linux icon indicating copy to clipboard operation
linux copied to clipboard

Published 20 hours ago verified publisher icon xanmod

Setting kernel.random.write_wakeup_threshold > 256 fails (Invalid argument)

Open mavoga opened this issue 2 years ago • 15 comments

/proc/sys/kernel/random/write_wakeup_threshold doesn't accept values higher than 256: this renders rng-tools unusable and makes haveged segfault:

[ 605.091318] haveged[1232]: segfault at 7fe50291932e ip 00007fe52c19a9ed sp 00007ffd34a36a40 error 4 in libhavege.so.2.0.0[7fe52c189000+14000] [ 605.091325] Code: 60 04 00 00 00 eb ca 4c 89 e7 45 31 e4 e8 bb e7 fe ff c7 45 60 05 00 00 00 eb b6 66 90 41 55 41 54 55 53 48 89 fb 48 83 ec 08 <8b> 57 18 8b 47 14 39 c2 72 5e 4c 8b 27 4d 8b 6c 24 30 4d 85 ed 74

Verified with v5.15.26-xanmod1-0~git20220302.3f644fb and v5.16.12-xanmod1-0~git20220302.97785cf on a Debian testing up-to-date install. The original Debian kernel accepts values greater than 4096.

mavoga avatar Mar 09 '22 13:03 mavoga

@smuellerDD

xanmod avatar Mar 09 '22 16:03 xanmod

As I am pinged, I assume that the kernel contains the LRNG patch? If so, it is expected that any write value that is larger than the used hash (see /proc/lrng_type) is not possible. This is consistent because the maximum amount of entropy the LRNG can hold regarding the provided data is the message digest. If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits).

That said, I am not fully sure which haveged version you use. But I have reported some bug around this issue last fall to the haveged maintainer which issued a fix for it. The current upstream code of haveged was tested with the LRNG and works flawless.

smuellerDD avatar Mar 10 '22 06:03 smuellerDD

Il 10/03/22 07:59, smuellerDD ha scritto:

As I am pinged, I assume that the kernel contains the LRNG patch? If so, it is expected that any write value that is larger than the used hash (see /proc/lrng_type) is not possible. This is consistent because the maximum amount of entropy the LRNG can hold regarding the provided data is the message digest. If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits).

That said, I am not fully sure which haveged version you use. But I have reported some bug around this issue last fall to the haveged maintainer which issued a fix for it. The current upstream code of haveged was tested with the LRNG and works flawless.

haveged v1.9.14 here: this is what is available in the Debian stable/testing/unstable repositories.

I believe 512 bits wouldn't be enough too. Most modern PCs have a TPM device which can provide entropy; after I enabled HW_RANDOM_TPM in the Debian kernel (which doesn't has LRNG patch applied) and installed rng-tools, /proc/sys/kernel/random/write_wakeup_threshold value is 896.

mavoga avatar Mar 10 '22 12:03 mavoga

Is there a way to completely disable LRNG (i.e.: return to stock behavior without recompiling) by kernel command line parameter to make testing easier? Thanks.

mavoga avatar Apr 28 '22 17:04 mavoga

Am Donnerstag, 28. April 2022, 19:25:35 CEST schrieb mavoga:

Hi mavoga,

Is there a way to completely disable LRNG (i.e.: return to stock behavior without recompiling) by kernel command line parameter to make testing easier? Thanks.

You cannot, because (a) the hook into the performance-critical hook into the interrupt handler is hard compiled in and (b) the interface handler for user space interfaces are hard compiled in.

Ciao Stephan

smuellerDD avatar Apr 28 '22 18:04 smuellerDD

@smuellerDD

[...] If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits). [...]

Still trying to find a solution for the continuous libhaveged segfaults. Tried to find a module which matched your description, I could only find sha512-ssse3; after modprobing it:

# echo 512 > /proc/sys/kernel/random/write_wakeup_threshold
-bash: echo: write error: Invalid argument

Same happens for other values > 256. Was that the wrong module? What am I missing?

mavoga avatar May 27 '22 18:05 mavoga

Am Freitag, 27. Mai 2022, 20:05:20 CEST schrieb mavoga:

Hi mavoga,

[...] If you insert the kernel module for SHA-512, you will be able to set values up to 512 (bits). [...]

Still trying to find a solution for the continuous libhaveged segfaults.

Can you please try the current version of haveged? Together with the maintainer, I have resolved an issue that revolved around the changing values in /proc.

Tried to find a module which matched your description, I could only find sha512-ssse; after modprobing it:

echo 512 > /proc/sys/kernel/random/write_wakeup_threshold

-bash: echo: write error: Invalid argument

Same happens for other values > 256. Was that the wrong module? What am I missing?

Ciao Stephan

smuellerDD avatar May 29 '22 20:05 smuellerDD

@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.

The issue still exists anyway: it seems that with a /proc/sys/kernel/random/write_wakeup_threshold of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from /proc/sys/kernel/random/entropy_avail on the same box:

LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081

So, again: is there anything I can do to increase /proc/sys/kernel/random/write_wakeup_threshold in order to have rngd working?

Thanks for your patience

mavoga avatar May 30 '22 10:05 mavoga

Am Montag, 30. Mai 2022, 12:02:24 CEST schrieb mavoga:

Hi mavoga,

@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.

The issue still exists anyway: it seems that with a /proc/sys/kernel/random/write_wakeup_threshold of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from /proc/sys/kernel/random/entropy_avail on the same box:

LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081

So, again: is there anything I can do to increase /proc/sys/kernel/random/write_wakeup_threshold in order to have rngd working?

Thanks for your patience

See https://github.com/nhorman/rng-tools/issues/173

As reported there, the current code base does work with the mentioned tweak. Now let us see how to really solve the issue.

Ciao Stephan

smuellerDD avatar May 31 '22 06:05 smuellerDD

Hi @smuellerDD,

sorry if I'm going to say something weird since I have near zero competence on this subject.

Couldn't you simply store all the entropy generated internally by LRNG into the pool which is externally changeable and report by IOCTLs its values?

mavoga avatar May 31 '22 11:05 mavoga

Am Dienstag, 31. Mai 2022, 13:03:55 CEST schrieb mavoga:

Hi mavoga,

Hi @smuellerDD,

sorry if I'm going to say something weird since I have near zero competence on this subject.

Couldn't you simply store all the entropy generated internally by LRNG into the pool which is externally changeable and report by IOCTLs its values?

This is exactly what should not be done. Entropy pools belong to their respective entropy sources. Each Entropy Source should be managed separately from each other. Only when you want to seed a DRNG, you concantenate the outputs of the different pools and then give that data to the DRNG.

Otherwise it becomes very hard to analyze each entropy source and its processing in isolation (which is the case with the Linux random.c).

Ciao Stephan

smuellerDD avatar May 31 '22 11:05 smuellerDD

Am Montag, 30. Mai 2022, 12:02:24 CEST schrieb mavoga:

Hi mavoga,

@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.

The issue still exists anyway: it seems that with a /proc/sys/kernel/random/write_wakeup_threshold of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from /proc/sys/kernel/random/entropy_avail on the same box:

LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081

So, again: is there anything I can do to increase /proc/sys/kernel/random/write_wakeup_threshold in order to have rngd working?

Ok, I have to check rngd. This is what I did not do so far. I report back.

Thanks for your patience

Ciao Stephan

smuellerDD avatar Oct 11 '22 07:10 smuellerDD

Il 11/10/22 09:59, smuellerDD ha scritto:

[...] Ok, I have to check rngd. This is what I did not do so far. I report back.

Thanks Stephan, however it seems that since Jason Donenfeld made his modifications on random

cat /proc/sys/kernel/random/entropy_avail

always returns '256' regardless the setup.

mavoga avatar Oct 11 '22 08:10 mavoga

Am Montag, 30. Mai 2022, 12:02:24 CEST schrieb mavoga:

Hi mavoga,

@smuellerDD yes, updating haveged to latest git snapshot did the trick, thanks.

The issue still exists anyway: it seems that with a /proc/sys/kernel/random/write_wakeup_threshold of 256 rngd errors out (RNDADDENTROPY failed); this is what I get from /proc/sys/kernel/random/entropy_avail on the same box:

LRNG+haveged (xanmod kernel): 2576 rngd+haveged (liquorix kernel): 4081

So, again: is there anything I can do to increase /proc/sys/kernel/random/write_wakeup_threshold in order to have rngd working?

Using the latest code base from rngd, it works on the LRNG. Though it hangs in an endless loop as it tries to fill the entropy as much as possible which is not possible with the LRNG.

I am debugging.

Thanks for your patience

Ciao Stephan

smuellerDD avatar Oct 11 '22 09:10 smuellerDD

Am Dienstag, dem 11.10.2022 um 01:19 -0700 schrieb mavoga:

Il 11/10/22 09:59, smuellerDD ha scritto:

[...] Ok, I have to check rngd. This is what I did not do so far. I report back.

Thanks Stephan, however it seems that since Jason Donenfeld made his modifications on random

cat /proc/sys/kernel/random/entropy_avail

always returns '256' regardless the setup.

Yes. Now, these proc files are all but irrelevant.

Ciao Stephan

smuellerDD avatar Oct 11 '22 10:10 smuellerDD