 5.3-rc8 To: Willy Tarreau Cc: "Theodore Y. Ts'o" , Vito Caputo , "Ahmed S. Darwish" , Lennart Poettering , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Sun, Sep 15, 2019 at 11:13 PM Willy Tarreau wrote: > > > > > So three out of four flag combinations end up being mostly "don't > > use", and the fourth one isn't what you'd normally want (which is just > > plain /dev/urandom semantics). > > I'm seeing it from a different angle. I now understand better why > getrandom() absolutely wants to have an initialized pool, it's to > encourage private key producers to use a secure, infinite source of > randomness. Right. There is absolutely no question that that is a useful thing to have. And that's what GRND_RANDOM _should_ have meant. But didn't. So the semantics that getrandom() should have had are: getrandom(0) - just give me reasonable random numbers for any of a million non-strict-long-term-security use (ie the old urandom) - the nonblocking flag makes no sense here and would be a no-op getrandom(GRND_RANDOM) - get me actual _secure_ random numbers with blocking until entropy pool fills (but not the completely invalid entropy decrease accounting) - the nonblocking flag is useful for bootup and for "I will actually try to generate entropy". and both of those are very very sensible actions. That would actually have _fixed_ the problems we had with /dev/[u]random, both from a performance standpoint and for a filesystem access standpoint. But that is sadly not what we have right now. And I suspect we can't fix it, since people have grown to depend on the old behavior, and already know to avoid GRND_RANDOM because it's useless with old kernels even if we fixed it with new ones. Does anybody really seriously debate the above? Ted? Are you seriously trying to claim that the existing GRND_RANDOM has any sensible use? Are you seriously trying to claim that the fact that we don't have a sane urandom source is a "feature"? Linus