From: xiangyu.chen@eng.windriver.com
To: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-Core][master][kirkstone][PATCH] rng-tools: backport patch to adjust jitterentropy library to timeout/fail on long delay
Date: Sun, 27 Nov 2022 21:25:40 +0800 [thread overview]
Message-ID: <9c904c67-49bb-dd2b-1dc2-c76089b48e1a@windriver.com> (raw)
In-Reply-To: <Y4CpaKfbn8gnQsLb@mail.local>
On 11/25/22 19:39, Alexandre Belloni wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> On 25/11/2022 18:08:12+0800, Xiangyu Chen wrote:
>> On 11/15/22 16:18, Xiangyu Chen wrote:
>>> Backport patch from upstream[1] to adjust jitter to timeout on init after 5 seconds in the event it takes
>>> to long to gether jitter entropy.This also fix rng-tools take full cpu usage with whole cores on ARM platforms.
>>>
>>> [1] https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81
>>>
>>> Signed-off-by: Xiangyu Chen <xiangyu.chen@eng.windriver.com>
>> Friendly ping, thanks.
> I believe this is the cause of this error:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/5017/steps/13/logs/stdio
>
I have verified on my local setup, this issue happens on
core-image-full-cmdline image due to missing libgcc_s.so, error as
below, that's also explain why I didn't see it in a normal sato image
when I sent this patch.
Nov 27 11:23:02 qemux86 systemd[1]: Started Hardware RNG Entropy
Gatherer Daemon.
Nov 27 11:23:03 qemux86 rngd[191]: Initializing available sources
Nov 27 11:23:03 qemux86 rngd[191]: [hwrng ]: Initialized
Nov 27 11:23:03 qemux86 rngd[191]: [rdrand]: Enabling RDRAND rng support
Nov 27 11:23:03 qemux86 rngd[191]: [rdrand]: Initialized
Nov 27 11:23:08 qemux86 rngd[191]: [jitter]: Initializing AES buffer
Nov 27 11:23:13 qemux86 rngd[191]: [jitter]: Unable to obtain AES key,
disabling JITTER source
Nov 27 11:23:13 qemux86 rngd[191]: libgcc_s.so.1 must be installed for
pthread_exit to work
Nov 27 11:23:13 qemux86 systemd[1]: rng-tools.service: Main process
exited, code=killed, status=6/ABRT
Nov 27 11:23:13 qemux86 systemd[1]: rng-tools.service: Failed with
result 'signal'.
I will send a V2 patch later.
thanks.
>
>>
>>> ---
>>> ...ropy-library-to-timeout-fail-on-long.patch | 144 ++++++++++++++++++
>>> .../rng-tools/rng-tools_6.15.bb | 1 +
>>> 2 files changed, 145 insertions(+)
>>> create mode 100644 meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
>>>
>>> diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
>>> new file mode 100644
>>> index 0000000000..d70c6587aa
>>> --- /dev/null
>>> +++ b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
>>> @@ -0,0 +1,144 @@
>>> +From 3f1d6e53985e40cbe4c7380ce503ca2778d4cd9d Mon Sep 17 00:00:00 2001
>>> +From: Neil Horman <nhorman@tuxdriver.com>
>>> +Date: Mon, 16 May 2022 13:38:54 -0400
>>> +Subject: [PATCH] Adjust jitterentropy library to timeout/fail on long delay
>>> +
>>> +When running rngd -l its possible, on platforms that have low jitter
>>> +entropy to block for long periods of time. Adjust jitter to timeout on
>>> +init after 5 seconds in the event it takes to long to gether jitter
>>> +entropy
>>> +
>>> +Also while we're at it, I might have a build solution for the presence
>>> +of internal timers. When jitterentropy is built without internal
>>> +timers, jent_notime_init is defined publically, but when it is built
>>> +with timers, its declared as a static symbol, preenting resolution, so
>>> +we can test to see if the function exists. If it does we _don't_ have
>>> +notime support. The logic is a bit backwards, but i think it works
>>> +
>>> +Upstream-Status: Backport from
>>> +[https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81]
>>> +
>>> +Signed-off-by: Xiangyu Chen <xiangyu.chen@eng.windriver.com>
>>> +---
>>> + configure.ac | 6 ++---
>>> + rngd_jitter.c | 61 +++++++++++++++++++++++++++++++++++++++------------
>>> + 2 files changed, 50 insertions(+), 17 deletions(-)
>>> +
>>> +diff --git a/configure.ac b/configure.ac
>>> +index 40008ca..2e12308 100644
>>> +--- a/configure.ac
>>> ++++ b/configure.ac
>>> +@@ -94,9 +94,9 @@ AS_IF(
>>> + AC_SEARCH_LIBS(jent_version,jitterentropy,
>>> + [AM_CONDITIONAL([JITTER], [true])
>>> + AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
>>> +- AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl,
>>> +- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
>>> +- [],-lpthread)],
>>> ++ AC_CHECK_LIB(jitterentropy, jent_notime_init,
>>> ++ [],
>>> ++ [AC_DEFINE([HAVE_JITTER_NOTIME],1, [Enable JITTER_NOTIME])],-lpthread)],
>>> + AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
>>> + ], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
>>> + )
>>> +diff --git a/rngd_jitter.c b/rngd_jitter.c
>>> +index d1b17ba..3647b7f 100644
>>> +--- a/rngd_jitter.c
>>> ++++ b/rngd_jitter.c
>>> +@@ -400,6 +400,8 @@ int init_jitter_entropy_source(struct rng *ent_src)
>>> + int entflags = 0;
>>> + int ret;
>>> + int core_id = 0;
>>> ++ struct timespec base, now;
>>> ++ int rc;
>>> +
>>> + signal(SIGUSR1, jitter_thread_exit_signal);
>>> +
>>> +@@ -508,6 +510,10 @@ int init_jitter_entropy_source(struct rng *ent_src)
>>> + CPU_FREE(cpus);
>>> + cpus = NULL;
>>> +
>>> ++ flags = fcntl(pipefds[0], F_GETFL, 0);
>>> ++ flags |= O_NONBLOCK;
>>> ++ fcntl(pipefds[0], F_SETFL, flags);
>>> ++
>>> + if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
>>> + /*
>>> + * Temporarily disable aes so we don't try to use it during init
>>> +@@ -516,32 +522,59 @@ int init_jitter_entropy_source(struct rng *ent_src)
>>> + message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Initializing AES buffer\n");
>>> + aes_buf = malloc(tdata[0].buf_sz);
>>> + ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
>>> +- if (xread_jitter(key, AES_BLOCK, ent_src)) {
>>> +- message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain AES key, disabling AES in JITTER source\n");
>>> +- } else if (xread_jitter(iv_buf, CHUNK_SIZE, ent_src)) {
>>> +- message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain iv_buffer, disabling AES in JITTER source\n");
>>> ++ clock_gettime(CLOCK_REALTIME, &base);
>>> ++ do {
>>> ++ rc = xread_jitter(key, AES_BLOCK, ent_src);
>>> ++ clock_gettime(CLOCK_REALTIME, &now);
>>> ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5));
>>> ++
>>> ++ if (rc) {
>>> ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain AES key, disabling JITTER source\n");
>>> ++ close_jitter_entropy_source(ent_src);
>>> ++ return 1;
>>> ++ }
>>> ++ do {
>>> ++ rc = xread_jitter(iv_buf, CHUNK_SIZE, ent_src);
>>> ++ clock_gettime(CLOCK_REALTIME, &now);
>>> ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5));
>>> ++
>>> ++ if (rc) {
>>> ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain iv_buffer, disabling JITTER source\n");
>>> ++ close_jitter_entropy_source(ent_src);
>>> ++ return 1;
>>> + } else {
>>> + /* re-enable AES */
>>> + ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 1;
>>> + ossl_ctx = ossl_aes_init(key, iv_buf);
>>> + }
>>> +- xread_jitter(aes_buf, tdata[0].buf_sz, ent_src);
>>> ++
>>> ++ do {
>>> ++ rc = xread_jitter(aes_buf, tdata[0].buf_sz, ent_src);
>>> ++ clock_gettime(CLOCK_REALTIME, &now);
>>> ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5));
>>> ++ if (rc) {
>>> ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to obtain aes buffer, disabling JITTER source\n");
>>> ++ close_jitter_entropy_source(ent_src);
>>> ++ return 1;
>>> ++ }
>>> ++
>>> + } else {
>>> + /*
>>> +- * Make sure that an entropy gathering thread has generated
>>> +- * at least some entropy before setting O_NONBLOCK and finishing
>>> +- * the entropy source initialization.
>>> +- *
>>> + * This avoids "Entropy Generation is slow" log spamming that
>>> + * would otherwise happen until jent_read_entropy() has run
>>> + * for the first time.
>>> + */
>>> +- xread_jitter(&i, 1, ent_src);
>>> +- }
>>> ++ do {
>>> ++ rc = xread_jitter(&i, 1, ent_src);
>>> ++ clock_gettime(CLOCK_REALTIME, &now);
>>> ++ } while (rc && ((now.tv_sec - base.tv_sec) < 5));
>>> ++ if (rc) {
>>> ++ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to prime jitter source, disabling JITTER source\n");
>>> ++ close_jitter_entropy_source(ent_src);
>>> ++ return 1;
>>> ++ }
>>> +
>>> +- flags = fcntl(pipefds[0], F_GETFL, 0);
>>> +- flags |= O_NONBLOCK;
>>> +- fcntl(pipefds[0], F_SETFL, flags);
>>> ++ }
>>> +
>>> + message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling JITTER rng support\n");
>>> + return 0;
>>> +--
>>> +2.34.1
>>> +
>>> diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb
>>> index efc08b5e0a..c6284f0006 100644
>>> --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb
>>> +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb
>>> @@ -12,6 +12,7 @@ SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \
>>> file://init \
>>> file://default \
>>> file://rng-tools.service \
>>> + file://0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch \
>>> "
>>> SRCREV = "381f69828b782afda574f259c1b7549f48f9bb77"
>>>
>>>
>>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#173763): https://lists.openembedded.org/g/openembedded-core/message/173763
>> Mute This Topic: https://lists.openembedded.org/mt/95039053/3617179
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
next prev parent reply other threads:[~2022-11-27 13:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1727B4342812AA9D.29995@lists.openembedded.org>
2022-11-18 8:27 ` [OE-Core][master][kirkstone][PATCH] rng-tools: backport patch to adjust jitterentropy library to timeout/fail on long delay xiangyu.chen
2022-11-25 10:08 ` xiangyu.chen
2022-11-25 11:39 ` Alexandre Belloni
2022-11-27 13:25 ` xiangyu.chen [this message]
2022-11-15 8:18 Xiangyu Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9c904c67-49bb-dd2b-1dc2-c76089b48e1a@windriver.com \
--to=xiangyu.chen@eng.windriver.com \
--cc=alexandre.belloni@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox