Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp1788955ybj; Sun, 22 Sep 2019 11:59:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqx4EIxkmTM99GjnLbPaNHI8XIAkCNiVESA7X3VLir4WMcVny4YVPH/OPiyN2cVgzTmMqi8g X-Received: by 2002:a17:906:fc20:: with SMTP id ov32mr27700016ejb.22.1569178748448; Sun, 22 Sep 2019 11:59:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569178748; cv=none; d=google.com; s=arc-20160816; b=QP68PDGWZF3X6AoT3eDoWIrewWynCPht0pIU8FUQa8l0Ho22W/2i4Q5DFweiJfSHJj mTNXSTVdp4LLRfpQf4jDLnvlvjzuus6zeyg35bqYdQzavelQRAYiRv7gUm+mcG1O0WmM jmSf7FmUAbTvR0IO2vW6Cmir2ICHuILV7195D9lwPjuVYqc+Sim5hqrIAxKL6TRz8yOA xYMGbuExwjU5ic1feJcZcV0yQXKFZqhSE5Ttf28QcRLsOeUQOIA2NWZTFdfha5acH7AB Co85h8z0HByMu+M5ZxWvQv1zA85w2XCUnHuo2inGQtD2blawgmjBrLXgd6hzUsWIV78R DX0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id :date:subject:mime-version:from:content-transfer-encoding :dkim-signature; bh=su37uabqeDyNPGVbSy4LqMylRvJekDBMIJQOmAbSrms=; b=fV6mEWxf96bCwp7Q+epDPZyYYi37+grH5l+/G5d+M5LuH79MHkIdDWB48sE1NjyjAx BrQoFOMZKG6YUT11fblMFqh7jLx4YnMXVMdu6GsyTsUG68opxe1InhP4otcwHLvyv1nP 7kw5E4RLlouT0L6dv9rqL3f0G0A+HWbvt/FvETsTyS8geywarEEaWDucRFqo2xMawa+z Vg2aWJXOQJ2gLMUmz86Uq5inaQ+lkvaqyQk7PhwKVoD9K0m2N2Z0N/E+8mI0dqm4chQ8 UGg/tsBf7CfhLTWjjNILoAJPwx2reV7Oa4uL3aWrRZpY6tm6rIDXkB7n5MH7SNW+q2Ad dWVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=okqPnLwc; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o27si3480111ejr.304.2019.09.22.11.58.43; Sun, 22 Sep 2019 11:59:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=okqPnLwc; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406506AbfITS34 (ORCPT + 99 others); Fri, 20 Sep 2019 14:29:56 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:43726 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405022AbfITS34 (ORCPT ); Fri, 20 Sep 2019 14:29:56 -0400 Received: by mail-pf1-f195.google.com with SMTP id a2so5043735pfo.10 for ; Fri, 20 Sep 2019 11:29:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=su37uabqeDyNPGVbSy4LqMylRvJekDBMIJQOmAbSrms=; b=okqPnLwcRVFAFawtFpNAsOM/l6PAjdVUI4aWBFLH6PcKUlwJPqfVibKuhiLaiEvyjX YF3vdcFzm7VQGbWu8A1tmTfWurx0OPEZRuO0HCKGaCCaas0wF0nNqk71cq8AmBT9tCfv cvAI8wimfyvmpY7+b9mDlhkTr+z95vp6N7iSCSpPu9L+UbGYirqBsaMxfA6CpV7EqYvi g7IgYjddC3+CAWtIVG2TORJCXBBiZL0DUy1lNplzldwBX8vlKQ12d5acnX5K/atIF2cg 16Suk191AECRxh3jGrkh/Gm7hxi1wY7zn0I2TfuJYtkDAo33tKLNzHxAThuUFgY3qINM xLpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=su37uabqeDyNPGVbSy4LqMylRvJekDBMIJQOmAbSrms=; b=kRls/K9mtsUiUeNjpQ+7qRnQIMzWrGwaSSq1S5u/M1HtdLaTuxGKCdtoHtsccII9ny ntTiK6xx2JwKySdVrLO8hYRmSf/fbtyu/VLWz2brPBPMHR73hAbTkWHMABBSbLbruKFq QLzQR9VNh+wk0fTSGNpn9xOL1x3lEOfjcsP2es/eutiyZzkzTbOs8et6W9fcUKSuMuqG DTi6150jaQr0pKqmg8OEVY94MzNYwmGgVGKMltU1cri7mGXfyf/YggxNFGDBRdjLt+WO h2KwnsnuJDkgACoRC/FA1YAX2Vn4WA9e3syA5yU/QaB/C0JKP1tYGY/6a14mITIpTRb5 d+UQ== X-Gm-Message-State: APjAAAWqkjLzrRwKBgBKdSNaB0La5gtiXyziaqO20Ex0AqgQglQxESBE 8Q4l7FGyWkbXLyg32OqjJXWBlw== X-Received: by 2002:a62:1888:: with SMTP id 130mr19342667pfy.72.1569004195553; Fri, 20 Sep 2019 11:29:55 -0700 (PDT) Received: from ?IPv6:2600:1010:b006:e11f:c970:783e:78af:e8f5? ([2600:1010:b006:e11f:c970:783e:78af:e8f5]) by smtp.gmail.com with ESMTPSA id 74sm2391968pfy.78.2019.09.20.11.29.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 20 Sep 2019 11:29:54 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH RFC v4 1/1] random: WARN on large getrandom() waits and introduce getrandom2() Date: Fri, 20 Sep 2019 11:29:52 -0700 Message-Id: <7D3731D2-348F-4561-A52D-AA7DAAEE258B@amacapital.net> References: <78a4b774-ef6b-62cb-57db-8e1ff8d29f72@gmail.com> Cc: Andy Lutomirski , Linus Torvalds , "Ahmed S. Darwish" , Lennart Poettering , "Theodore Y. Ts'o" , "Eric W. Biederman" , Michael Kerrisk , Willy Tarreau , Matthew Garrett , lkml , Ext4 Developers List , Linux API , linux-man In-Reply-To: <78a4b774-ef6b-62cb-57db-8e1ff8d29f72@gmail.com> To: "Alexander E. Patrakov" X-Mailer: iPhone Mail (17A577) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org > On Sep 20, 2019, at 11:15 AM, Alexander E. Patrakov w= rote: >=20 > =EF=BB=BF20.09.2019 22:52, Andy Lutomirski =D0=BF=D0=B8=D1=88=D0=B5=D1=82:= >> I think that, given existing software, we should make two or three >> changes to fix the basic problems here: >> 1. Add GRND_INSECURE: at least let new applications do the right thing >> going forward. >> 2. Fix what is arguably a straight up kernel bug, not even an ABI >> issue: when a user program is blocking in getrandom(..., 0), the >> kernel happily sits there doing absolutely nothing and deadlocks the >> system as a result. This IMO isn't an ABI issue -- it's an >> implementation problem. How about we make getrandom() (probably >> actually wait_for_random_bytes()) do something useful to try to seed >> the RNG if the system is otherwise not doing IO. >> 3. Optionally, entirely in user code: Get glibc to add new *library* >> functions: getentropy_secure_blocking() and getentropy_insecure() or >> whatever they want to call them. Deprecate getentropy(). >> I think #2 is critical. Right now, suppose someone has a system that >> neets to do a secure network request (a la Red Hat's Clevis). I have >> no idea what Clevis actually does, but it wouldn't be particularly >> crazy to do a DH exchange or sign with an EC key to ask some network >> server to help unlock a dm-crypt volume. If the system does this at >> boot, it needs to use getrandom(..., 0), GRND_EXPLICIT, or whatever, >> because it NEEDS a secure random number. No about of ABI fiddling >> will change this. The kernel should *work* in this case rather than >> deadlocking. >=20 > Let me express a little bit of disagreement with the logic here. >=20 > I do agree that #2 is critical, and the Clevis use case is a perfect examp= le why it is important. I doubt that it is solvable without trusting jitter e= ntropy, or without provoking a dummy read on a random block device, just for= timings, or maybe some other interaction with the external world - but Will= y already said "it seems fishy". However, _if_ it is solved, then we don't n= eed GRND_INSECURE, because solving #2 is equivalent to magically making secu= re random numbers always available. >=20 >=20 I beg to differ. There is a big difference between =E2=80=9Cdo your best *ri= ght now*=E2=80=9D and =E2=80=9Cgive me a real secure result in a vaguely tim= ely manner=E2=80=9D. For example, the former is useful for ASLR or hash table randomization. The l= atter is not.=