random-util.c: sync dev_urandom implementation to systemd-udev #280
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Current dev_urandom() assumes that reading /dev/urandom
will never block regardless if the random pool is fully
initialized or not.
This assumption is no longer applicable since linux kerrnel
enforces the /dev/urandom entropy initialization from
v5.18-rc2 with the commit:
48bff1053c17 ("random: opportunistically initialize on /dev/urandom reads").
With this, when we use the linux v5.18-rc2 or later,
dev_urandom() will block if enough random pool is not supplied.
It causes the boot delay, typically 1024msec(4msec * 256 = 1024msec)
delay to fill the 256 bits entropy for the case CONFIG_HZ=250.
To prevent this boot delay, this commit syncs dev_urandom()
implementation to the systemd-udev.
The systemd-udev implementation of reading /dev/urandom is as follows.
- Try to get random with calling getrandom(GRND_INSECURE)
- If kernel does not support GRND_INSECURE, fallback to GRND_NONBLOCK
- If enough entropy is not supplied, fallback to reading /dev/urandom,
this will block when the kernel version is v5.18-rc2 or later
With this modification, dev_urandom() tries not to block
as much as possible.
This modification still keeps the backword compatibility,
dev_random() will never block if the commit(48bff1053c17) is not
applied to the linux kernel, the behavior is same as before
in this case.
Signed-off-by: Masahisa Kojima <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current dev_urandom() assumes that reading /dev/urandom will never block regardless if the random pool is fully initialized or not.
This assumption is no longer applicable since linux kerrnel enforces the /dev/urandom entropy initialization from v5.18-rc2 with the commit:
48bff1053c17 ("random: opportunistically initialize on /dev/urandom reads").
With this, when we use the linux v5.18-rc2 or later, dev_urandom() will block if enough random pool is not supplied. It causes the boot delay, typically 1024msec(4msec * 256 = 1024msec) delay to fill the 256 bits entropy for the case CONFIG_HZ=250.
To prevent this boot delay, this commit syncs dev_urandom() implementation to the systemd-udev.
The systemd-udev implementation of reading /dev/urandom is as follows.
With this modification, dev_urandom() tries not to block as much as possible.
This modification still keeps the backword compatibility, dev_random() will never block if the commit(48bff1053c17) is not applied to the linux kernel, the behavior is same as before in this case.