Date
1 - 5 of 5
[master][kirkstone][PATCH] rng-tools: backport patch to adjust jitterentropy library to timeout/fail on long delay
|
Xiangyu Chen
On 11/25/22 19:39, Alexandre Belloni wrote:
CAUTION: This email comes from a non Wind River email account!I have verified on my local setup, this issue happens on core-image-full-cmdline image due to missing libgcc_s.so, error as below, that's also explain why I didn't see it in a normal sato image when I sent this patch. Nov 27 11:23:02 qemux86 systemd[1]: Started Hardware RNG Entropy Gatherer Daemon. Nov 27 11:23:03 qemux86 rngd[191]: Initializing available sources Nov 27 11:23:03 qemux86 rngd[191]: [hwrng ]: Initialized Nov 27 11:23:03 qemux86 rngd[191]: [rdrand]: Enabling RDRAND rng support Nov 27 11:23:03 qemux86 rngd[191]: [rdrand]: Initialized Nov 27 11:23:08 qemux86 rngd[191]: [jitter]: Initializing AES buffer Nov 27 11:23:13 qemux86 rngd[191]: [jitter]: Unable to obtain AES key, disabling JITTER source Nov 27 11:23:13 qemux86 rngd[191]: libgcc_s.so.1 must be installed for pthread_exit to work Nov 27 11:23:13 qemux86 systemd[1]: rng-tools.service: Main process exited, code=killed, status=6/ABRT Nov 27 11:23:13 qemux86 systemd[1]: rng-tools.service: Failed with result 'signal'. I will send a V2 patch later. thanks. ----- |
|
|
|
Alexandre Belloni
On 25/11/2022 18:08:12+0800, Xiangyu Chen wrote:
I believe this is the cause of this error: https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/5017/steps/13/logs/stdio --- -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com |
|
|
|
Xiangyu Chen
On 11/15/22 16:18, Xiangyu Chen wrote:
Backport patch from upstream[1] to adjust jitter to timeout on init after 5 seconds in the event it takesFriendly ping, thanks. --- |
|
|
|
Xiangyu Chen
On 11/15/22 16:18, Xiangyu Chen wrote:
Backport patch from upstream[1] to adjust jitter to timeout on init after 5 seconds in the event it takesFriendly ping, thanks ;p Br, Xiangyu --- |
|
|
|
Xiangyu Chen
Backport patch from upstream[1] to adjust jitter to timeout on init after 5 seconds in the event it takes
to long to gether jitter entropy.This also fix rng-tools take full cpu usage with whole cores on ARM platforms. [1] https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81 Signed-off-by: Xiangyu Chen <xiangyu.chen@...> --- ...ropy-library-to-timeout-fail-on-long.patch | 144 ++++++++++++++++++ .../rng-tools/rng-tools_6.15.bb | 1 + 2 files changed, 145 insertions(+) create mode 100644 meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch new file mode 100644 index 0000000000..d70c6587aa --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch @@ -0,0 +1,144 @@ +From 3f1d6e53985e40cbe4c7380ce503ca2778d4cd9d Mon Sep 17 00:00:00 2001 +From: Neil Horman <nhorman@...> +Date: Mon, 16 May 2022 13:38:54 -0400 +Subject: [PATCH] Adjust jitterentropy library to timeout/fail on long delay + +When running rngd -l its possible, on platforms that have low jitter +entropy to block for long periods of time. Adjust jitter to timeout on +init after 5 seconds in the event it takes to long to gether jitter +entropy + +Also while we're at it, I might have a build solution for the presence +of internal timers. When jitterentropy is built without internal +timers, jent_notime_init is defined publically, but when it is built +with timers, its declared as a static symbol, preenting resolution, so +we can test to see if the function exists. If it does we _don't_ have +notime support. The logic is a bit backwards, but i think it works + +Upstream-Status: Backport from +[https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@...> +--- + configure.ac | 6 ++--- + rngd_jitter.c | 61 +++++++++++++++++++++++++++++++++++++++------------ + 2 files changed, 50 insertions(+), 17 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 40008ca..2e12308 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -94,9 +94,9 @@ AS_IF( + AC_SEARCH_LIBS(jent_version,jitterentropy, + [AM_CONDITIONAL([JITTER], [true]) + AC_DEFINE([HAVE_JITTER],1,[Enable JITTER]) +- AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl, +- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])], +- [],-lpthread)], ++ AC_CHECK_LIB(jitterentropy, jent_notime_init, ++ [], ++ [AC_DEFINE([HAVE_JITTER_NOTIME],1, [Enable JITTER_NOTIME])],-lpthread)], + AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread) + ], [AC_MSG_NOTICE([Disabling JITTER entropy source])] + ) +diff --git a/rngd_jitter.c b/rngd_jitter.c +index d1b17ba..3647b7f 100644 +--- a/rngd_jitter.c ++++ b/rngd_jitter.c +@@ -400,6 +400,8 @@ int init_jitter_entropy_source(struct rng *ent_src) + int entflags = 0; + int ret; + int core_id = 0; ++ struct timespec base, now; ++ int rc; + + signal(SIGUSR1, jitter_thread_exit_signal); + +@@ -508,6 +510,10 @@ int init_jitter_entropy_source(struct rng *ent_src) + CPU_FREE(cpus); + cpus = NULL; + ++ flags = fcntl(pipefds[0], F_GETFL, 0); ++ flags |= O_NONBLOCK; ++ fcntl(pipefds[0], F_SETFL, flags); ++ + if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) { + /* + * Temporarily disable aes so we don't try to use it during init +@@ -516,32 +522,59 @@ int init_jitter_entropy_source(struct rng *ent_src) + message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Initializing AES buffer\n"); + aes_buf = malloc(tdata[0].buf_sz); + ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0; +- if (xread_jitter(key, AES_BLOCK, ent_src)) { +- message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain AES key, disabling AES in JITTER source\n"); +- } else if (xread_jitter(iv_buf, CHUNK_SIZE, ent_src)) { +- message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain iv_buffer, disabling AES in JITTER source\n"); ++ clock_gettime(CLOCK_REALTIME, &base); ++ do { ++ rc = xread_jitter(key, AES_BLOCK, ent_src); ++ clock_gettime(CLOCK_REALTIME, &now); ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5)); ++ ++ if (rc) { ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain AES key, disabling JITTER source\n"); ++ close_jitter_entropy_source(ent_src); ++ return 1; ++ } ++ do { ++ rc = xread_jitter(iv_buf, CHUNK_SIZE, ent_src); ++ clock_gettime(CLOCK_REALTIME, &now); ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5)); ++ ++ if (rc) { ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain iv_buffer, disabling JITTER source\n"); ++ close_jitter_entropy_source(ent_src); ++ return 1; + } else { + /* re-enable AES */ + ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 1; + ossl_ctx = ossl_aes_init(key, iv_buf); + } +- xread_jitter(aes_buf, tdata[0].buf_sz, ent_src); ++ ++ do { ++ rc = xread_jitter(aes_buf, tdata[0].buf_sz, ent_src); ++ clock_gettime(CLOCK_REALTIME, &now); ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5)); ++ if (rc) { ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain aes buffer, disabling JITTER source\n"); ++ close_jitter_entropy_source(ent_src); ++ return 1; ++ } ++ + } else { + /* +- * Make sure that an entropy gathering thread has generated +- * at least some entropy before setting O_NONBLOCK and finishing +- * the entropy source initialization. +- * + * This avoids "Entropy Generation is slow" log spamming that + * would otherwise happen until jent_read_entropy() has run + * for the first time. + */ +- xread_jitter(&i, 1, ent_src); +- } ++ do { ++ rc = xread_jitter(&i, 1, ent_src); ++ clock_gettime(CLOCK_REALTIME, &now); ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5)); ++ if (rc) { ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to prime jitter source, disabling JITTER source\n"); ++ close_jitter_entropy_source(ent_src); ++ return 1; ++ } + +- flags = fcntl(pipefds[0], F_GETFL, 0); +- flags |= O_NONBLOCK; +- fcntl(pipefds[0], F_SETFL, flags); ++ } + + message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling JITTER rng support\n"); + return 0; +-- +2.34.1 + diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb index efc08b5e0a..c6284f0006 100644 --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb @@ -12,6 +12,7 @@ SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ file://init \ file://default \ file://rng-tools.service \ + file://0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch \ " SRCREV = "381f69828b782afda574f259c1b7549f48f9bb77" -- 2.34.1 |
|
|