Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp1788914ybj; Sun, 22 Sep 2019 11:59:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqwiXLEWmvj5zsfRsMoMln2VJHM/BJTMmI67zuUdQF/dUs4ngnVG++hMM5aCaQ1+XjB/Bftj X-Received: by 2002:a17:906:48e:: with SMTP id f14mr10709007eja.15.1569178745157; Sun, 22 Sep 2019 11:59:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569178745; cv=none; d=google.com; s=arc-20160816; b=y7JtPVv5mJE8/In+nt7O7B9QLUPvanpfzNddVvvM96SPYqLlkbx3fr4KbgsTNN+c7E XBa7lpQbPu4GtkUZaMNkVNi9C7ClT/eb93xOiFBD8h3LwCZyblbX/pr3sH9hYSKd07z2 Wda8Lrapx67LDnQSCDCgqdI5LeFRGe67Ept+MOKa3pogC6FQ7c/gHvJ1a38S+u0cbw4w uq4lrO6Wju2gWM4WWiOmG0Y/CkTiryNbhCKVH+GfG+4Oc39uSnqdnvgUxB5NXbYAIy9s ZAmvIBuQQHGYwBv2I+g08SdD6YOsMdAYdmS44b8Ju5w8prWAf823shkR7IaIkAzO2j+X AZIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=k+DkVLZJV/UMPAnynSBCZ9m61LuW0KEj/zqkR+s5Www=; b=w2XXJv6DmMOItl/Urny+fUCx98cnfAT4GIb/he2w3hvnZ3dzrqbXZysWxFMK+OlJI+ HiwWxZLDOoPYQBmgpQVhGv1R/hcllhmydh+KhJBqZxC5VFZbelY7Kqc3luXVgaB9Gfm6 UeN4b7ohdey4GKmnesyk7YjrgeTMX1ObhvAHDcqfiuwQLQOI6ImuSbJWcFyzhhQ0Mk6y S/GZ7waP7f5dvTB338W0HKptqQlsRVi4s1dztmIBCH8wSH1TTL12qC3G1+DUcUcy44as fb5TaT1w2h7vLkxC+UmStA4hUeMSr/39zJCCOAw4zBDjybhnk06VWROaYUKIjuXYO1NY 58Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=d2vaQlGY; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f57si5516653edb.165.2019.09.22.11.58.40; Sun, 22 Sep 2019 11:59:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=d2vaQlGY; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406315AbfITSPI (ORCPT + 99 others); Fri, 20 Sep 2019 14:15:08 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:44036 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2406283AbfITSPH (ORCPT ); Fri, 20 Sep 2019 14:15:07 -0400 Received: by mail-lj1-f193.google.com with SMTP id m13so7907467ljj.11; Fri, 20 Sep 2019 11:15:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to; bh=k+DkVLZJV/UMPAnynSBCZ9m61LuW0KEj/zqkR+s5Www=; b=d2vaQlGYRajlrbwTJvDtssQQ6AuJzvmo8JD8YMXvFri4XBTsU9jULCj/YmcH1W7/E0 zOQai8IeUikZCXbMjTc27f+dHRXiCYvjBg89shZCl7spcg9xkBXrCvtkefJ4qUQdJlr9 x/ZoKE26BkTsAIHpf6ZZ5oG++VWH11YLr2M+i3EUlBwBYaKVYzN8x7pJGEebWtBmB9xU OonHV6BYjUQT/wW+knTuWrwq5PZ7xglZqD9FTTE/96Q06SWr46vm7hX0OjmlqLfF5c2X FyI2SR+v5TZRqlPZhoL9DD9LbI4/neNPHUkylh6f7KcZgvaVD4tjdMk6vxRrwILpGYMS fYIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=k+DkVLZJV/UMPAnynSBCZ9m61LuW0KEj/zqkR+s5Www=; b=g9IToGW53Qsr4O5CgUevLeHUJ3xQ8Snr4DGA6UTQyXTEk1eRu8gEbmx+2M1tKld7mK 9Cu5LIkAIOJVSmg2WmUyjr09uFJ0Mv2Z/NHXsk2jU+9FeEY97tHlPEHTVxd8suok0tBV Cw5aXl1zn4ACmEufmHQZhoj38j/yQWnJvDptSx1aFrRNDpn787lruT+FEBVIwbfXvZuZ iBEAPu46jiFWT9Xhja+K83WQFmT6q2/QNcYKCQr+1hMSypUxa8oCjI+VZRwQoF5oOUnI CL6+qnnhxqT62MhvnbB/WGDZKMIQ5SciCbU95Q52U8yaH6SEdz1stOhz74jT2PEbBPvp z36g== X-Gm-Message-State: APjAAAWVtW2RL31ciguYlm4Ki6ZROQE6FNMjEVqRNJHdL5dMOKM522jc Yt1aNrIfYmKa0zMbVGVK/ausNqVYGUBiGQ== X-Received: by 2002:a2e:96d3:: with SMTP id d19mr660674ljj.165.1569003304639; Fri, 20 Sep 2019 11:15:04 -0700 (PDT) Received: from ?IPv6:2a02:17d0:4a6:5700:d63d:7eff:fed9:a39? ([2a02:17d0:4a6:5700:d63d:7eff:fed9:a39]) by smtp.googlemail.com with ESMTPSA id y3sm635638lfh.97.2019.09.20.11.15.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 20 Sep 2019 11:15:03 -0700 (PDT) Subject: Re: [PATCH RFC v4 1/1] random: WARN on large getrandom() waits and introduce getrandom2() To: Andy Lutomirski , Linus Torvalds Cc: "Ahmed S. Darwish" , Lennart Poettering , "Theodore Y. Ts'o" , "Eric W. Biederman" , Michael Kerrisk , Willy Tarreau , Matthew Garrett , lkml , Ext4 Developers List , Linux API , linux-man References: <20190912034421.GA2085@darwi-home-pc> <20190912082530.GA27365@mit.edu> <20190914122500.GA1425@darwi-home-pc> <008f17bc-102b-e762-a17c-e2766d48f515@gmail.com> <20190915052242.GG19710@mit.edu> <20190918211503.GA1808@darwi-home-pc> <20190918211713.GA2225@darwi-home-pc> <20190920134609.GA2113@pc> From: "Alexander E. Patrakov" Message-ID: <78a4b774-ef6b-62cb-57db-8e1ff8d29f72@gmail.com> Date: Fri, 20 Sep 2019 23:15:01 +0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms010706090605000308010804" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms010706090605000308010804 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-PH Content-Transfer-Encoding: quoted-printable 20.09.2019 22:52, Andy Lutomirski =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > I think that, given existing software, we should make two or three > changes to fix the basic problems here: >=20 > 1. Add GRND_INSECURE: at least let new applications do the right thing > going forward. >=20 > 2. Fix what is arguably a straight up kernel bug, not even an ABI > issue: when a user program is blocking in getrandom(..., 0), the > kernel happily sits there doing absolutely nothing and deadlocks the > system as a result. This IMO isn't an ABI issue -- it's an > implementation problem. How about we make getrandom() (probably > actually wait_for_random_bytes()) do something useful to try to seed > the RNG if the system is otherwise not doing IO. >=20 > 3. Optionally, entirely in user code: Get glibc to add new *library* > functions: getentropy_secure_blocking() and getentropy_insecure() or > whatever they want to call them. Deprecate getentropy(). >=20 > I think #2 is critical. Right now, suppose someone has a system that > neets to do a secure network request (a la Red Hat's Clevis). I have > no idea what Clevis actually does, but it wouldn't be particularly > crazy to do a DH exchange or sign with an EC key to ask some network > server to help unlock a dm-crypt volume. If the system does this at > boot, it needs to use getrandom(..., 0), GRND_EXPLICIT, or whatever, > because it NEEDS a secure random number. No about of ABI fiddling > will change this. The kernel should *work* in this case rather than > deadlocking. Let me express a little bit of disagreement with the logic here. I do agree that #2 is critical, and the Clevis use case is a perfect=20 example why it is important. I doubt that it is solvable without=20 trusting jitter entropy, or without provoking a dummy read on a random=20 block device, just for timings, or maybe some other interaction with the = external world - but Willy already said "it seems fishy". However, _if_=20 it is solved, then we don't need GRND_INSECURE, because solving #2 is=20 equivalent to magically making secure random numbers always available. --=20 Alexander E. Patrakov --------------ms010706090605000308010804 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: Криптографическая подпись S/MIME MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC C5wwggVNMIIENaADAgECAhArQ2N9hOajPiuqD20bI16wMA0GCSqGSIb3DQEBCwUAMIGCMQsw CQYDVQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoM GkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBB dXRoZW50aWNhdGlvbiBDQSBHMTAeFw0xOTA2MDYwODAxMzVaFw0yMDA2MDYwODAxMzVaMB0x GzAZBgNVBAMMEnBhdHJha292QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOA0sb1ubDnIK32rbgW3BnjBcx1pYuEFOCU6aPVJ2gU+wtKJgAo9IdVUXG6kC1fF hXjIcZHOgbEqzFjHK1yXlHIUWEv+N8KdmBDOK1UdKQj58d9A4hnH62iEiwQsOR5YT1UyHX4A pfMjsBja7254cixR4jOPzfA4YUD6JTTPioyjDwuYQlhweVyXziKswLtGWfKeDcm3fOlKYxGy hxjWJRamGTreNBVC9uMkF4DHszpUm07agR2U4mnWy7FsjBuRJ++iX0SvuxKWf19HQWgmgIys jBVrArhVzgjOOnbvlklW849wIARF4Y0WAf91DsqPtuR8hu7+9KIVj2qk9BeNXXUCAwEAAaOC AiEwggIdMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUfmD8+GynPT3XrpOheQKPs3QpO/Uw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vY2FjZXJ0LmFjdGFsaXMuaXQv Y2VydHMvYWN0YWxpcy1hdXRjbGlnMTAdBgNVHREEFjAUgRJwYXRyYWtvdkBnbWFpbC5jb20w RwYDVR0gBEAwPjA8BgYrgR8BGAEwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cuYWN0YWxp cy5pdC9hcmVhLWRvd25sb2FkMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDCB6AYD VR0fBIHgMIHdMIGboIGYoIGVhoGSbGRhcDovL2xkYXAwNS5hY3RhbGlzLml0L2NuJTNkQWN0 YWxpcyUyMENsaWVudCUyMEF1dGhlbnRpY2F0aW9uJTIwQ0ElMjBHMSxvJTNkQWN0YWxpcyUy MFMucC5BLi8wMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDti aW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVUSENM LUcxL2dldExhc3RDUkwwHQYDVR0OBBYEFEhX9pz3jwI3+erfsAVB2b4xSsM8MA4GA1UdDwEB /wQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAVbKht9PGiUsUaqiyzJb6blSMNaLwopQr3AsI FvthyqnSqxmSNYDeZsQYPgBnXvMCvHCn07pm1b96Y3XstBt2FWb9dpDr7y+ec3vxFHb3lKGb 3WREB1kEATnBu2++dPcILG58gdzgYde3RAJC3/OyOZhDqKwQA5CnXTHigTzw75iezdLne5pU MjEQoxdqC+sgbrAueaEpMmRsGSKzgIX8eQ3DWwyIL56fYPJP3u4WZmBUKTFhhUWowG62QLtt ZjkiX/j+vjcSRd2app8lYDwQRornZAqrDxy+c4qQJ5FN234p36opwespDCwLN3Z6wPzLvzS+ jAlmV3DF2xuZGMoebzCCBkcwggQvoAMCAQICCCzUitOxHg+JMA0GCSqGSIb3DQEBCwUAMGsx CzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4v MDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQTAe Fw0xNTA1MTQwNzE0MTVaFw0zMDA1MTQwNzE0MTVaMIGCMQswCQYDVQQGEwJJVDEPMA0GA1UE CAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAz MzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBH MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMD8wYlW2Yji9ARlv80JNasoKTD+ DMr3J6scEe6GPV3k9WxEtgxXM5WX3oiKjS2p25Mqk8cnV2fpMaEvdO9alrGes0vqcUqly7Pk U753RGlseYXR2XCjVhs4cuRYjuBmbxpRSJxRImmPnThKY41r0nl6b3A6Z2MOjPQF7h6OCYYw tz/ziv/+UBV587U2uIlOukaS7Xjk4ArYkQsGTSsfBBXqqn06WL3xG+B/dRO5/mOtY5tHdhPH ydsBk2kksI3PJ0yNgKV7o6HM7pG9pB6sGhj96uVLnnVnJ0WXOuV1ISv2eit9ir60LjT99hf+ TMZLxA5yaVJ57fYjBMbxM599cw0CAwEAAaOCAdUwggHRMEEGCCsGAQUFBwEBBDUwMzAxBggr BgEFBQcwAYYlaHR0cDovL29jc3AwNS5hY3RhbGlzLml0L1ZBL0FVVEgtUk9PVDAdBgNVHQ4E FgQUfmD8+GynPT3XrpOheQKPs3QpO/UwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRS 2Ig6yJ94Zu2J83s4cJTJAgI20DBFBgNVHSAEPjA8MDoGBFUdIAAwMjAwBggrBgEFBQcCARYk aHR0cHM6Ly93d3cuYWN0YWxpcy5pdC9hcmVhLWRvd25sb2FkMIHjBgNVHR8EgdswgdgwgZag gZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMuaXQvY24lM2RBY3RhbGlzJTIwQXV0aGVu dGljYXRpb24lMjBSb290JTIwQ0EsbyUzZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2 NyxjJTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6 Ly9jcmwwNS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwDgYD VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBNk87VJL5BG0oWWHNfZYny2Xo+WIy8 y8QP5VsWZ7LBS6Qz8kn8zJp3c9xdOkudZbcA3vm5U8HKXc1JdzNmpSh92zq/OeZLvUa+rnnc mvhxkFE9Doag6NitggBPZwXHwDcYn430/F8wqAt3LX/bsd6INVrhPFk3C2SoAjLjUQZibXvQ uFINMN4l6j86vCrkUaGzSqnXT45NxIivkAPhBQgpGtcTi4f+3DxkyTDbWtf9LuaC4l2jgB3g C7f56nmdpGfpYsyvKE7+Ip+WryH93pWt6C+r68KU3Gu02cU1/dHvNOXWUDeKkVT3T26wZVrT aMx+0nS3i63KDfJdhFzutfdBgCWHcp03NhOhMqy1RnAylF/dVZgkka6hKaWe1tOU21kS4uvs D4wM5k6tl0pin2o6u47kyoJJMOxRSQcosWtDXUmaLHUG91ZC6hvBDmDmpmS6h/r+7mtPrpYO xTr4hW3me2EfXkTvNTvBQtbi4LrZchg9vhi44EJ7L53g7GzQFn5KK8vqqgMb1c1+T0mkKdqS edgGiB9TDdYtv4HkUj/N00TKxZMLiDMw4V8ShUL6bKTXNfb3E68s47cD+MatFjUuGFj0uFPv ZlvlNAoJ7IMfXzIiTWy35X+akm+d49wBh54yv6icz2t/cBU1y1weuPBd8NUH/Ue3mXk0SXwk GP3yVDGCA/YwggPyAgEBMIGXMIGCMQswCQYDVQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8w DQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSww KgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMQIQK0NjfYTmoz4r qg9tGyNesDANBglghkgBZQMEAgEFAKCCAi8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMTkwOTIwMTgxNTAxWjAvBgkqhkiG9w0BCQQxIgQgjZnrRbZoUPMt VZw2ydmANIl/K3yeDNmrkhZIhXcLvHowbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQMEASow CwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIB QDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBqAYJKwYBBAGCNxAEMYGaMIGXMIGCMQswCQYD VQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xIzAhBgNVBAoMGkFj dGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRo ZW50aWNhdGlvbiBDQSBHMQIQK0NjfYTmoz4rqg9tGyNesDCBqgYLKoZIhvcNAQkQAgsxgZqg gZcwgYIxCzAJBgNVBAYTAklUMQ8wDQYDVQQIDAZNaWxhbm8xDzANBgNVBAcMBk1pbGFubzEj MCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxLDAqBgNVBAMMI0FjdGFsaXMg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIENBIEcxAhArQ2N9hOajPiuqD20bI16wMA0GCSqGSIb3 DQEBAQUABIIBAE+AbLP88WZ7sRej0AwubFTVbyMYKPRMJ/14uY2km/VZPuNTnyKBevOmrmaE Tmr92r75SyyQPFtGd6HEHXfggOxMlD75vRq5qDBh0Tbso7sj4Sin4o6CEH9YL1O4SA5ScmCl qx094cTzXSHF3jIfHPQDO5v0YRGfJCnaMbmWYa6T7XFwGodVu5/Idl6zs045Tjc1TFPPIoeF kqijK494E9lxqs739Gn3/fbjSP8inlabs9b1bIIfacekWMd/5kqbA4IyThGF4aicKG3j8GHV UWy5vQX7vs9NoeDGxJKquJUWagqabGTOxZEq+NXVAl0OdwuoaBpbkkiom9SVM9EpvoIAAAAA AAA= --------------ms010706090605000308010804--