Re: [PATCH 0/3] Add getrandom() fallback, cleanup headers

[Petr Vorel <pvorel@suse.cz>]

Hi Richard,

> ----- Ursprüngliche Mail -----
> > Von: "Petr Vorel" <pvorel@suse.cz>
> > I also wonder why getrandom() syscall does not called with GRND_NONBLOCK
> > flag. Is it ok/needed to block?

> With GRND_NONBLOCK it would return EAGAIN if not enough
> randomness is ready. How to handle this then? Aborting the start of the daemon?

Well, current code uses /dev/urandom and blocks until pool is ready (man
random(7)), which is probably OK (on VM people may need to use haveged to avoid
blocking, but that's known). But even with blocking mode blocking requests of
any size can be interrupted by a signal handler with errno EINTR. That's
probably the reason why people write more robust code. I'm not sure if it's
really needed to be handled in our case.

Nice example is ul_random_get_bytes() in util-linux [1]:

#ifdef HAVE_GETRANDOM
	while (n > 0) {
		int x;

		errno = 0;
		x = getrandom(cp, n, GRND_NONBLOCK);
		if (x > 0) {			/* success */
		       n -= x;
		       cp += x;
		       lose_counter = 0;
		       errno = 0;
		} else if (errno == ENOSYS) {	/* kernel without getrandom() */
			break;

		} else if (errno == EAGAIN && lose_counter < UL_RAND_READ_ATTEMPTS) {
			xusleep(UL_RAND_READ_DELAY);	/* no entropy, wait and try again */
			lose_counter++;
		} else
			break;
	}

	if (errno == ENOSYS)
#endif

1) sleep on EAGAIN and try again (needed to be handled due GRND_NONBLOCK).

2) It also handles ENOSYS (run on kernel without getrandom() although it was built
with libc support), which would be very rare (IMHO getrandom() is on all
architectures, but looking into drivers/char/random.c, it would be on kernels
without CONFIG_SYSCTL).  Then the code also adds fallback to read
/dev/{u,}random in this case. It could be added to nfs-utils, if anybody really
needs it.

> Before we other think the whole thing, the sole purpose of the getrandom()
> call is seeding libc's PRNG with srand() to give every waiter a different
> amount of sleep time upon concurrent database access.
> See wait_for_dbaccess() and handling of SQLITE_LOCKED.

> I'm pretty sure instead of seeding from getrandom() we can also use the current
> time or read a few bytes from /dev/urandom.

Sure. Current time would work everywhere, but I guess getrandom() with syscall
is good enough. Systems which have /dev/urandom also have getrandom() syscall
(thus will work with my current proposal).

> Just make sure that every user of sqlite_plug_init() has a different seed.

Thanks for info.

Kind regards,
Petr

> Thanks,
> //richard

[1] https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/tree/lib/randutils.c