At Mon, 5 Apr 2021 16:13:55 +1200, Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > The current implementation prints out a message whenever it blocks a > process that wants randomness, which immediately makes this > implementation superior to all others that I have ever seen. The > number of times I've logged into systems that have stalled on boot and > made them finish booting by running "ls -lR /" over the past 20 years > are too many to count. I don't know if I just needed to wait longer > for the boot to finish, or if generating entropy was the fix, and I > will never know. This is nuts. Indeed! > We can use the message to point the system administrator to a manual > page that tells them what to do, and by "tells them what to do", I > mean in plain simple language, right at the top of the page, without > scaring them. Excellent idea! :-) However I have been wondering if sending the message just to the console, and logging it, say in /var/log/kern, is sufficient. It still took me a very long time to find the existing new message because I don't hang out on the console -- this is a VM, after all, and it's running in a city almost exactly 4200km driving distance from me too! As-is I feel I hang out on the console more often than the average admin who doesn't use a physical console, and of course infinitely more often than any user who doesn't admin his own server. I have added the following comment to the kernel to remind me to think more about this, as a uprintf(9) at the same time would pop right up on the actual user's session too: --- kern_entropy.c.~1.30.~ 2021-03-07 17:23:05.000000000 -0800 +++ kern_entropy.c 2021-04-03 11:25:31.667067667 -0700 @@ -1306,7 +1306,7 @@ /* Wait for some entropy to come in and try again. */ KASSERT(E->stage >= ENTROPY_WARM); - printf("entropy: pid %d (%s) blocking due to lack of entropy\n", + printf("entropy: pid %d (%s) blocking due to lack of entropy\n", /* xxx uprintf() instead/also? */ curproc->p_pid, curproc->p_comm); if (ISSET(flags, ENTROPY_SIG)) { -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpX__9rfh2BN.pgp
Description: OpenPGP Digital Signature