Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp1791999ybj; Sun, 22 Sep 2019 12:02:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqzZ1M1PUK3++TLxIs1oRKQC5wzHPga4iQDJzbFpzkuWS1Be7PL8HVteZrp+roT0UIRRN4ye X-Received: by 2002:a05:6402:2d8:: with SMTP id b24mr29247841edx.222.1569178964903; Sun, 22 Sep 2019 12:02:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569178964; cv=none; d=google.com; s=arc-20160816; b=D2jH4N8ecAdKCtkkSQGoxNMTlE6WOvl5Fjd5LIMhC7Lj37hPBFqLEGi8IwYrlACuqh O9JPcqDzN5KYWYTn5O4RfNcVS5yKYNYFh27Qv+gfTTIQCt7tV83sGHWh1+tPe9y7IqB0 qPsV4tmErr40BR2XI1D0Nxw7A+AgCBSx6n53KZHeuw/c9QssiLJu9PMa5PNdOdopRfOL 4/h87U9jNFJaWA+OL6prAhWsSdQE43eA9QXRgNtCaBYfprMQmQWuzVcI9M7gA5qVNtUa V5NeE5iA2ZOdkj9oKgINR8VKtHVgJq7A5Dn51MInyaA2Qef3qb37+WiVHz0T0DnWNhus y5yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id :date:subject:mime-version:from:content-transfer-encoding :dkim-signature; bh=gcNXvtSyWvuQ5LByHh2uePUN26jQ3PokWQXYeNMdTRo=; b=MyyCX8E4iWxeb4EYvYISuoK3G3YUhj5jLHyjpb1KiaZJ6sGNr16HLBOE+pITo4/5AF WCyb/Hpz975URvtDOn7p/xUP29wf8MSK7fFQd3HIK47EDexyfNCshLcURONf9MKS2reO xVBekb5E/2n6O3HaRPfPprhckr73rUA6tUOr+gnGFbfz1mGcTcBu8DR7vsdZQUrWsXu2 klhptzmZj9onrslY+8HY3/ema2PT/2Ps9wJd2C3IRNu/TbS5FSid2S5/YTRvf/FDtrJA vGwj7hrJz50ejj3fjK1B5kWbcUtgsF90RYhytFJxN8uSZ6cJ+CtaYujn3VJ04V2LX0ZH kT/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="m/Dmg/JW"; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si4053836ejr.272.2019.09.22.12.02.20; Sun, 22 Sep 2019 12:02:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="m/Dmg/JW"; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729847AbfITTwc (ORCPT + 99 others); Fri, 20 Sep 2019 15:52:32 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:45492 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729825AbfITTwb (ORCPT ); Fri, 20 Sep 2019 15:52:31 -0400 Received: by mail-pf1-f196.google.com with SMTP id y72so5180257pfb.12 for ; Fri, 20 Sep 2019 12:52:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=gcNXvtSyWvuQ5LByHh2uePUN26jQ3PokWQXYeNMdTRo=; b=m/Dmg/JW+4n89iQLkwR9YixMDIeVf27zFQCHMeU2vrr/Vf/mPOfxnNvPfe3OPGVCIb JgAPKsXQJhnD7tFI5MlKzN2xVjy8lP1etFfFQJ6uqTzpoQ2zt6AqXypDzmNHpc8wPlxV crjt8+KJWIThyAPCT4EQPrvHrdHbinVspic5j9BKz5RbkcHdT9crv3tv4qpn/aE9eA1n PMBQ0OAdva2QoUZMRO40b1D4dh+MZ0oPBPl/uwt1PjK41QI5n4GP65bK/tOOocfdaOPb fW7AswBfwe7B/XRzdJs+JsavsZIwjqyEid+QSgHJFI3Ye2MQDRaVklFCyYyobPXtLX0a K9pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=gcNXvtSyWvuQ5LByHh2uePUN26jQ3PokWQXYeNMdTRo=; b=RztEF8zqbxzCEVzayTXHOQ09mzyUPnhz7Sl0MmmfvudKs0CtaFyFtB68CySGNmsNVY 6jvmJrQeIueaZ2zwDzxq8TbT0hIA67mojMaLyg9HkTgKMCXjUBeG1Gd9NTT4qoA4U6P1 3fbjqou00jKq8mw5NXBp/wEGfwcn/DBVzYnedCQeWcc3ZE8OW6kr/8Dlo1NNUqg2dfD+ 9mVCmBwQzDNmcJtNzdmPA9/NAPUuLS9qvK2hf5oQ6zYz1ZTmqS3uQfMXc4+z8S/uJjTE c3DRazzxfV7kVqkWcLWBa7mWNXg6aL1fXwkWSRoTxxRE0BtgwWJz97mJznhy4Vi+OlHd lNSw== X-Gm-Message-State: APjAAAXROZ62tVX6cq4JB5OhFVQB8k/C6h+iQdf5CmzmNTy3LW/9ubBO bm/eDri6/dGyHIaenSyld+lwxA== X-Received: by 2002:a62:cb:: with SMTP id 194mr20209663pfa.130.1569009150487; Fri, 20 Sep 2019 12:52:30 -0700 (PDT) Received: from ?IPv6:2600:1010:b006:e11f:c970:783e:78af:e8f5? ([2600:1010:b006:e11f:c970:783e:78af:e8f5]) by smtp.gmail.com with ESMTPSA id c20sm5107273pfd.122.2019.09.20.12.52.29 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 20 Sep 2019 12:52:29 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH RFC v4 1/1] random: WARN on large getrandom() waits and introduce getrandom2() Date: Fri, 20 Sep 2019 12:52:28 -0700 Message-Id: References: <20190920193740.GD1889@1wt.eu> Cc: Andy Lutomirski , Linus Torvalds , "Ahmed S. Darwish" , Lennart Poettering , "Theodore Y. Ts'o" , "Eric W. Biederman" , "Alexander E. Patrakov" , Michael Kerrisk , Matthew Garrett , lkml , Ext4 Developers List , Linux API , linux-man In-Reply-To: <20190920193740.GD1889@1wt.eu> To: Willy Tarreau X-Mailer: iPhone Mail (17A577) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org > On Sep 20, 2019, at 12:37 PM, Willy Tarreau wrote: >=20 > =EF=BB=BFOn Fri, Sep 20, 2019 at 12:22:17PM -0700, Andy Lutomirski wrote: >> Perhaps userland could register a helper that takes over and does >> something better? >=20 > If userland sees the failure it can do whatever the developer/distro > packager thought suitable for the system facing this condition. >=20 >> But I think the kernel really should do something >> vaguely reasonable all by itself. >=20 > Definitely, that's what Linus' proposal was doing. Sleeping for some time > is what I call "vaguely reasonable". I don=E2=80=99t buy it. We have existing programs that can deadlock on boot.= Just throwing -EAGAIN at them in a syscall that didn=E2=80=99t previously b= lock does not strike me as reasonable. >=20 >> If nothing else, we want the ext4 >> patch that provoked this whole discussion to be applied, >=20 > Oh absolutely! >=20 >> which means >> that we need to unbreak userspace somehow, and returning garbage it to >> is not a good choice. >=20 > It depends how it's used. I'd claim that we certainly use randoms for > other things (such as ASLR/hashtables) *before* using them to generate > long lived keys thus we can have a bit more time to get some more > entropy before reaching the point of producing these keys. The problem is that we don=E2=80=99t know what userspace is doing with the o= utput from getrandom(..., 0), so I think we have to be conservative. New ker= nels need to work with old user code. It=E2=80=99s okay if they=E2=80=99re s= lower to boot than they could be. >=20 >> Here are some possible approaches that come to mind: >>=20 >> int count; >> while (crng isn't inited) { >> msleep(1); >> } >>=20 >> and modify add_timer_randomness() to at least credit a tiny bit to >> crng_init_cnt. >=20 > Without a timeout it's sure we'll still face some situations where > it blocks forever, which is the current problem. The point is that we keep the timer running by looping like this, which shou= ld cause add_timer_randomness() to get called continuously, which should pre= vent the deadlock. I assume the deadlock is because we go into nohz-idle an= d we sit there with nothing happening at all. >=20 >> Or we do something like intentionally triggering readahead on some >> offset on the root block device. >=20 > You don't necessarily have such a device, especially when you're > in an initramfs. It's precisely where userland can be smarter. When > the caller is sfdisk for example, it does have more chances to try > to perform I/O than when it's a tiny http server starting to present > a configuration page. What I mean is: allow user code to register a usermode helper that helps get= entropy. Or just convince distros to bundle some useful daemon that starts a= t early boot and lives in the initramfs.