Re: [PATCH V2 1/2] openssh: upgrade 7.8p1 -> 7.8p1+git to support openssl 1.1.x

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: Bruce Ashfield <bruce.ashfield@windriver.com>
To: <richard.purdie@linuxfoundation.org>,
	Hongxu Jia <hongxu.jia@windriver.com>,
	<openembedded-core@lists.openembedded.org>
Cc: Koen Kooi <koen.kooi@linaro.org>
Subject: Re: [PATCH V2 1/2] openssh: upgrade 7.8p1 -> 7.8p1+git to support openssl 1.1.x
Date: Thu, 20 Sep 2018 03:22:17 -0400	[thread overview]
Message-ID: <417d48ba-fb59-266c-1293-e41919e6efb5@windriver.com> (raw)
In-Reply-To: <3310e627615370184fd7a1a58997b516ce36f2a7.camel@linuxfoundation.org>

On 09/20/2018 12:54 AM, richard.purdie@linuxfoundation.org wrote:
> On Thu, 2018-09-20 at 09:45 +0800, Hongxu Jia wrote:
>> I will fix it as my top priority today.
>>
>> Reproduce steps:
>>
>> - Build core-image-sato-sdk on qemuarm64
>> - Run qemu
>> - Log over ssh (openssh) failed
>>
> 
> I did have a little bit of a look at this. It seems to hang during key
> generation before starting the server during boot.
> 
> I had a suspicion that the problem could be a lack of entropy. We're
> supposed to have the virtio entropy generation being passed through
> from the host to avoid problems with entropy starvation but I'm not
> sure its running for arm64.

We ran into this with OVS in meta-virt as well. The new ssl + the
4.16+ kernel jams initializing crypto. The solution there was to
turn off ssl by default.

Author: Jason Wessel <jason.wessel@windriver.com>
Date:   Wed Sep 5 15:44:45 2018 -0700

     openvswitch: Turn off ssl integration by default

     The openssl library is an optional component for the openvswitch.  The
     problem with it enabled by default is that it will consume system
     entropy to try to initialize the openssl library even though we are not
     using it by default.  With the 4.16 kernel and up there is not always
     enough entropy available at the early boot time which can cause a
     lengthy stall, while waiting to initialize the openvswitch.

     If ssl is needed, it can of course be turned on with the package
     config option "ssl".

     Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
     Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>


> 
> I noticed the .config shows CONFIG_CRYPTO_DEV_VIRTIO=m but setting that
> to =y didn't help. The virtio rng connects via pci bus iirc and
> CONFIG_PCI isn't set so I'm now looking into that...

This was the 2nd solution, but it did work in our cases without hang.

Which is to add: -device virtio-rng-pci to the qemu command line.
But yes, you need PCI for that to work.


> 
> To update, adding this config to the kernel:
> 
> CONFIG_CRYPTO_DEV_VIRTIO=y
> CONFIG_PCI=y
> CONFIG_PCI_HOST_GENERIC=y
> 
> appears to solve the problem and lets my simple tests work. I'll have
> to run some better tests but I think this is the problem, lack pci
> support in the kernel meaning the rng virtio passthrough doesn't work.
> 

Yes. That should be it. If someone sends me a config fragment tweak,
I'll get it into my queue that should come out in the next day or so.

Bruce

> Cheers,
> 
> Richard
> 
> 
> 
> 
> 
>

next prev parent reply	other threads:[~2018-09-20  7:22 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-19 11:59 [PATCH V2 1/2] openssh: upgrade 7.8p1 -> 7.8p1+git to support openssl 1.1.x Hongxu Jia
2018-09-19 11:58 ` Hongxu Jia
2018-09-19 11:59 ` [PATCH 2/2] libressl: remove recipe Hongxu Jia
2018-09-20  1:07 ` [PATCH V2 1/2] openssh: upgrade 7.8p1 -> 7.8p1+git to support openssl 1.1.x richard.purdie
2018-09-20  1:45   ` Hongxu Jia
2018-09-20  3:54     ` richard.purdie
2018-09-20  4:54     ` richard.purdie
2018-09-20  7:22       ` Bruce Ashfield [this message]
2018-09-20  9:44       ` Hongxu Jia
2018-09-20 10:00         ` Hongxu Jia
2018-09-20 16:25       ` Hongxu Jia
2018-09-20 17:54         ` richard.purdie
2018-09-21  1:55           ` Hongxu Jia
2018-09-21  3:47             ` richard.purdie
2018-09-21  8:09               ` Hongxu Jia
2018-09-21 12:30                 ` richard.purdie
2018-09-21  3:50           ` Bruce Ashfield
2018-09-21  9:08           ` Hongxu Jia
2018-09-21 12:29             ` richard.purdie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=417d48ba-fb59-266c-1293-e41919e6efb5@windriver.com \
    --to=bruce.ashfield@windriver.com \
    --cc=hongxu.jia@windriver.com \
    --cc=koen.kooi@linaro.org \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=richard.purdie@linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox