Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp6644575ybe; Wed, 18 Sep 2019 06:55:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqzY8+lxcdGVVBY1CKINJQ/wwJjsOoXkEckrP4zbMKMQ02iXjZKooGvtqS6wuOc1M40Qrkq2 X-Received: by 2002:a17:906:af57:: with SMTP id ly23mr7385016ejb.269.1568814904872; Wed, 18 Sep 2019 06:55:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568814904; cv=none; d=google.com; s=arc-20160816; b=c5POYtEoqh2Flci+oB4k392yLEOvdSPiWILydcd5xpeJYLBx1NWy30GehffokCaycc ATiGKk8LNAmd8h0rkEgGucHDbZzRZEtEPLNwp3h3Dmywz1l00B9DR6fhu5ZTYC9n0hBW gO2RJWAFcWbs/kf9drz90h4uQAMIXl50RhKXWaCoCdg0PWKdWrXoIcYeNyxN92TIaxGW suUhrMyJJ6DV2Bsaf/AhpAeLu4yaCynSEyCkJRrFqY6WQvmDAVaqI53O2+NK4VNvS0z3 Y2601eEfqVG+1oTNrnfceANaXTrd24IWzw1tUq+l9z12y73NdTPy8+hPBbCmb8GYVK2X gPhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=Z8AIGOS42SjsSrl3Vh9GRI3YZX2s37JrDpv3LcsHaO8=; b=xWl/Yz8NI+2yeM0vHT+D+k68+5GqqLkkSSl3U6NLdbbraX3g+ExYbfY0dVqTZa8lVH 3YPOfxgjjbhKl3emfLceWuHiOpLP3OCmQeQUDHMNg553B1L51sI1072Zh+vzAyxdZtRd zgkjEAIpTEDFHssxWAycLieOpyjXXSm/cBDDZcezdOU/hhXKuUm8KTow7NVwy2FGcN4V qGkkNPmfFS5D0BsNWOIWJC9oGDtQEw8r7vzKjiAwg5aGZTUqgZ/q+EP9Qf7G8EljiIfV /Wn+qSKvUv1cPbwetgVgyXQqmHoN0ON8Gb9ZJ6LNZnEFu/hOWDiEZAWdEQbo9YteE4UR BOBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f35si3452204eda.415.2019.09.18.06.54.36; Wed, 18 Sep 2019 06:55:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726668AbfIRNx1 (ORCPT + 99 others); Wed, 18 Sep 2019 09:53:27 -0400 Received: from gardel.0pointer.net ([85.214.157.71]:41690 "EHLO gardel.0pointer.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726562AbfIRNx1 (ORCPT ); Wed, 18 Sep 2019 09:53:27 -0400 Received: from gardel-login.0pointer.net (gardel.0pointer.net [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id D981EE80FFC; Wed, 18 Sep 2019 15:53:25 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id 8C524160ADC; Wed, 18 Sep 2019 15:53:25 +0200 (CEST) Date: Wed, 18 Sep 2019 15:53:25 +0200 From: Lennart Poettering To: Martin Steigerwald Cc: Matthew Garrett , "Ahmed S. Darwish" , Linus Torvalds , "Theodore Y. Ts'o" , Willy Tarreau , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: Linux 5.3-rc8 Message-ID: <20190918135325.GC32346@gardel-login> References: <1722575.Y5XjozQscI@merkaba> <20190917215200.wtjim3t6zgt7gdmw@srcf.ucam.org> <3783292.MWR84v24fu@merkaba> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3783292.MWR84v24fu@merkaba> Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Mi, 18.09.19 00:10, Martin Steigerwald (martin@lichtvoll.de) wrote: > > getrandom() will never "consume entropy" in a way that will block any > > users of getrandom(). If you don't have enough collected entropy to > > seed the rng, getrandom() will block. If you do, getrandom() will > > generate as many numbers as you ask it to, even if no more entropy is > > ever collected by the system. So it doesn't matter how many clients > > you have calling getrandom() in the boot process - either there'll be > > enough entropy available to satisfy all of them, or there'll be too > > little to satisfy any of them. > > Right, but then Systemd would not use getrandom() for initial hashmap/ > UUID stuff since it Actually things are more complex. In systemd there are four classes of random values we need: 1. High "cryptographic" quality. There are very few needs for this in systemd, as we do very little in this area. It's basically only used for generating salt values for hashed passwords, in the systemd-firstboot component, which can be used to set the root pw. systemd uses synchronous getrandom() for this. It does not use RDRAND for this. 2. High "non-cryptographic" quality. This is used for example for generating type 4 uuids, i.e uuids that are supposed to be globally unique, but aren't key material. We use RDRAND for this if available, falling back to synchronous getrandom(). Type 3 UUIDs are frequently needed by systemd, as we assign a uuid to each service invocation implicitly, so that people can match logging data and such to a specific instance and runtime of a service. 3. Medium quality. This is used for seeding hash tables. These may be crap initially, but should not be guessable in the long run. /dev/urandom would be perfect for this, but the mentioned log message sucks, hence we use RDRAND for this if available, and fall back to /dev/urandom if that isn't available, accepting the log message. 4. Crap quality. There are only a few uses of this, where rand_r() is is OK. Of these four case, the first two might block boot. Because the first case is not common you won't see blocking that often though for them. The second case is very common, but since we use RDRAND you won't see it on any recent Intel machines. Or to say this all differently: the hash table seeding and the uuid case are two distinct cases in systemd, and I am sure they should be. Lennart -- Lennart Poettering, Berlin