On Sa, 14.09.19 09:52, Linus Torvalds (torvalds@xxxxxxxxxxxxxxxxxxxx) wrote: > On Sat, Sep 14, 2019 at 9:35 AM Alexander E. Patrakov > <patrakov@xxxxxxxxx> wrote: > > > > Let me repeat: not -EINVAL, please. Please find some other error code, > > so that the application could sensibly distinguish between this case > > (low quality entropy is in the buffer) and the "kernel is too dumb" case > > (and no entropy is in the buffer). > > I'm not convinced we want applications to see that difference. > > The fact is, every time an application thinks it cares, it has caused > problems. I can just see systemd saying "ok, the kernel didn't block, > so I'll just do > > while (getrandom(x) == -ENOENTROPY) > sleep(1); > > instead. Which is still completely buggy garbage. > > The fact is, we can't guarantee entropy in general. It's probably > there is practice, particularly with user space saving randomness from > last boot etc, but that kind of data may be real entropy, but the > kernel cannot *guarantee* that it is. I am not expecting the kernel to guarantee entropy. I just expecting the kernel to not give me garbage knowingly. It's OK if it gives me garbage unknowingly, but I have a problem if it gives me trash all the time. There's benefit in being able to wait until the pool is initialized before we update the random seed stored on disk with a new one, and there's benefit in being able to wait until the pool is initialized before we let cryptsetup read a fresh, one-time key for dm-crypt from /dev/urandom. I fully understand that any such reporting for initialization is "best-effort", i.e. to the point where we don't know anything to the contrary, but at least give userspace that. Lennart -- Lennart Poettering, Berlin
