Re: [OE-Core][master][kirkstone][PATCH V2] rng-tools: Add Arm aarch64 CPU specific configuration to address excessive CPU usage on startup

Thu, 08 Dec 2022 22:58:53 -0800 


On 12/7/22 18:31, Xiangyu Chen wrote:


On 11/7/22 10:18, Khem Raj wrote:

CAUTION: This email comes from a non Wind River email account!

Do not click links or open attachments unless you recognize the 
sender and know the content is safe.



On Sun, Nov 6, 2022 at 5:21 PM Xiangyu Chen 
<[email protected]> wrote:


On 11/1/22 09:48, Xiangyu Chen wrote:

With the default jitter options aarch64 CPU-based devices typically 
experience continuous

high CPU utilisation for several minutes after rngd starts.


Accoring to the rng-tools issue #150[1] and comments[2],in order to 
address this,
the following configuration changes have been made, those 
configurations

also can be found on Alpine Linux[3]:


- reduce the number of threads used to 1 in total, rather than 1 
per core.
- reduce the buffer size from 16535 to 4133 which reduces the time 
taken

    to fill the buffer (and so reduces the duration of CPU load).

[1] https://github.com/nhorman/rng-tools/issues/150

[2] 
https://github.com/nhorman/rng-tools/issues/150#issuecomment-953079212
[3] 
https://git.alpinelinux.org/aports/tree/main/rng-tools/rngd.confd-arm


Signed-off-by: Xiangyu Chen <[email protected]>
---
Changes in V2:

    *put the aarch64 specific default file in 
meta/recipes-support/rng-tools/rng-tools/aarch64

Friendly ping. Is there any more concern on this?

My concern is that will it be so for all aarch64 machines ?

Regarding the rng-tools high cpu usage still need to be discussed here.


Currently, on some platforms like ARM, there is not any good idea to 
solve the rng-tools jitter module take full cpu load during the daemon 
start. In fact, after kernel v5.6, the /dev/random doesn't block 
anymore, so, perhaps we can use the parameter to limit rng-tools 
resource during it start up, does anyone have any ideas to propose?  
Thanks!



We have verified 2 boards on kernel 5.6 later, 1 board without rngd, 
random number was also generated in perfectly speed, sshd also was 
working well.



But in another board on kernel 5.2 without rngd, a testing random 
progress was blocked due to no enough entropy.



From the log, on kernel 5.15, we can observe that crng init in early 
stage before mounting the rootfs,but on kernel 5.2, crng init after 
rootfs was mounted, and although crng inited, the entropy still low if 
rngd not start, a dd test progress was blocked due to low entropy, 
that's explain why openssh enabled the rngd/rng-tools .



So, from the test result we can see, for newly kernel, the rngd seems 
not necessary any more.




Testing result as below:


Board 1: Marvell CN96xx CRB (Cortex A72, aarch64)

crng init stage:

oot@marvell-cn96xx:~# dmesg | grep -C 5 crng

[   88.486463] bus: 'pci': __driver_probe_device: matched device 
0000:03:00.1 with driver cavium_rng_vf
[   88.486513] bus: 'pci': really_probe: probing driver cavium_rng_vf 
with device 0000:03:00.1

[   88.488911] cavium_rng_vf 0000:03:00.1: Adding to iommu group 73
[   88.516290] cavium_rng_vf 0000:03:00.1: assign IRQ: got 0

[   88.519205] driver: 'cavium_rng_vf': driver_bound: bound to device 
'0000:03:00.1'
[   88.519459] bus: 'pci': really_probe: bound device 0000:03:00.1 to 
driver cavium_rng_vf

[   88.519473] random: crng init done

[   88.519723] driver: 'cavium_rng_pf': driver_bound: bound to device 
'0000:03:00.0'
[   88.523222] bus: 'pci': really_probe: bound device 0000:03:00.0 to 
driver cavium_rng_pf

[   88.523295] devices_kset: Moving 0000:01:01.4 to end of list
[   88.523320] PM: Moving pci:0000:01:01.4 to end of list


Kernel version:

root@marvell-cn96xx:~# uname -a

Linux marvell-cn96xx 5.15.78-yocto-standard #1 SMP PREEMPT Wed Nov 23 
04:17:58 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux




Disabled rng-tools(rngd) and testing read random, we can observe almost 
20.4 MB/s random number was generated from /dev/random with dd command, 
rngtest also was working well:


root@marvell-cn96xx:~# systemctl stop rng-tools
root@marvell-cn96xx:~# ps -ef |grep rng
root         441       2  0 10:59 ?        00:00:00 [hwrng]
root         864     848  0 11:02 pts/0    00:00:00 grep rng
root@marvell-cn96xx:~# dd if=/dev/random of=/dev/null status=progress
1342177280 bytes (1.3 GB, 1.2 GiB) copied, 66 s, 20.4 MB/s
10+0 records in
10+0 records out
1342177280 bytes (1.3 GB, 1.2 GiB) copied, 65.7033 s, 20.4 MB/s
root@marvell-cn96xx:~# rngtest -c 1000 </dev/random
rngtest 6.15
Copyright (c) 2004 by Henrique de Moraes Holschuh

This is free software; see the source for copying conditions. There is 
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR 
PURPOSE.rngtest: starting FIPS tests...

rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=4.340; avg=135.364; max=146.719)Mibits/s
rngtest: FIPS tests speed: (min=8.197; avg=69.020; max=72.800)Mibits/s
rngtest: Program run time: 418771 microseconds
root@marvell-cn96xx:~# echo $?
0
root@marvell-cn96xx:~#


Board 2: NXP i.mx6q(Cortex-A9 armb7l  32bit)

crng init stage:

root@nxp-imx6:~# journalctl -k
Apr 28 17:42:27 nxp-imx6 kernel: Booting Linux on physical CPU 0x0

Apr 28 17:42:27 nxp-imx6 kernel: Linux version 5.15.80-yocto-standard 
(oe-user@oe-host) (arm-wrs-linux-gnueabi-gcc (GCC) 11.3.0, GNU ld (GNU 
Binutils) 2.38.20220708) #1 SMP PREEMPT Mon Dec 5 17:32:29 UT>
Apr 28 17:42:27 nxp-imx6 kernel: CPU: ARMv7 Processor [412fc09a] 
revision 10 (ARMv7), cr=10c5387d
Apr 28 17:42:27 nxp-imx6 kernel: CPU: PIPT / VIPT nonaliasing data 
cache, VIPT aliasing instruction cache
Apr 28 17:42:27 nxp-imx6 kernel: OF: fdt: Machine model: Freescale i.MX6 
Quad SABRE Smart Device Board

Apr 28 17:42:27 nxp-imx6 kernel: Memory policy: Data cache writealloc

Apr 28 17:42:27 nxp-imx6 kernel: Reserved memory: created CMA memory 
pool at 0x2c000000, size 320 MiB
Apr 28 17:42:27 nxp-imx6 kernel: OF: reserved mem: initialized node 
linux,cma, compatible id shared-dma-pool

Apr 28 17:42:27 nxp-imx6 kernel: Zone ranges:
......
Apr 28 17:42:27 nxp-imx6 kernel: mmcblk2: mmc2:ccbe SD02G 1.84 GiB
Apr 28 17:42:27 nxp-imx6 kernel: random: crng init done
Apr 28 17:42:27 nxp-imx6 kernel:  mmcblk2: p1 p2

Kernel version:

root@nxp-imx6:~# uname -a

Linux nxp-imx6 5.15.80-yocto-standard #1 SMP PREEMPT Mon Dec 5 17:32:29 
UTC 2022 armv7l armv7l armv7l GNU/Linux




Disabled rng-tools(rngd) and testing read random, we can observe almost 
31.9 MB/s random number was generated from /dev/random with dd command,r 
ngtest also was working well:


root@nxp-imx6:~# rngtest -c 1000 </dev/random
rngtest 6.15
Copyright (c) 2004 by Henrique de Moraes Holschuh

This is free software; see the source for copying conditions. There is 
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR 
PURPOSE.rngtest: starting FIPS tests...

rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=96.820; avg=326.769; max=340.598)Mibits/s
rngtest: FIPS tests speed: (min=15.090; avg=37.543; max=40.324)Mibits/s
rngtest: Program run time: 570229 microseconds
root@nxp-imx6:~#
root@nxp-imx6:~# dd if=/dev/random of=/dev/null status=progress
318916096 bytes (319 MB, 304 MiB) copied, 10 s, 31.9 MB/s^C
676517+0 records in
676516+0 records out
346376192 bytes (346 MB, 330 MiB) copied, 10.8611 s, 31.9 MB/s


Board 3: imx8q with kernel 5.2

crng init stage:

root@nxp-imx8:~# dmesg | grep -C 5 crng

[   13.219541] [VPU Decoder] error: vpu_firmware_download() request fw 
vpu/vpu_fw_imx8_dec.bin failed(-2)

[   13.228465] [VPU Encoder] error: vpu_firmware_download fail
[   13.236340] [VPU Decoder] error: vpu_firmware_download fail
[   13.244367] [VPU Encoder] failed to create encoder ctx

[   13.769137] fsl-audmix 59840000.audmix: Started TDM1 needed for 
config propagation!

[   14.967484] random: crng init done
[   14.969603] random: 7 urandom warning(s) missed due to ratelimiting

[   15.724775] fsl-audmix 59840000.audmix: Started TDM1 needed for 
config propagation!

[   39.911462] can-en: disabling
[   39.913138] can-stby: disabling

Kernel version:

root@nxp-imx8:~# uname -a

Linux nxp-imx8 5.2.60-yocto-standard #1 SMP PREEMPT Mon Feb 28 13:28:52 
UTC 2022 aarch64 aarch64 aarch64 GNU/Linux



Disabled the rngd and reboot again, the system available entropy very low:

root@nxp-imx8:~# cat /proc/sys/kernel/random/entropy_avail
36

Using dd command to read random was blocked until break by manual:

root@nxp-imx8:~# dd if=/dev/random of=/dev/null status=progress
^C0+0 records in
0+0 records out
0 bytes copied, 3.96411 s, 0.0 kB/s


The rngtest util also was blocked until break by manual:

root@nxp-imx8:~# ps -ef |grep rng
root         459     448  0 13:42 pts/0    00:00:00 grep rng
root@nxp-imx8:~# rngtest -c 1000 </dev/random
rngtest 6.7
Copyright (c) 2004 by Henrique de Moraes Holschuh

This is free software; see the source for copying conditions. There is 
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR 
PURPOSE.rngtest: starting FIPS tests...

^Crngtest: bits received from input: 48
rngtest: FIPS 140-2 successes: 0
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=0.000; avg=0.000; max=0.000)bits/s
rngtest: FIPS tests speed: (min=0.000; avg=0.000; max=0.000)bits/s
rngtest: Program run time: 91647889 microseconds
root@nxp-imx8:~#





Br,

Xiangyu





Thanks,

Xiangyu


---

   .../rng-tools/rng-tools/aarch64/default               | 11 
+++++++++++

   1 file changed, 11 insertions(+)

   create mode 100644 
meta/recipes-support/rng-tools/rng-tools/aarch64/default



diff --git 
a/meta/recipes-support/rng-tools/rng-tools/aarch64/default 
b/meta/recipes-support/rng-tools/rng-tools/aarch64/default

new file mode 100644
index 0000000000..5a2fbcc9ef
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/aarch64/default
@@ -0,0 +1,11 @@

+# With the default jitter options Arm CPU-based devices typically 
experience
+# continuous high CPU utilisation for several minutes after rngd 
starts.

+# See https://gitlab.alpinelinux.org/alpine/aports/-/issues/13035 and
+# https://github.com/nhorman/rng-tools/issues/150

+# In order to address this the following configuration changes 
have been made:

+#

+#   - reduce the number of threads used to 1 in total, rather than 
1 per core.
+#   - reduce the buffer size from 16535 to 4133 which reduces the 
time taken

+#     to fill the buffer (and so reduces the duration of CPU load).
+#

+EXTRA_ARGS="-r /dev/hwrng -O jitter:buffer_size:4133 -O 
jitter:refill_thresh:4133 -O jitter:thread_count:1"












-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174433): 
https://lists.openembedded.org/g/openembedded-core/message/174433
Mute This Topic: https://lists.openembedded.org/mt/94701000/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-























					Reply via email to