Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
On Monday 18 November 2013 19:29:17 mancha wrote:
Hauke Mehrtens hauke at hauke-m.de writes:
On 10/17/2013 05:40 PM, chrono wrote:
Ahoi everyone,
it was requested on IRC that I send my solution to the entropy problem
with the current
kernel (e.g. having 0 available entropy):
root at OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail
0
A similar patch was applied to trunk in r38834.
Hauke
I provided this backport patch to #openwrt on freenode last week. I am
glad it was included in trunk.
Two important clarifications:
1. The original poster applies his patch to kernel 3.3.8 (it seems) yet
the interface that makes use of get_cycles() in seeding the random
pool wasn't introduced until 3.6. The patch on pre-3.6 kernels
effectively does nothing entropy-wise. Without more comprehensive
backports, there is no similar simple solution for Attitude.
This seems not entirely accurate, as AA has a backport patch for the generic
3.3.8 kernel to add 'add_device_randomness', see
target/linux/generic/patches-3.3/050-rng_git_backport.patch
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -125,21 +125,26 @@
* The current exported interfaces for gathering environmental noise
* from the devices are:
*
+ * void add_device_randomness(const void *buf, unsigned int size);
* void add_input_randomness(unsigned int type, unsigned int code,
*unsigned int value);
- * void add_interrupt_randomness(int irq);
+ * void add_interrupt_randomness(int irq, int irq_flags);
...
+/*
+ * Add device- or boot-specific data to the input and nonblocking
+ * pools to help initialize them to unique values.
+ *
+ * None of this adds any entropy, it is meant to avoid the
+ * problem of the nonblocking pool having similar initial state
+ * across largely identical devices.
+ */
+void add_device_randomness(const void *buf, unsigned int size)
+{
+ unsigned long time = get_cycles() ^ jiffies;
+
+ mix_pool_bytes(input_pool, buf, size, NULL);
...
Would there be anything else needed?
2. You aren't going to see /proc/sys/kernel/random/entropy_avail
affected by this patch because the machine/boot specific seeding
does not credit the entropy count.
--mancha
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Tijs
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
Hauke Mehrtens hauke at hauke-m.de writes: On 10/17/2013 05:40 PM, chrono wrote: Ahoi everyone, it was requested on IRC that I send my solution to the entropy problem with the current kernel (e.g. having 0 available entropy): root at OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail 0 A similar patch was applied to trunk in r38834. Hauke I provided this backport patch to #openwrt on freenode last week. I am glad it was included in trunk. Two important clarifications: 1. The original poster applies his patch to kernel 3.3.8 (it seems) yet the interface that makes use of get_cycles() in seeding the random pool wasn't introduced until 3.6. The patch on pre-3.6 kernels effectively does nothing entropy-wise. Without more comprehensive backports, there is no similar simple solution for Attitude. 2. You aren't going to see /proc/sys/kernel/random/entropy_avail affected by this patch because the machine/boot specific seeding does not credit the entropy count. --mancha ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
On 10/17/2013 05:40 PM, chrono wrote:
Ahoi everyone,
it was requested on IRC that I send my solution to the entropy problem
with the current
kernel (e.g. having 0 available entropy):
root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail
0
In the build root I've patched
build_dir/linux-ar71xx_nand/linux-3.3.8/arch/mips/include/asm/timex.h
--- timex.h?id=refs%2Ftags%2Fv3.3.8 2013-10-17 17:23:12.0 +0200
+++ timex.h 2013-10-17 17:07:59.888938183 +0200
@@ -35,7 +35,13 @@
static inline cycles_t get_cycles(void)
{
- return 0;
+
+ if (cpu_has_counter) {
+ return read_c0_count();
+ }
+ else {
+ return 0; /* no usable counter */
+ }
}
#endif /* __KERNEL__ */
After applying and rebuilding the kernel:
root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail
162
This was tested on mips32r2/24kc (Mikrotik Routerboard 450G) but it
might work
for others as well. Until this is fixed upstream and openwrt follows up
with
the kernel, it might be an easy fix for some people in order to have better
entropy for SSL/VPN.
Hopefully it will be useful to someone,
chrono
A similar patch was applied to trunk in r38834.
Hauke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
Take a look at this ticket: https://dev.openwrt.org/ticket/9631 - Original Message - From: Weedy To: OpenWrt Development List Sent: Friday, October 18, 2013 1:02 AM Subject: Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS On 17 Oct 2013 13:07, chrono chr...@open-resource.org wrote: root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail 0 Uhh ok? root@OpenWrt:~# cat /proc/sys/kernel/random/entropy_avail 1189 What's your uptime? Entropy is added to the pool e.g. based on network activity. The issue is that the pool is empty right after boot up. Well it's not anymore (with the patch). That may be due to the fact that network is the only source of entropy left on MIPS, that is something I personally wouldn't accept as enough anymore. As I reckon there has been a lengthy discussion about it already and many people raised their concerns. ecurity/meldung/Linux-auf-MIPS-jetzt-wieder-mit-mehr-Zufall-1963604.html (sorry for german link) That patch wouldn't work with 3.3.8 due to include dependencies I wasn't willing to follow up. The attached patch will re-enable CPU interrupts as entropy source, at least for AR71xx/mips32r3 and will do so right away, which might also solve issues with hostapd/nginx that require some during init. A, I can see how that might cause issues. I have made some sysctl tweaks and my network always has something going on. So I never noticed. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
On 18/10/13 07:09 AM, José Vázquez Fernández wrote: Take a look at this ticket: https://dev.openwrt.org/ticket/9631 Again, I do not personally have this issue but I can see why it would need to be fixed. $ ssh r...@openwrt.lan 'reboot';sleep 3;while ! ping -c3 openwrt.lan; do sleep 2; done; ssh r...@openwrt.lan 'while :; do cat /proc/sys/kernel/random/entropy_avail; sleep 1; done' ping: unknown host openwrt.lan snip ping: unknown host openwrt.lan PING openwrt.lan (192.168.8.1) 56(84) bytes of data. 64 bytes from OpenWrt.lan (192.168.8.1): icmp_seq=1 ttl=69 time=0.999 ms 64 bytes from OpenWrt.lan (192.168.8.1): icmp_seq=2 ttl=69 time=1.24 ms 64 bytes from OpenWrt.lan (192.168.8.1): icmp_seq=3 ttl=69 time=1.22 ms --- openwrt.lan ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.999/1.158/1.247/0.112 ms 135 139 145 151 snip 200 207 213 218 222 229 232 237 242 snip 363 401 440 478 9 46 87 122 166 203 snip 684 726 762 799 837 snip 1346 1381 1416 1452 1481 1513 snip 1074 1106 1161 1197 1231 1263 snip 1270 1304 1347 1385 snip 1091 1123 1156 1185 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
Ahoi everyone,
it was requested on IRC that I send my solution to the entropy problem
with the current
kernel (e.g. having 0 available entropy):
root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail
0
In the build root I've patched
build_dir/linux-ar71xx_nand/linux-3.3.8/arch/mips/include/asm/timex.h
--- timex.h?id=refs%2Ftags%2Fv3.3.8 2013-10-17 17:23:12.0
+0200
+++ timex.h 2013-10-17 17:07:59.888938183 +0200
@@ -35,7 +35,13 @@
static inline cycles_t get_cycles(void)
{
- return 0;
+
+ if (cpu_has_counter) {
+ return read_c0_count();
+ }
+ else {
+ return 0; /* no usable counter */
+ }
}
#endif /* __KERNEL__ */
After applying and rebuilding the kernel:
root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail
162
This was tested on mips32r2/24kc (Mikrotik Routerboard 450G) but it
might work
for others as well. Until this is fixed upstream and openwrt follows up
with
the kernel, it might be an easy fix for some people in order to have
better
entropy for SSL/VPN.
Hopefully it will be useful to someone,
chrono
--
Apollo-NG Mobile Hackerspace
https://apollo.open-resource.org/
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
On Thu, Oct 17, 2013 at 11:40 AM, chrono chr...@open-resource.org wrote: Ahoi everyone, it was requested on IRC that I send my solution to the entropy problem with the current kernel (e.g. having 0 available entropy): root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail 0 Uhh ok? root@OpenWrt:~# cat /proc/sys/kernel/random/entropy_avail 1189 This was tested on mips32r2/24kc (Mikrotik Routerboard 450G) but it might root@OpenWrt:~# cat /proc/cpuinfo system type: Atheros AR9344 rev 2 machine: TP-LINK TL-WDR3600/4300/4310 processor: 0 cpu model: MIPS 74Kc V4.12 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
On Thu, Oct 17, 2013 at 6:32 PM, Weedy weedy2...@gmail.com wrote:
On Thu, Oct 17, 2013 at 11:40 AM, chrono chr...@open-resource.org wrote:
Ahoi everyone,
it was requested on IRC that I send my solution to the entropy problem with
the current
kernel (e.g. having 0 available entropy):
root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail
0
Uhh ok?
root@OpenWrt:~# cat /proc/sys/kernel/random/entropy_avail
1189
What's your uptime? Entropy is added to the pool e.g. based on network
activity. The issue is that the pool is empty right after boot up.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say programmer or something like that.
-- Linus Torvalds
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail 0 Uhh ok? root@OpenWrt:~# cat /proc/sys/kernel/random/entropy_avail 1189 What's your uptime? Entropy is added to the pool e.g. based on network activity. The issue is that the pool is empty right after boot up. Well it's not anymore (with the patch). That may be due to the fact that network is the only source of entropy left on MIPS, that is something I personally wouldn't accept as enough anymore. As I reckon there has been a lengthy discussion about it already and many people raised their concerns. ecurity/meldung/Linux-auf-MIPS-jetzt-wieder-mit-mehr-Zufall-1963604.html (sorry for german link) That patch wouldn't work with 3.3.8 due to include dependencies I wasn't willing to follow up. The attached patch will re-enable CPU interrupts as entropy source, at least for AR71xx/mips32r3 and will do so right away, which might also solve issues with hostapd/nginx that require some during init. chrono -- Apollo-NG Mobile Hackerspace https://apollo.open-resource.org/ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Quick hack for kernel entropy problem on MIPS
On 17 Oct 2013 13:07, chrono chr...@open-resource.org wrote: root@OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail 0 Uhh ok? root@OpenWrt:~# cat /proc/sys/kernel/random/entropy_avail 1189 What's your uptime? Entropy is added to the pool e.g. based on network activity. The issue is that the pool is empty right after boot up. Well it's not anymore (with the patch). That may be due to the fact that network is the only source of entropy left on MIPS, that is something I personally wouldn't accept as enough anymore. As I reckon there has been a lengthy discussion about it already and many people raised their concerns. ecurity/meldung/Linux-auf-MIPS-jetzt-wieder-mit-mehr-Zufall-1963604.html (sorry for german link) That patch wouldn't work with 3.3.8 due to include dependencies I wasn't willing to follow up. The attached patch will re-enable CPU interrupts as entropy source, at least for AR71xx/mips32r3 and will do so right away, which might also solve issues with hostapd/nginx that require some during init. A, I can see how that might cause issues. I have made some sysctl tweaks and my network always has something going on. So I never noticed. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
