From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Florian Weimer <fweimer@redhat.com>, Willy Tarreau <w@1wt.eu>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Andy Lutomirski <luto@kernel.org>,
Lennart Poettering <mzxreary@0pointer.de>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"Alexander E. Patrakov" <patrakov@gmail.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
lkml <linux-kernel@vger.kernel.org>,
linux-ext4 <linux-ext4@vger.kernel.org>,
linux-api <linux-api@vger.kernel.org>,
linux-man <linux-man@vger.kernel.org>
Subject: [PATCH v5 0/1] random: getrandom(2): warn on large CRNG waits, introduce new flags
Date: Thu, 26 Sep 2019 22:42:17 +0200 [thread overview]
Message-ID: <20190926204217.GA1366@pc> (raw)
In-Reply-To: <CAHk-=wiCqDiU7SE3FLn2W26MS_voUAuqj5XFa1V_tiGTrrW-zQ@mail.gmail.com>
Summary / Changelog-v5:
- Add the new flags GRND_INSECURE and GRND_SECURE_UNBOUNDED_INITIAL_WAIT
to getrandom(2), instead of introducing a new getrandom2(2) system
call, which nobody liked.
- Fix a bug discovered through testing where "int ret =
wait_event_interruptible_timeout(waitq, true, MAX_SCHEDULE_TIMEOUT)"
returns failure (-1) due to implicit LONG_MAX => int truncation
- WARN if a process is stuck on getrandom(,,flags=0) for more than 30
seconds ... defconfig and bootparam configurable
- Add documentation for "random.getrandom_wait_threshold" kernel param
- Extra comments @ include/uapi/linux/random.h and random.c::getrandom.
Explicit recommendations to *exclusively* use the new flags.
- GRND_INSECURE never issue any warning, even if CRNG is not inited.
Similarly for GRND_SECURE_UNBOUNDED_INITIAL_WAIT, no matter how
big the unbounded wait is.
In a reply to the V4 patch, Linus posted a related patch [*] with the
following additions:
- Drop the original random.c behavior of having each /dev/urandom
"CRNG not inited" warning also _reset_ the crng_init_cnt entropy.
This is not included in this patch, as IMHO this can be done as a
separate patch on top.
- Limit GRND_RANDOM max count/buflen to 32MB instead of 2GB. This
is very sane obviously, and can be done in a separate patch on
top.
This V5 patch just tries to be as conservative as possible.
- GRND_WAIT_ENTROPY and GRND_EXCPLICIT: AFAIK these were primarily
added so that getrandom(,,flags=0) can be changed to return
weaker non-blocking crypto from non-inited CRG in a possible
future.
I hope we don't have to resort to that extreme measure.. Hopefully
the WARN() on this patch will be enough in nudging distributions to
enable more hwrng sources (RDRAND, etc.) .. and also for the
user-space developres badly pointed at (hi GDM and Qt) to fix their
code.
[*] https://lkml.kernel.org/r/CAHk-=wiCqDiU7SE3FLn2W26MS_voUAuqj5XFa1V_tiGTrrW-zQ@mail.gmail.com
Ahmed S. Darwish (1):
random: getrandom(2): warn on large CRNG waits, introduce new flags
.../admin-guide/kernel-parameters.txt | 7 ++
drivers/char/Kconfig | 60 ++++++++++-
drivers/char/random.c | 102 +++++++++++++++---
include/uapi/linux/random.h | 27 ++++-
4 files changed, 177 insertions(+), 19 deletions(-)
--
2.23.0
next prev parent reply other threads:[~2019-09-26 20:42 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190912034421.GA2085@darwi-home-pc>
[not found] ` <20190912082530.GA27365@mit.edu>
[not found] ` <CAHk-=wjyH910+JRBdZf_Y9G54c1M=LBF8NKXB6vJcm9XjLnRfg@mail.gmail.com>
[not found] ` <20190914122500.GA1425@darwi-home-pc>
[not found] ` <008f17bc-102b-e762-a17c-e2766d48f515@gmail.com>
[not found] ` <20190915052242.GG19710@mit.edu>
[not found] ` <CAHk-=wgg2T=3KxrO-BY3nHJgMEyApjnO3cwbQb_0vxsn9qKN8Q@mail.gmail.com>
[not found] ` <20190918211503.GA1808@darwi-home-pc>
[not found] ` <20190918211713.GA2225@darwi-home-pc>
[not found] ` <CAHk-=wiCqDiU7SE3FLn2W26MS_voUAuqj5XFa1V_tiGTrrW-zQ@mail.gmail.com>
2019-09-20 13:46 ` [PATCH RFC v4 1/1] random: WARN on large getrandom() waits and introduce getrandom2() Ahmed S. Darwish
2019-09-20 14:33 ` Andy Lutomirski
2019-09-20 16:29 ` Linus Torvalds
2019-09-20 17:52 ` Andy Lutomirski
2019-09-20 18:09 ` Linus Torvalds
2019-09-20 18:16 ` Willy Tarreau
2019-09-20 19:12 ` Andy Lutomirski
2019-09-20 19:51 ` Linus Torvalds
2019-09-20 20:11 ` Alexander E. Patrakov
2019-09-20 20:17 ` Matthew Garrett
2019-09-20 20:51 ` Andy Lutomirski
2019-09-20 22:44 ` Linus Torvalds
2019-09-20 23:30 ` Andy Lutomirski
2019-09-21 3:05 ` Willy Tarreau
2019-09-21 6:07 ` Florian Weimer
2019-09-23 18:33 ` Andy Lutomirski
2019-09-26 21:11 ` Ahmed S. Darwish
2019-09-20 18:12 ` Willy Tarreau
2019-09-20 19:22 ` Andy Lutomirski
2019-09-20 19:37 ` Willy Tarreau
2019-09-20 19:52 ` Andy Lutomirski
2019-09-20 20:02 ` Linus Torvalds
2019-09-20 18:15 ` Alexander E. Patrakov
2019-09-20 18:29 ` Andy Lutomirski
2019-09-20 17:26 ` Willy Tarreau
2019-09-20 17:56 ` Ahmed S. Darwish
2019-09-26 20:42 ` Ahmed S. Darwish [this message]
2019-09-26 20:44 ` [PATCH v5 1/1] random: getrandom(2): warn on large CRNG waits, introduce new flags Ahmed S. Darwish
2019-09-26 21:39 ` Andy Lutomirski
2019-09-28 9:30 ` Ahmed S. Darwish
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190926204217.GA1366@pc \
--to=darwish.07@gmail.com \
--cc=ebiederm@xmission.com \
--cc=fweimer@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=mtk.manpages@gmail.com \
--cc=mzxreary@0pointer.de \
--cc=patrakov@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).