Bug 1330000 – kernel: Backport getrandom system call

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1330000 - kernel: Backport getrandom system call

Summary:	kernel: Backport getrandom system call

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	kernel (Show other bugs)
Sub Component:
Version:	7.3
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Herbert Xu
QA Contact:	Chao Ye
Docs Contact:	Marie Dolezelova

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	rhel7-getrandom 1394638 1404314 1374268 1394908 1432218
	Show dependency tree / graph

Reported:	2016-04-25 05:14 EDT by Florian Weimer
Modified:	2017-08-01 20:36 EDT (History)
CC List:	10 users (show)

See Also:	1298643 1326218
Fixed In Version:	kernel-3.10.0-544.el7
Doc Type:	Enhancement
Doc Text:	`getrandom` added to the Linux kernel on AMD64 and Intel 64 This update adds the `getrandom` system call to the Linux kernel on AMD64 and Intel 64 architectures. As a result, the user space can now request randomness from the same non-blocking entropy pool used by /dev/urandom, and the user space can block until at least 128 bits of entropy has been accumulated in that pool.
Story Points:	---
Clone Of:
Clones:	1432218 1433000 (view as bug list)
Environment:
Last Closed:	2017-08-01 16:10:04 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:1842	normal	SHIPPED_LIVE	Important: kernel security, bug fix, and enhancement update	2017-08-01 14:22:09 EDT

Groups: None (edit)

Description Florian Weimer 2016-04-25 05:14:16 EDT

We have a request to add getrandom support to glibc (bug 1329996).  This makes only sense if there is kernel support because emulation in glibc will be iffy.

getrandom was introduced upstream in 3.17:

commit c6e9d6f38894798696f23c8084ca7edbf16ee895
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Thu Jul 17 04:13:05 2014 -0400

    random: introduce getrandom(2) system call

There seem to have been a couple of fixes/internal API changes since then.

Comment 1 Nick Coghlan 2016-06-23 13:14:29 EDT

Just noting that this is likely to be important for userspace/kernel container compatibility for Python runtimes, as Python runtimes built on systems with newer kernels and glibc versions will depend on the getrandom syscall (for example, this can come up when running Fedora images on OpenShift for development purposes).

For additional background, see https://www.python.org/dev/peps/pep-0522/

Comment 2 Florian Weimer 2016-06-23 13:22:14 EDT

(In reply to Nick Coghlan from comment #1)
> Just noting that this is likely to be important for userspace/kernel
> container compatibility for Python runtimes, as Python runtimes built on
> systems with newer kernels and glibc versions will depend on the getrandom
> syscall (for example, this can come up when running Fedora images on
> OpenShift for development purposes).
> 
> For additional background, see https://www.python.org/dev/peps/pep-0522/

Thanks for the background.  I'm trying to get consensus for adding a getrandom wrapper to glibc:

  https://sourceware.org/ml/libc-alpha/2016-06/msg00398.html

Comment 3 Robbie Harwood 2016-09-12 13:45:22 EDT

We would also like to be using this in krb5, though glibc support is not necessary for that use (similar to the python behavior: we both can go through syscall() to get functionality).

Comment 7 Herbert Xu 2016-12-07 04:47:15 EST

Stanislav, I think you just need to write a program to make the new getrandom system call.

Comment 8 Stanislav Zidek 2016-12-07 04:56:58 EST

(In reply to Herbert Xu from comment #7)
> Stanislav, I think you just need to write a program to make the new
> getrandom system call.

That seems doable, even though Hubert would probably like to test more :). Thanks for info.

Comment 9 Rafael Aquini 2017-01-17 09:00:14 EST

Patch(es) committed on kernel repository and an interim kernel build is undergoing testing

Comment 11 Rafael Aquini 2017-01-18 08:32:36 EST

Patch(es) available on kernel-3.10.0-544.el7

Comment 20 Herbert Xu 2017-04-26 05:53:54 EDT

Please remove the reference to file descriptor exhaustion, and modify the last bit to say "and the kernel can now request randomness from the same non-blocking entropy pool usd by /dev/urandom, but to block until at least 128 bits of entropy has been accumulated in that pool."

Thanks.

Comment 30 errata-xmlrpc 2017-08-01 16:10:04 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1842

Comment 31 errata-xmlrpc 2017-08-01 20:36:55 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1842

Note You need to log in before you can comment on or make changes to this bug.