From f9ebfb1e4303987c6cfc1e2735f53cb9d2dc1754 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Tue, 15 Apr 2025 16:42:54 +0200
Subject: [PATCH] random_seed.c: get_getrandom_seed(): use GRND_INSECURE if
 available

As explained in https://github.com/json-c/json-c/pull/832, getrandom(..,
GRND_NONBLOCK) fails with EAGAIN if the Linux kernel random number pool is
not yet initialized.

The use case here is initializing the hash table seed rather than strong
randomness for crypto, so use GRND_INSECURE if available (Linux 5.6+) to
make getrandom() return best effort random data during bootup rather than
fail.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 random_seed.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/random_seed.c b/random_seed.c
index a93c8b9..849ede5 100644
--- a/random_seed.c
+++ b/random_seed.c
@@ -176,6 +176,12 @@ retry:
 #include <sys/random.h>
 #endif
 
+/* Return best effort random data even if random pool is not yet
+ * initialized. Available since Linux 5.6 */
+#ifndef GRND_INSECURE
+#define GRND_INSECURE 0
+#endif
+
 static int get_getrandom_seed(int *seed)
 {
 	DEBUG_SEED("get_getrandom_seed");
@@ -184,7 +190,7 @@ static int get_getrandom_seed(int *seed)
 
 	do
 	{
-		ret = getrandom(seed, sizeof(*seed), GRND_NONBLOCK);
+		ret = getrandom(seed, sizeof(*seed), GRND_NONBLOCK | GRND_INSECURE);
 	} while ((ret == -1) && (errno == EINTR));
 
 	if (ret == -1)