1330000 – kernel: Backport getrandom system call

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1330000 - kernel: Backport getrandom system call

Summary: kernel: Backport getrandom system call

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Herbert Xu
QA Contact:	Chao Ye
Docs Contact:	Marie Hornickova
URL:
Whiteboard:
Depends On:
Blocks:	rhel7-getrandom 1374268 1394638 1394908 1404314 1432218
TreeView+	depends on / blocked

Reported:	2016-04-25 09:14 UTC by Florian Weimer
Modified:	2017-08-02 00:36 UTC (History)
CC List:	10 users (show)
Fixed In Version:	kernel-3.10.0-544.el7
Doc Type:	Enhancement
Doc Text:	`getrandom` added to the Linux kernel on AMD64 and Intel 64 This update adds the `getrandom` system call to the Linux kernel on AMD64 and Intel 64 architectures. As a result, the user space can now request randomness from the same non-blocking entropy pool used by /dev/urandom, and the user space can block until at least 128 bits of entropy has been accumulated in that pool.
Clone Of:
Clones:	1432218 1433000 (view as bug list)
Environment:
Last Closed:	2017-08-01 20:10:04 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1298643	1	None	None	None	2021-01-20 06:05:38 UTC
Red Hat Bugzilla	1326218	1	None	None	None	2021-01-20 06:05:38 UTC
Red Hat Product Errata	RHSA-2017:1842	0	normal	SHIPPED_LIVE	Important: kernel security, bug fix, and enhancement update	2017-08-01 18:22:09 UTC

Internal Links: 1298643 1326218 1812120

Description Florian Weimer 2016-04-25 09:14:16 UTC

We have a request to add getrandom support to glibc (bug 1329996).  This makes only sense if there is kernel support because emulation in glibc will be iffy.

getrandom was introduced upstream in 3.17:

commit c6e9d6f38894798696f23c8084ca7edbf16ee895
Author: Theodore Ts'o <tytso>
Date:   Thu Jul 17 04:13:05 2014 -0400

    random: introduce getrandom(2) system call

There seem to have been a couple of fixes/internal API changes since then.

Comment 1 Nick Coghlan 2016-06-23 17:14:29 UTC

Just noting that this is likely to be important for userspace/kernel container compatibility for Python runtimes, as Python runtimes built on systems with newer kernels and glibc versions will depend on the getrandom syscall (for example, this can come up when running Fedora images on OpenShift for development purposes).

For additional background, see https://www.python.org/dev/peps/pep-0522/

Comment 2 Florian Weimer 2016-06-23 17:22:14 UTC

(In reply to Nick Coghlan from comment #1)
> Just noting that this is likely to be important for userspace/kernel
> container compatibility for Python runtimes, as Python runtimes built on
> systems with newer kernels and glibc versions will depend on the getrandom
> syscall (for example, this can come up when running Fedora images on
> OpenShift for development purposes).
> 
> For additional background, see https://www.python.org/dev/peps/pep-0522/

Thanks for the background.  I'm trying to get consensus for adding a getrandom wrapper to glibc:

  https://sourceware.org/ml/libc-alpha/2016-06/msg00398.html

Comment 3 Robbie Harwood 2016-09-12 17:45:22 UTC

We would also like to be using this in krb5, though glibc support is not necessary for that use (similar to the python behavior: we both can go through syscall() to get functionality).

Comment 7 Herbert Xu 2016-12-07 09:47:15 UTC

Stanislav, I think you just need to write a program to make the new getrandom system call.

Comment 8 Stanislav Zidek 2016-12-07 09:56:58 UTC

(In reply to Herbert Xu from comment #7)
> Stanislav, I think you just need to write a program to make the new
> getrandom system call.

That seems doable, even though Hubert would probably like to test more :). Thanks for info.

Comment 9 Rafael Aquini 2017-01-17 14:00:14 UTC

Patch(es) committed on kernel repository and an interim kernel build is undergoing testing

Comment 11 Rafael Aquini 2017-01-18 13:32:36 UTC

Patch(es) available on kernel-3.10.0-544.el7

Comment 20 Herbert Xu 2017-04-26 09:53:54 UTC

Please remove the reference to file descriptor exhaustion, and modify the last bit to say "and the kernel can now request randomness from the same non-blocking entropy pool usd by /dev/urandom, but to block until at least 128 bits of entropy has been accumulated in that pool."

Thanks.

Comment 30 errata-xmlrpc 2017-08-01 20:10:04 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1842

Comment 31 errata-xmlrpc 2017-08-02 00:36:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1842

Note You need to log in before you can comment on or make changes to this bug.