NetBSD Problem Report #52695

From martin@duskware.de  Fri Nov  3 13:48:57 2017
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 571447A0F3
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  3 Nov 2017 13:48:57 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: rndc-confgen takes forever
X-Send-Pr-Version: 3.95

>Number:         52695
>Category:       bin
>Synopsis:       rndc-confgen takes forever
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 03 13:50:00 +0000 2017
>Last-Modified:  Fri Nov 03 18:10:01 +0000 2017
>Originator:     Martin Husemann
>Release:        NetBSD 8.0_BETA
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD unpluged.duskware.de 8.0_BETA NetBSD 8.0_BETA (UNPLUGED) #13: Wed Oct 18 07:12:50 CEST 2017 martin@seven-days-to-the-wolves.aprisoft.de:/work/src-8/sys/arch/evbarm/compile/UNPLUGED evbarm
Architecture: earm
Machine: evbarm
>Description:

Generating a rndc.key for named at first startup takes ages (if not literally),
apparently blocking on select() trying to read random entropy.

If this happens at boot time it will usually happen before sshd comes
up, so you can't even log in and "do something" about it.

On this machine rndctl -l shows:

Source                 Bits Type      Flags
wd1                       8 disk estimate, collect, v, t, dt
wd0                       8 disk estimate, collect, v, t, dt
ucom7                     0 tty  estimate, collect, v, t, dt
ucom6                     0 tty  estimate, collect, v, t, dt
ucom5                     0 tty  estimate, collect, v, t, dt
ucom4                     0 tty  estimate, collect, v, t, dt
ucom3                     0 tty  estimate, collect, v, t, dt
ucom2                     0 tty  estimate, collect, v, t, dt
ucom1                     0 tty  estimate, collect, v, t, dt
ucom0                     0 tty  estimate, collect, v, t, dt
sd1                       0 disk estimate, collect, v, t, dt
sd0                       0 disk estimate, collect, v, t, dt
cpu0                   1389 vm   estimate, collect, v, t, dv
mvgbe1                    0 net  v, t, dt
mvgbe0                    0 net  v, t, dt
system-power              0 power estimate, collect, v, t, dt
autoconf                  8 ???  estimate, collect, t, dt
printf                    0 ???  collect


>How-To-Repeat:

enable named in /etc/rc.conf

>Fix:
n/a

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/52695: rndc-confgen takes forever
Date: Fri, 3 Nov 2017 14:51:32 +0100

 Here is a backtrace:

 #0  0xbb574088 in _sys___select50 () from /usr/lib/libc.so.12
 #1  0xbbb86314 in __select50 (nfds=4, readfds=readfds@entry=0xbfffe2f0, 
     writefds=writefds@entry=0xbfffe310, exceptfds=<optimized out>, timeout=0x0)
     at /work/src-8/lib/libpthread/pthread_cancelstub.c:514
 #2  0xbbbe1930 in wait_for_sources (ent=0xbb314000)
     at /work/src-8/external/bsd/bind/dist/lib/isc/unix/entropy.c:438
 #3  fillpool (ent=ent@entry=0xbb314000, desired=desired@entry=128, 
     blocking=isc_boolean_true)
     at /work/src-8/external/bsd/bind/dist/lib/isc/unix/entropy.c:357
 #4  0xbbbe1dac in isc_entropy_getdata (ent=0xbb314000, data=0xbfffe4e0, 
     length=length@entry=16, returned=returned@entry=0x0, flags=5)
     at /work/src-8/external/bsd/bind/dist/lib/isc/unix/../entropy.c:590
 #5  0xbbc94590 in dst__entropy_getdata (buf=buf@entry=0xbfffe4e0, 
     len=len@entry=16, pseudo=pseudo@entry=isc_boolean_false)
     at /work/src-8/external/bsd/bind/dist/lib/dns/dst_api.c:1951
 #6  0xbbc8c450 in hmacmd5_generate (key=0xbb316000, pseudorandom_ok=0, 
     callback=<optimized out>)
     at /work/src-8/external/bsd/bind/dist/lib/dns/hmac_link.c:171
 #7  0xbbc925e8 in dst_key_generate2 (name=0xbbe530f8, alg=alg@entry=157, 
     bits=bits@entry=128, param=param@entry=0, flags=0, 
     protocol=protocol@entry=255, rdclass=rdclass@entry=1, 
     mctx=mctx@entry=0xbb3090e0, keyp=keyp@entry=0xbfffe5f4, 
     callback=callback@entry=0x0)
     at /work/src-8/external/bsd/bind/dist/lib/dns/dst_api.c:975
 #8  0xbbc92728 in dst_key_generate (name=<optimized out>, alg=alg@entry=157, 
     bits=bits@entry=128, param=param@entry=0, flags=flags@entry=0, 
     protocol=protocol@entry=255, rdclass=rdclass@entry=1, 
     mctx=mctx@entry=0xbb3090e0, keyp=keyp@entry=0xbfffe5f4)
     at /work/src-8/external/bsd/bind/dist/lib/dns/dst_api.c:937
 #9  0x00011758 in generate_key (mctx=0xbb3090e0, randomfile=<optimized out>, 
     alg=<optimized out>, keysize=128, key_txtbuffer=0xbfffe708)
     at /work/src-8/external/bsd/bind/dist/bin/confgen/keygen.c:177
 #10 0x0001228c in main (argc=<optimized out>, argv=<optimized out>)
     at /work/src-8/external/bsd/bind/dist/bin/confgen/rndc-confgen.c:246


 It stays this way for hours.

 Martin

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: re: bin/52695: rndc-confgen takes forever
Date: Sat, 04 Nov 2017 05:07:12 +1100

 can we run this in the background, or does named itself need it around
 to start at all?

 could we restart/reload named when it finished?

 alternatively, patch it to use /dev/urandom...ugh.


 .mrg.

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: re: bin/52695: rndc-confgen takes forever
Date: Sat, 04 Nov 2017 05:08:23 +1100

 alternatively, re-fix rndc to have a local socket so it doesn't _need_
 the crypto configuration to talk to the local host, just root is good.

 it's bothered me that this is necessary now, but it's good our rc.d
 does the setup for you now days (it didn't for a while), except it now
 has a new problem...

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.