Re: regarding the changes to kernel entropy gathering

To: Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost>
Subject: Re: regarding the changes to kernel entropy gathering
From: "Greg A. Woods" <woods%planix.ca@localhost>
Date: Mon, 05 Apr 2021 09:43:10 -0700

At Mon, 5 Apr 2021 16:13:55 +1200, Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost> wrote:
Subject: Re: regarding the changes to kernel entropy gathering
>
> The current implementation prints out a message whenever it blocks a
> process that wants randomness, which immediately makes this
> implementation superior to all others that I have ever seen. The
> number of times I've logged into systems that have stalled on boot and
> made them finish booting by running "ls -lR /" over the past 20 years
> are too many to count. I don't know if I just needed to wait longer
> for the boot to finish, or if generating entropy was the fix, and I
> will never know. This is nuts.

Indeed!

> We can use the message to point the system administrator to a manual
> page that tells them what to do, and by "tells them what to do", I
> mean in plain simple language, right at the top of the page, without
> scaring them.

Excellent idea!  :-)

However I have been wondering if sending the message just to the
console, and logging it, say in /var/log/kern, is sufficient.

It still took me a very long time to find the existing new message
because I don't hang out on the console -- this is a VM, after all, and
it's running in a city almost exactly 4200km driving distance from me
too!  As-is I feel I hang out on the console more often than the average
admin who doesn't use a physical console, and of course infinitely more
often than any user who doesn't admin his own server.

I have added the following comment to the kernel to remind me to think
more about this, as a uprintf(9) at the same time would pop right up on
the actual user's session too:

--- kern_entropy.c.~1.30.~	2021-03-07 17:23:05.000000000 -0800
+++ kern_entropy.c	2021-04-03 11:25:31.667067667 -0700
@@ -1306,7 +1306,7 @@

 		/* Wait for some entropy to come in and try again.  */
 		KASSERT(E->stage >= ENTROPY_WARM);
-		printf("entropy: pid %d (%s) blocking due to lack of entropy\n",
+		printf("entropy: pid %d (%s) blocking due to lack of entropy\n", /* xxx uprintf() instead/also? */
 		       curproc->p_pid, curproc->p_comm);

 		if (ISSET(flags, ENTROPY_SIG)) {

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgp7KVr73jWkQ.pgp
Description: OpenPGP Digital Signature

References:
- regarding the changes to kernel entropy gathering
  - From: Greg A. Woods
- Re: regarding the changes to kernel entropy gathering
  - From: Lloyd Parkes

Prev by Date: Re: regarding the changes to kernel entropy gathering
Next by Date: Re: regarding the changes to kernel entropy gathering
Previous by Thread: Re: regarding the changes to kernel entropy gathering
Next by Thread: Re: regarding the changes to kernel entropy gathering
Indexes:

Home | Main Index | Thread Index | Old Index