From: Borislav Petkov <bp@alien8.de>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
"Ahmed S. Darwish" <darwish.07@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Theodore Ts'o <tytso@mit.edu>,
Nicholas Mc Guire <hofrat@opentech.at>,
the arch/x86 maintainers <x86@kernel.org>,
Andy Lutomirski <luto@kernel.org>,
Kees Cook <keescook@chromium.org>
Subject: Re: x86/random: Speculation to the rescue
Date: Mon, 30 Sep 2019 08:10:15 +0200 [thread overview]
Message-ID: <20190930061014.GC29694@zn.tnic> (raw)
In-Reply-To: <CAHk-=whKhD-GniDqpRhhF=V2cSxThX56NAdkAUoBkbp0mW5=LA@mail.gmail.com>
On Sun, Sep 29, 2019 at 07:59:19PM -0700, Linus Torvalds wrote:
> All my smoke testing looked fine - I disabled trusting the CPU, I
> increased the required entropy a lot, and to actually trigger the
> lockup issue without the broken user space, I made /dev/urandom do
> that "wait for entropy" thing too.
Hohum, seems to get rid of the longish delay during boot on my test
boxes here:
$ grep random /var/log/messages
<--- that's before
Sep 30 07:46:07 cz vmunix: [ 0.000000] random: get_random_bytes called from start_kernel+0x304/0x4ac with crng_init=0
Sep 30 07:46:07 cz vmunix: [ 1.505641] random: fast init done
Sep 30 07:46:07 cz vmunix: [ 7.124808] random: dd: uninitialized urandom read (512 bytes read)
Sep 30 07:46:07 cz vmunix: [ 8.507672] random: dbus-daemon: uninitialized urandom read (12 bytes read)
Sep 30 07:46:07 cz vmunix: [ 8.518621] random: dbus-daemon: uninitialized urandom read (12 bytes read)
Sep 30 07:46:07 cz vmunix: [ 8.565073] random: avahi-daemon: uninitialized urandom read (4 bytes read)
Sep 30 07:46:21 cz vmunix: [ 23.092795] random: crng init done
Sep 30 07:46:21 cz vmunix: [ 23.096419] random: 3 urandom warning(s) missed due to ratelimiting
<--- that's after and we're 15 secs faster:
Sep 30 07:47:53 cz vmunix: [ 0.329599] random: get_random_bytes called from start_kernel+0x304/0x4ac with crng_init=0
Sep 30 07:47:53 cz vmunix: [ 1.949216] random: fast init done
Sep 30 07:47:53 cz vmunix: [ 4.806132] random: dd: uninitialized urandom read (512 bytes read)
Sep 30 07:47:53 cz vmunix: [ 5.954547] random: dbus-daemon: uninitialized urandom read (12 bytes read)
Sep 30 07:47:53 cz vmunix: [ 5.965483] random: dbus-daemon: uninitialized urandom read (12 bytes read)
Sep 30 07:47:53 cz vmunix: [ 6.014102] random: avahi-daemon: uninitialized urandom read (4 bytes read)
Sep 30 07:47:55 cz vmunix: [ 8.238514] random: crng init done
Sep 30 07:47:55 cz vmunix: [ 8.240205] random: 3 urandom warning(s) missed due to ratelimiting
Seeing how those uninitialized urandom read warns still happen, I added a
dump_stack() to see when we do wait for the random bytes first and I got this:
[ 5.522348] random: dbus-daemon: uninitialized urandom read (12 bytes read)
[ 5.532008] random: dbus-daemon: uninitialized urandom read (12 bytes read)
[ 5.579922] random: avahi-daemon: uninitialized urandom read (4 bytes read)
[ 5.751790] elogind-daemon[1730]: New seat seat0.
[ 5.756376] elogind-daemon[1730]: Watching system buttons on /dev/input/event6 (Power Button)
[ 5.777381] elogind-daemon[1730]: Watching system buttons on /dev/input/event3 (Power Button)
[ 5.781485] elogind-daemon[1730]: Watching system buttons on /dev/input/event5 (Lid Switch)
[ 5.783547] elogind-daemon[1730]: Watching system buttons on /dev/input/event4 (Sleep Button)
[ 5.885300] elogind-daemon[1730]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard)
[ 5.911602] CPU: 2 PID: 1798 Comm: sshd Not tainted 5.3.0+ #1
[ 5.914672] Hardware name: HP HP EliteBook 745 G3/807E, BIOS N73 Ver. 01.39 04/16/2019
[ 5.917774] Call Trace:
[ 5.920905] dump_stack+0x46/0x60
[ 5.924044] wait_for_random_bytes.part.32+0x21/0x163
[ 5.927256] ? handle_mm_fault+0x50/0xc0
[ 5.930425] ? _raw_spin_unlock_irq+0x17/0x40
[ 5.933604] ? __do_page_fault+0x225/0x500
[ 5.936763] __x64_sys_getrandom+0x70/0xb0
[ 5.939902] do_syscall_64+0x4c/0x180
[ 5.943003] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 5.946152] RIP: 0033:0x7f4417f4d495
[ 5.949225] Code: 74 4c 8d 0c 37 41 ba 3e 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 4d 39 c8 73 27 4c 89 ce 31 d2 4c 89 c7 44 89 d0 4c 29 c6 0f 05 <48> 3d 00 f0 ff ff 77 2b 48 85 c0 78 0e 74 3c 49 01 c0 4d 39 c8 72
[ 5.952902] RSP: 002b:00007ffc69e6e328 EFLAGS: 00000202 ORIG_RAX: 000000000000013e
[ 5.956227] RAX: ffffffffffffffda RBX: 0000000000000020 RCX: 00007f4417f4d495
[ 5.959530] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000559262c74780
[ 5.962820] RBP: 0000559262c708b0 R08: 0000559262c74780 R09: 0000559262c747a0
[ 5.966104] R10: 000000000000013e R11: 0000000000000202 R12: 00007ffc69e6e470
[ 5.969373] R13: 0000000000000002 R14: 00007f4417f4d460 R15: 000000007fffffff
[ 7.852837] random: crng init done
[ 7.854637] random: 3 urandom warning(s) missed due to ratelimiting
[ 17.767786] elogind-daemon[1730]: New session c1 of user root.
so sshd does getrandom(2) while those other userspace things don't. Oh
well.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2019-09-30 6:10 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-28 22:24 x86/random: Speculation to the rescue Thomas Gleixner
2019-09-28 23:53 ` Linus Torvalds
2019-09-29 7:40 ` Thomas Gleixner
2019-09-29 8:05 ` Alexander E. Patrakov
2019-09-30 1:16 ` Linus Torvalds
2019-09-30 2:59 ` Linus Torvalds
2019-09-30 6:10 ` Borislav Petkov [this message]
2019-09-30 16:06 ` Linus Torvalds
2019-10-01 13:51 ` Borislav Petkov
2019-10-01 17:14 ` Linus Torvalds
2019-10-01 17:50 ` [PATCH] char/random: Add a newline at the end of the file Borislav Petkov
2019-09-30 18:05 ` x86/random: Speculation to the rescue Kees Cook
2019-09-30 3:37 ` Theodore Y. Ts'o
2019-09-30 13:16 ` Theodore Y. Ts'o
2019-09-30 16:15 ` Linus Torvalds
2019-09-30 16:32 ` Peter Zijlstra
2019-09-30 17:03 ` Linus Torvalds
2019-10-01 10:28 ` David Laight
2019-10-15 21:50 ` Thomas Gleixner
2019-10-01 16:15 ` Ahmed S. Darwish
2019-10-01 16:37 ` Kees Cook
2019-10-01 17:18 ` Ahmed S. Darwish
2019-10-01 17:25 ` Linus Torvalds
2019-10-06 12:07 ` Pavel Machek
2019-10-02 12:01 ` Theodore Y. Ts'o
2019-10-06 11:41 ` Pavel Machek
2019-10-06 17:26 ` Linus Torvalds
2019-10-06 17:35 ` Pavel Machek
2019-10-06 18:06 ` Linus Torvalds
2019-10-06 18:21 ` Pavel Machek
2019-10-06 18:26 ` Linus Torvalds
2019-10-07 11:47 ` Theodore Y. Ts'o
2019-10-07 22:18 ` Pavel Machek
2019-10-08 11:33 ` David Laight
2019-10-09 8:02 ` Pavel Machek
2019-10-09 9:37 ` David Laight
-- strict thread matches above, loose matches on Subject: below --
2019-10-01 2:14 hgntkwis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190930061014.GC29694@zn.tnic \
--to=bp@alien8.de \
--cc=darwish.07@gmail.com \
--cc=hofrat@opentech.at \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.