From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753955AbbJZNdG (ORCPT ); Mon, 26 Oct 2015 09:33:06 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46072 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753828AbbJZNdB (ORCPT ); Mon, 26 Oct 2015 09:33:01 -0400 From: Florian Weimer Subject: Re: Getrandom wrapper To: "Theodore Ts'o" , Ingo Molnar , Linus Torvalds , Tejun Heo , Mike Galbraith , Paul Turner , Peter Zijlstra , Ingo Molnar , Johannes Weiner , Li Zefan , cgroups , LKML , kernel-team , Andrew Morton References: <20151023222110.GA4390@mtj.duckdns.org> <1445661367.3218.62.camel@gmail.com> <20151025021829.GA15471@mtj.duckdns.org> <20151025093331.GA4834@gmail.com> <20151025104145.GE27558@thunk.org> <562CB328.3090906@redhat.com> <20151025115842.GA13940@thunk.org> <562CD663.5010506@redhat.com> <20151025134000.GB13940@thunk.org> Message-ID: <562E2B88.60909@redhat.com> Date: Mon, 26 Oct 2015 14:32:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20151025134000.GB13940@thunk.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/25/2015 02:40 PM, Theodore Ts'o wrote: > On Sun, Oct 25, 2015 at 02:17:23PM +0100, Florian Weimer wrote: >> >> I think we can reach consensus for an implementation which makes this code >> >> unsigned char session_key[32]; >> getrandom (session_key, sizeof (session_key), 0); >> install_session_key (session_key); >> >> correct. That is, no error handling code for ENOMEM, ENOSYS, EINTR, >> ENOMEM or short reads is necessary. It seems that several getrandom >> wrappers currently built into applications do not get this completely right. > > The only error handling code that is necessary is a fallback for > ENOSYS. getrandom(2) won't return ENOMEM, and if the number of bytes > requested is less than or equal to 256 bytes, it won't return EINTR > either. Not even during early boot? The code suggests that you can get EINTR if the non-blocking pool isn't initialized yet. With VMs, that initialization can happen quite some time after boot, when the userland is well under way. > As far as ENOSYS is concerned, a fallback gets tricky; you could try > to open /dev/urandom, and read from it, but that can fail due to > EMFILE, ENFILE, ENOENT (if they are chrooted and /dev wasn't properly > populated). So attempting a fallback for ENOSYS can actually expand > the number of potential error conditions for the userspace application > to (fail to) handle. I suppose you could attempt the fallback and > call abort(2) if the fallback fails, which is probably the safe and > secure thing to do, but applications might not appreciate getting > terminated without getting a chance to do something (but if the > something is just calling random(3), maybe not giving them a chance to > do something insane is the appropriate thing to do....) I'm more worried that the fallback code could be triggered unexpectedly on some obscure code path that is not tested regularly, and runs into a failure. I suspect a high-quality implementation of getrandom would have to open /dev/random and /devurandom when the getrandom symbol is resolved, and report failure at that point, to avoid late surprises. Florian