getrandom() before forking daemon is blocking init system
William Taylor
william.taylor at sonic.com
Tue Mar 5 18:51:06 EET 2019
On Tue, Mar 05, 2019 at 05:39:28PM +0100, Axel Burri via dovecot wrote:
> Hello
>
> When booting from a slow machine, I can observe dovecot blocking the
> whole boot process. I traced it down to the getrandom() system call in
> lib/randgen.c, which blocks until the random number generator is
> initialized (dmesg "random: crng init done"). This can take up to three
> minutes (!) on my machine, as there is not much entropy available (no
> hardware RNG, network VPN is also waiting for random).
>
> Unfortunately dovecot calls getrandom() before forking a daemon, which
> as a consequence blocks the whole init process (OpenRC on Gentoo Linux).
>
> I believe this behavior has changed in kernel 4.14:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.40&id=6e513bc20ca63f594632eca4e1968791240b8f18
>
> Quoting getrandom(2):
> "If the urandom source has not yet been initialized, then getrandom()
> will block, unless GRND_NONBLOCK is specified in flags."
>
>
> Dovecot: 2.3.4.1 (f79e8e7e4)
>
> Linux: 4.19.26-gentoo #2 SMP Thu Feb 28 20:30:23 CET 2019 x86_64 AMD
> G-T40E Processor AuthenticAMD GNU/Linux
>
>
> Regards,
>
> Axel
>
It should either block or fail to start. I personally like the idea of
blocking so it starts up successfully.
Have you tried installing an entropy daemon or something to provide more
entropy? I've seen people suggest haveged before.
On a side note.. I thought you want to call getrandom() after forking
otherwise all children have the same rng sequence.
More information about the dovecot
mailing list