From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 143493858403 for ; Mon, 25 Jul 2022 10:11:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 143493858403 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-176-oYWwwo31MlqUIynWS9bp9A-1; Mon, 25 Jul 2022 06:11:30 -0400 X-MC-Unique: oYWwwo31MlqUIynWS9bp9A-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BCFBD18E0048; Mon, 25 Jul 2022 10:11:29 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.195]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 934121121319; Mon, 25 Jul 2022 10:11:28 +0000 (UTC) From: Florian Weimer To: "Jason A. Donenfeld via Libc-alpha" Cc: Adhemerval Zanella Netto , Yann Droneaud , jann@thejh.net, Michael@phoronix.com, "Jason A. Donenfeld" Subject: Re: arc4random - are you sure we want these? References: Date: Mon, 25 Jul 2022 12:11:27 +0200 In-Reply-To: (Jason A. Donenfeld via Libc-alpha's message of "Sat, 23 Jul 2022 18:25:21 +0200") Message-ID: <87bktdsdrk.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2022 10:11:42 -0000 * Jason A. Donenfeld via Libc-alpha: > I really wonder whether this is a good idea, whether this is something > that glibc wants, and whether it's a design worth committing to in the > long term. Do you object to the interface, or the implementation? The implementation can be improved easily enough at a later date. > Firstly, for what use cases does this actually help? As of recent > changes to the Linux kernels -- now backported all the way to 4.9! -- > getrandom() and /dev/urandom are extremely fast and operate over per-cpu > states locklessly. Sure you avoid a syscall by doing that in userspace, > but does it really matter? Who exactly benefits from this? getrandom may be fast for bulk generation. It's not that great for generating a few bits here and there. For example, shuffling a 1,000-element array takes 18 microseconds with arc4random_uniform in glibc, and 255 microseconds with the na=C3=AFve getrandom-based implementation (with slightly biased results; measured on an Intel i9-10900T, Fedora's kernel-5.18.11-100.fc35.x86_64). > You miss out on this with arc4random, and if that information _is_ to be > exported to userspace somehow in the future, it would be awfully nice to > design the userspace interface alongside the kernel one. What is the kernel interface you are talking about? From an interface standpoint, arc4random_buf and getrandom are very similar, with the main difference is that arc4random_buf cannot report failure (except by terminating the process). > Seen from this perspective, going with OpenBSD's older paradigm might be > rather limiting. Why not work together, between the kernel and libc, to > see if we can come up with something better, before settling on an > interface with semantics that are hard to walk back later? Historically, kernel developers were not interested in solving some of the hard problems (especially early seeding) that prevent the use of getrandom during early userspace stages. > As-is, it's hard to recommend that anybody really use these functions. > Just keep using getrandom(2), which has mostly favorable semantics. Some applications still need to run in configurations where getrandom is not available (either because the kernel is too old, or because it has been disabled via seccomp). > Yes, I get it: it's fun to make a random number generator, and so lots > of projects figure out some way to make yet another one somewhere > somehow. But the tendency to do so feels like a weird computer tinkerer > disease rather something that has ever helped the overall ecosystem. The performance numbers suggest that we benefit from buffering in user space. It might not be necessary to implement expansion in userspace. getrandom (or /dev/urandom) with a moderately-sized buffer could be sufficient. But that's an implementation detail, and something we can revisit later. If we vDSO acceleration for getrandom (maybe using the userspace thread-specific data donation we discussed for rseq), we might eventually do way with the buffering in glibc. Again this is an implementation detail we can change easily enough. Thanks, Florian