linux
linux copied to clipboard
Setting kernel.random.write_wakeup_threshold > 256 fails (Invalid argument)
/proc/sys/kernel/random/write_wakeup_threshold doesn't accept values higher than 256: this renders rng-tools unusable and makes haveged segfault:
[ 605.091318] haveged[1232]: segfault at 7fe50291932e ip 00007fe52c19a9ed sp 00007ffd34a36a40 error 4 in libhavege.so.2.0.0[7fe52c189000+14000] [ 605.091325] Code: 60 04 00 00 00 eb ca 4c 89 e7 45 31 e4 e8 bb e7 fe ff c7 45 60 05 00 00 00 eb b6 66 90 41 55 41 54 55 53 48 89 fb 48 83 ec 08 <8b> 57 18 8b 47 14 39 c2 72 5e 4c 8b 27 4d 8b 6c 24 30 4d 85 ed 74
Verified with v5.15.26-xanmod1-0~git20220302.3f644fb and v5.16.12-xanmod1-0~git20220302.97785cf on a Debian testing up-to-date install. The original Debian kernel accepts values greater than 4096.
@smuellerDD
As I am pinged, I assume that the kernel contains the LRNG patch? If so, it is expected that any write value that is larger than the used hash (see /proc/lrng_type) is not possible. This is consistent because the maximum amount of entropy the LRNG can hold regarding the provided data is the message digest. If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits).
That said, I am not fully sure which haveged version you use. But I have reported some bug around this issue last fall to the haveged maintainer which issued a fix for it. The current upstream code of haveged was tested with the LRNG and works flawless.
Il 10/03/22 07:59, smuellerDD ha scritto:
As I am pinged, I assume that the kernel contains the LRNG patch? If so, it is expected that any write value that is larger than the used hash (see /proc/lrng_type) is not possible. This is consistent because the maximum amount of entropy the LRNG can hold regarding the provided data is the message digest. If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits).
That said, I am not fully sure which haveged version you use. But I have reported some bug around this issue last fall to the haveged maintainer which issued a fix for it. The current upstream code of haveged was tested with the LRNG and works flawless.
haveged v1.9.14 here: this is what is available in the Debian stable/testing/unstable repositories.
I believe 512 bits wouldn't be enough too. Most modern PCs have a TPM device which can provide entropy; after I enabled HW_RANDOM_TPM in the Debian kernel (which doesn't has LRNG patch applied) and installed rng-tools, /proc/sys/kernel/random/write_wakeup_threshold value is 896.
Is there a way to completely disable LRNG (i.e.: return to stock behavior without recompiling) by kernel command line parameter to make testing easier? Thanks.
Am Donnerstag, 28. April 2022, 19:25:35 CEST schrieb mavoga:
Hi mavoga,
Is there a way to completely disable LRNG (i.e.: return to stock behavior without recompiling) by kernel command line parameter to make testing easier? Thanks.
You cannot, because (a) the hook into the performance-critical hook into the interrupt handler is hard compiled in and (b) the interface handler for user space interfaces are hard compiled in.
Ciao Stephan
@smuellerDD
[...] If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits). [...]
Still trying to find a solution for the continuous libhaveged segfaults. Tried to find a module which matched your description, I could only find sha512-ssse3; after modprobing it:
# echo 512 > /proc/sys/kernel/random/write_wakeup_threshold
-bash: echo: write error: Invalid argument
Same happens for other values > 256. Was that the wrong module? What am I missing?
Am Freitag, 27. Mai 2022, 20:05:20 CEST schrieb mavoga:
Hi mavoga,
[...] If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits). [...]
Still trying to find a solution for the continuous libhaveged segfaults.
Can you please try the current version of haveged? Together with the maintainer, I have resolved an issue that revolved around the changing values in /proc.
Tried to find a module which matched your description, I could only find sha512-ssse; after modprobing it:
echo 512 > /proc/sys/kernel/random/write_wakeup_threshold
-bash: echo: write error: Invalid argument
Same happens for other values > 256. Was that the wrong module? What am I missing?
Ciao Stephan
@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.
The issue still exists anyway: it seems that with a /proc/sys/kernel/random/write_wakeup_threshold
of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from /proc/sys/kernel/random/entropy_avail
on the same box:
LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081
So, again: is there anything I can do to increase /proc/sys/kernel/random/write_wakeup_threshold
in order to have rngd working?
Thanks for your patience
Am Montag, 30. Mai 2022, 12:02:24 CEST schrieb mavoga:
Hi mavoga,
@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.
The issue still exists anyway: it seems that with a
/proc/sys/kernel/random/write_wakeup_threshold
of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from/proc/sys/kernel/random/entropy_avail
on the same box:LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081
So, again: is there anything I can do to increase
/proc/sys/kernel/random/write_wakeup_threshold
in order to have rngd working?Thanks for your patience
See https://github.com/nhorman/rng-tools/issues/173
As reported there, the current code base does work with the mentioned tweak. Now let us see how to really solve the issue.
Ciao Stephan
Hi @smuellerDD,
sorry if I'm going to say something weird since I have near zero competence on this subject.
Couldn't you simply store all the entropy generated internally by LRNG into the pool which is externally changeable and report by IOCTLs its values?
Am Dienstag, 31. Mai 2022, 13:03:55 CEST schrieb mavoga:
Hi mavoga,
Hi @smuellerDD,
sorry if I'm going to say something weird since I have near zero competence on this subject.
Couldn't you simply store all the entropy generated internally by LRNG into the pool which is externally changeable and report by IOCTLs its values?
This is exactly what should not be done. Entropy pools belong to their respective entropy sources. Each Entropy Source should be managed separately from each other. Only when you want to seed a DRNG, you concantenate the outputs of the different pools and then give that data to the DRNG.
Otherwise it becomes very hard to analyze each entropy source and its processing in isolation (which is the case with the Linux random.c).
Ciao Stephan
Am Montag, 30. Mai 2022, 12:02:24 CEST schrieb mavoga:
Hi mavoga,
@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.
The issue still exists anyway: it seems that with a
/proc/sys/kernel/random/write_wakeup_threshold
of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from/proc/sys/kernel/random/entropy_avail
on the same box:LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081
So, again: is there anything I can do to increase
/proc/sys/kernel/random/write_wakeup_threshold
in order to have rngd working?
Ok, I have to check rngd. This is what I did not do so far. I report back.
Thanks for your patience
Ciao Stephan
Il 11/10/22 09:59, smuellerDD ha scritto:
[...] Ok, I have to check rngd. This is what I did not do so far. I report back.
Thanks Stephan, however it seems that since Jason Donenfeld made his modifications on random
cat /proc/sys/kernel/random/entropy_avail
always returns '256' regardless the setup.
Am Montag, 30. Mai 2022, 12:02:24 CEST schrieb mavoga:
Hi mavoga,
@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.
The issue still exists anyway: it seems that with a
/proc/sys/kernel/random/write_wakeup_threshold
of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from/proc/sys/kernel/random/entropy_avail
on the same box:LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081
So, again: is there anything I can do to increase
/proc/sys/kernel/random/write_wakeup_threshold
in order to have rngd working?
Using the latest code base from rngd, it works on the LRNG. Though it hangs in an endless loop as it tries to fill the entropy as much as possible which is not possible with the LRNG.
I am debugging.
Thanks for your patience
Ciao Stephan
Am Dienstag, dem 11.10.2022 um 01:19 -0700 schrieb mavoga:
Il 11/10/22 09:59, smuellerDD ha scritto:
[...] Ok, I have to check rngd. This is what I did not do so far. I report back.
Thanks Stephan, however it seems that since Jason Donenfeld made his modifications on random
cat /proc/sys/kernel/random/entropy_avail
always returns '256' regardless the setup.
Yes. Now, these proc files are all but irrelevant.
Ciao Stephan