getrandom() before forking daemon is blocking init system

Axel Burri axel at tty0.ch
Tue Mar 5 19:33:29 EET 2019



On 05/03/2019 17.53, Aki Tuomi wrote:
> 
>> On 05 March 2019 at 18:51 William Taylor via dovecot <dovecot at dovecot.org> wrote:
>>
>>
>> On Tue, Mar 05, 2019 at 05:39:28PM +0100, Axel Burri via dovecot wrote:
>>> Hello
>>>
>>> When booting from a slow machine, I can observe dovecot blocking the
>>> whole boot process. I traced it down to the getrandom() system call in
>>> lib/randgen.c, which blocks until the random number generator is
>>> initialized (dmesg "random: crng init done"). This can take up to three
>>> minutes (!) on my machine, as there is not much entropy available (no
>>> hardware RNG, network VPN is also waiting for random).
>>>
>>> Unfortunately dovecot calls getrandom() before forking a daemon, which
>>> as a consequence blocks the whole init process (OpenRC on Gentoo Linux).
>>>
>>> I believe this behavior has changed in kernel 4.14:
>>>
>>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.40&id=6e513bc20ca63f594632eca4e1968791240b8f18
>>>
>>> Quoting getrandom(2):
>>> "If the urandom source has not yet been initialized, then getrandom()
>>> will block, unless GRND_NONBLOCK is specified in flags."
>>>
>>>
>>> Dovecot: 2.3.4.1 (f79e8e7e4)
>>>
>>> Linux: 4.19.26-gentoo #2 SMP Thu Feb 28 20:30:23 CET 2019 x86_64 AMD
>>> G-T40E Processor AuthenticAMD GNU/Linux
>>>
>>>
>>> Regards,
>>>
>>> Axel
>>>
>>
>> It should either block or fail to start. I personally like the idea of 
>> blocking so it starts up successfully.

Usually I would agree, but the problem here is that it blocks the init
process, which is very bad (e.g. without tweaking, vital services like
sshd started later in the boot process, all waiting for dovecot).

>> Have you tried installing an entropy daemon or something to provide more
>> entropy? I've seen people suggest haveged before.

For now, I run a filesystem scrub in the boot process, which already
provides quite some entropy (presumably by disk interrupts). "haveged"
would probably also help, but I'd like not to tweak my RNG too much, as
bad randomness can weaken crypto a lot.

>> On a side note.. I thought you want to call getrandom() after forking 
>> otherwise all children have the same rng sequence.

I'm not saying that I know how this is done correctly. All I know it
that other daemons using SSL (and thus requiring random) also start
without blocking the init process.

> 
> Entropy daemon is very recommended for your server in any case, otherwise you'll have lots of trouble with SSL.
> 
> Aki
> 



More information about the dovecot mailing list