From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A36BC49ED7 for ; Mon, 16 Sep 2019 16:17:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4005B20678 for ; Mon, 16 Sep 2019 16:17:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1568650651; bh=4kTgEV+994f09JLJJHoUnJjJN2huDl/FjH8NLWXhJo0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:List-ID:From; b=NvVp9aK8+wLMuuFGTF/RPPSSGPWSRpfnuoGL1lq9V1InTRCzbgU2UylDDUWwyw6FP IMelFMY/ciaaa2bOz4nMGYkfcDJiWVamG0zkZWZmbfufx2Iqr20HNB3hykswTL24HH IO8UALMW95IYCWISvl7Ln7heJwcI9U36/Evy0oS0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726075AbfIPQRa (ORCPT ); Mon, 16 Sep 2019 12:17:30 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:46083 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725270AbfIPQRa (ORCPT ); Mon, 16 Sep 2019 12:17:30 -0400 Received: by mail-lf1-f68.google.com with SMTP id t8so379706lfc.13 for ; Mon, 16 Sep 2019 09:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Qm5nFp4L20gwZCk9xWhvdF6dE9PnPMuHjDPFlxhyVHw=; b=MwiU5mWXMBSXfDgbMXxLnobo8HMGeJQR80lomHYctbelSfvBbvltS81l9dAKTU1gLz dsS8BFsV+weSgE45H3VfjD88vhb4mAU1RPEwWm+45it3Ah1tAVI/MAkb/nAk+iJU0WeD g8hBBvmDRQhs1SLCmtlw/SSvnhl9EIlxC1+wA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Qm5nFp4L20gwZCk9xWhvdF6dE9PnPMuHjDPFlxhyVHw=; b=TyoHNvnYxb5H40rmaCrfJFP0MEE1ibl4jQXlD0JBX3bCBqaJ7qZH7pJ4ORU/xcQ3kw fuNneWH2ny0aduDmrzroS7fJtR1WaJXzOZTLzvQfExp4YuV/lGYvaHYk5EuXv4OUwUK1 2EiXHmuy/RWuBodKDC/K6vuD+AvVemIz/vJkoofpgkI5w0h5oMtgZiIx7S0y0ybT9K6S iuUmCxb/aAYU3PwikWuZZXKe6XjC7F2J84q4a+HJ7//uPFiuWnc7CkbWpJ8MOBQdhRiw S0cC/uNGPJHDBQuogbFEfPSwGYWX9gR5y/6H5hQcWJYxJab86Uo6Ojq94woPL1VWSOIM NQqw== X-Gm-Message-State: APjAAAVeAj53DK1SZZHonC/g1iBTGW1AzTD9gwYpQht+ZJUaI7y2TxfH MBTLOnwcaATJ9/aRIXF+b1aBo6sXq3k= X-Google-Smtp-Source: APXvYqxM30qcmRg/4vIvQXU1r6odnnHIPrtWLhBP+p4nOFa9aW7y8VjU/ptLmXkVT+lsEWhqIKD6ow== X-Received: by 2002:ac2:5181:: with SMTP id u1mr141947lfi.114.1568650647850; Mon, 16 Sep 2019 09:17:27 -0700 (PDT) Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com. [209.85.167.48]) by smtp.gmail.com with ESMTPSA id w13sm4370153ljh.104.2019.09.16.09.17.27 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Sep 2019 09:17:27 -0700 (PDT) Received: by mail-lf1-f48.google.com with SMTP id q11so390026lfc.11 for ; Mon, 16 Sep 2019 09:17:27 -0700 (PDT) X-Received: by 2002:a19:f204:: with SMTP id q4mr116710lfh.29.1568650646859; Mon, 16 Sep 2019 09:17:26 -0700 (PDT) MIME-Version: 1.0 References: <20190914150206.GA2270@darwi-home-pc> <20190915065142.GA29681@gardel-login> <20190916014050.GA7002@darwi-home-pc> <20190916014833.cbetw4sqm3lq4x6m@shells.gnugeneration.com> <20190916024904.GA22035@mit.edu> <20190916042952.GB23719@1wt.eu> <20190916061252.GA24002@1wt.eu> In-Reply-To: <20190916061252.GA24002@1wt.eu> From: Linus Torvalds Date: Mon, 16 Sep 2019 09:17:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Linux 5.3-rc8 To: Willy Tarreau Cc: "Theodore Y. Ts'o" , Vito Caputo , "Ahmed S. Darwish" , Lennart Poettering , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Archived-At: List-Archive: List-Post: On Sun, Sep 15, 2019 at 11:13 PM Willy Tarreau wrote: > > > > > So three out of four flag combinations end up being mostly "don't > > use", and the fourth one isn't what you'd normally want (which is just > > plain /dev/urandom semantics). > > I'm seeing it from a different angle. I now understand better why > getrandom() absolutely wants to have an initialized pool, it's to > encourage private key producers to use a secure, infinite source of > randomness. Right. There is absolutely no question that that is a useful thing to have. And that's what GRND_RANDOM _should_ have meant. But didn't. So the semantics that getrandom() should have had are: getrandom(0) - just give me reasonable random numbers for any of a million non-strict-long-term-security use (ie the old urandom) - the nonblocking flag makes no sense here and would be a no-op getrandom(GRND_RANDOM) - get me actual _secure_ random numbers with blocking until entropy pool fills (but not the completely invalid entropy decrease accounting) - the nonblocking flag is useful for bootup and for "I will actually try to generate entropy". and both of those are very very sensible actions. That would actually have _fixed_ the problems we had with /dev/[u]random, both from a performance standpoint and for a filesystem access standpoint. But that is sadly not what we have right now. And I suspect we can't fix it, since people have grown to depend on the old behavior, and already know to avoid GRND_RANDOM because it's useless with old kernels even if we fixed it with new ones. Does anybody really seriously debate the above? Ted? Are you seriously trying to claim that the existing GRND_RANDOM has any sensible use? Are you seriously trying to claim that the fact that we don't have a sane urandom source is a "feature"? Linus