util: fall back to reading /dev/urandom when getrandom() blocks

With recent changes in the Linux kernel, the getrandom() system call may block for a long time after boot on machines that don't have enough entropy. It blocks the chronyd's initialization before it can detach from the terminal and may cause a chronyd service to fail to start due to a timeout. At least for now, enable the GRND_NONBLOCK flag to make the system call non-blocking and let the code fall back to reading /dev/urandom (which never blocks) if the system call failed with EAGAIN or any other error. This makes the start of chronyd non-deterministic with respect to files that it needs to open and possibly also makes it slightly easier to guess the transmit/receive timestamp in client requests until the urandom source is fully initialized.
2025-12-04 00:25:07 -05:00 · 2018-05-17 14:16:58 +02:00
parent 8cbc68f28f
commit 7c5bd948bb
1 changed files with 1 additions and 1 deletions
--- a/util.c
+++ b/util.c
@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, unsigned int len)
      if (disabled)
        break;

-      if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
+      if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) {
        disabled = 1;
        break;
      }