On Sa, 14.09.19 09:30, Linus Torvalds (torvalds@xxxxxxxxxxxxxxxxxxxx) wrote: > > => src/random-seed/random-seed.c: > > /* > > * Let's make this whole job asynchronous, i.e. let's make > > * ourselves a barrier for proper initialization of the > > * random pool. > > */ > > k = getrandom(buf, buf_size, GRND_NONBLOCK); > > if (k < 0 && errno == EAGAIN && synchronous) { > > log_notice("Kernel entropy pool is not initialized yet, " > > "waiting until it is."); > > > > k = getrandom(buf, buf_size, 0); /* retry synchronously */ > > } > > Yeah, the above is yet another example of completely broken garbage. > > You can't just wait and block at boot. That is simply 100% > unacceptable, and always has been, exactly because that may > potentially mean waiting forever since you didn't do anything that > actually is likely to add any entropy. Oh man. Just spend 5min to understand the situation, before claiming this was garbage or that was garbage. The code above does not block boot. It blocks startup of services that explicit order themselves after the code above. There's only a few services that should do that, and the main system boots up just fine without waiting for this. Primary example for stuff that orders itself after the above, correctly: cryptsetup entries that specify /dev/urandom as password source (i.e. swap space and stuff, that wants a new key on every boot). If we don't wait for the initialized pool for cases like that the password for that swap space is not actually going to be random, and that defeats its purpose. Another example: the storing of an updated random seed file on disk. We should only do that if the seed on disk is actually properly random, i.e. comes from an initialized pool. Hence we wait for the pool to be initialized before reading the seed from the pool, and writing it to disk. I'd argue that doing things like this is not "garbage", like you say, but *necessary* to make this stuff safe and secure. And no, other stuff is not delayed for this (but there are bugs of course, some random services in 3rd party packages that set too agressive deps, but that needs to be fixed there, and not in the kernel). Anyway, I really don't appreciate your tone, and being sucked into messy LKML discussions. I generally stay away from LKML, and gah, you remind me why. Just tone it down, not everything you never bothered to understand is "garbage". And please don't break /dev/urandom again. The above code is the ony way I see how we can make /dev/urandom-derived swap encryption safe, and the only way I can see how we can sanely write a valid random seed to disk after boot. You guys changed semantics on /dev/urandom all the time in the past, don't break API again, thank you very much. Lennart