Bug#897572: urandom hang in early boot

To: Ben Hutchings <ben@decadent.org.uk>, Laurent Bigonville <bigon@debian.org>
Cc: 897572@bugs.debian.org
Subject: Bug#897572: urandom hang in early boot
From: Ben Caradoc-Davies <ben@transient.nz>
Date: Tue, 8 May 2018 15:55:32 +1200
Message-id: <[🔎] 97962325-e3ca-8680-d5be-ed94cf0a4347@transient.nz>
Reply-to: Ben Caradoc-Davies <ben@transient.nz>, 897572@bugs.debian.org
In-reply-to: <[🔎] 645f0c99053421e8e62ec28c8a11a82cb1416ad3.camel@decadent.org.uk>
References: <[🔎] 152531303503.1654.3286767764771637968.reportbug@ripley> <[🔎] 152531303503.1654.3286767764771637968.reportbug@ripley> <[🔎] 79c0bff5-3bd7-c9db-393f-ccf5c8de3709@debian.org> <[🔎] 152531303503.1654.3286767764771637968.reportbug@ripley> <[🔎] 0eae90d7-4df1-569b-c9f9-a696f401e148@transient.nz> <[🔎] 645f0c99053421e8e62ec28c8a11a82cb1416ad3.camel@decadent.org.uk> <[🔎] 152531303503.1654.3286767764771637968.reportbug@ripley>

On 08/05/18 14:00, Ben Hutchings wrote:

You keep saying this, but based on my reading of the code I don't see
how reads from /dev/urandom can end up blocking.

Ben, I think you are right. I have picked through the code in detail andnone of the changes affect any substantive logic (except logging). I donot think urandom_read can ever block. The urandom warning may be from aprevious read before the hang: related, but a red herring.


The *one* substantive change that is affected is getrandom:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n2007

If something calls getrandom without GRND_NONBLOCK while crng_init==1(during early boot):

- Before 43838a23a05f ("random: fix crng_ready() test"), this just fallsthorough to urandom_read and everything seems to work (but is notcryptographically secure).

- After 43838a23a05f ("random: fix crng_ready() test"), this will callwait_for_random_bytes and hang waiting on mouse wiggles(cryptographically secure).

But what is calling getrandom without GRND_NONBLOCK? I could findnothing in the plymouth or systemd/udev codebase. Or is it somethingthey spawn? I even read the plymouth softwaves.script.


Kind regards,

--
Ben Caradoc-Davies <ben@transient.nz>
Director
Transient Software Limited <https://transient.nz/>
New Zealand

Reply to:

Follow-Ups:
- Bug#897572: urandom hang in early boot
  - From: Ben Caradoc-Davies <ben@transient.nz>

References:
- Bug#897572: linux-image-4.16.0-1-amd64 breaks plymouth LUKS prompt (missing Kaby Lake firmware?)
  - From: Ben Caradoc-Davies <ben@transient.nz>
- Bug#897572: urandom hang in early boot
  - From: Laurent Bigonville <bigon@debian.org>
- Bug#897572: urandom hang in early boot
  - From: Ben Caradoc-Davies <ben@transient.nz>
- Bug#897572: urandom hang in early boot
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Processed: unmerging 897631
Next by Date: Bug#897572: urandom hang in early boot
Previous by thread: Bug#897572: urandom hang in early boot
Next by thread: Bug#897572: urandom hang in early boot
Index(es):
- Date
- Thread