lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20190724223313.2498-1-alex_y_xu@yahoo.ca>
Date:   Wed, 24 Jul 2019 18:33:13 -0400
From:   "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>
To:     linux-kernel@...r.kernel.org, tytso@....edu
Cc:     arnd@...db.de, gregkh@...uxfoundation.org,
        "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>
Subject: [PATCH] random: print a message when waiting for random

- many programs now use getrandom on startup, including for cases which
  may not be security-sensitive (e.g. hash tables)
- boot times are faster than ever with the widespread use of high-speed
  SSD storage
- no major distributions currently use RNDADDENTROPY ioctl when
  restoring the random seed, including systemd and OpenRC. systemd may
  add this functionality soon
  (https://github.com/systemd/systemd/pull/13137) but it seems to have
  some special requirements (systemd-boot) and/or require special
  opt-in.
- despite the availability of virtio-rng, many hosts do not offer it,
  and many/most distributions do not configure rngd by default

in combination, many programs (e.g. sshd, gdm) now block on startup,
sometimes for many minutes. in the kernel, we can't fix this easily, but
we should at least notify users why their program is stuck.

Signed-off-by: Alex Xu (Hello71) <alex_y_xu@...oo.ca>
---
 drivers/char/random.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 5d5ea4ce1442..e4490c6c9c84 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -511,6 +511,8 @@ static struct ratelimit_state unseeded_warning =
 	RATELIMIT_STATE_INIT("warn_unseeded_randomness", HZ, 3);
 static struct ratelimit_state urandom_warning =
 	RATELIMIT_STATE_INIT("warn_urandom_randomness", HZ, 3);
+static struct ratelimit_state wait_for_random_warning =
+	RATELIMIT_STATE_INIT("warn_wait_for_random", HZ, 3);
 
 static int ratelimit_disable __read_mostly;
 
@@ -1745,6 +1747,9 @@ int wait_for_random_bytes(void)
 {
 	if (likely(crng_ready()))
 		return 0;
+	if (__ratelimit(&wait_for_random_warning))
+		pr_info("random: %s: waiting for randomness\n",
+		       current->comm);
 	return wait_event_interruptible(crng_init_wait, crng_ready());
 }
 EXPORT_SYMBOL(wait_for_random_bytes);
@@ -1901,6 +1906,7 @@ int __init rand_initialize(void)
 	if (ratelimit_disable) {
 		urandom_warning.interval = 0;
 		unseeded_warning.interval = 0;
+		wait_for_random_warning.interval = 0;
 	}
 	return 0;
 }
-- 
2.22.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ