NetBSD Problem Report #55783

From martin@aprisoft.de  Wed Nov  4 10:42:04 2020
Return-Path: <martin@aprisoft.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 58A551A9246
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  4 Nov 2020 10:42:04 +0000 (UTC)
Message-Id: <20201104092454.6DE605CC7A1@emmas.aprisoft.de>
Date: Wed,  4 Nov 2020 10:24:54 +0100 (CET)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: rndctl -L broken
X-Send-Pr-Version: 3.95

>Number:         55783
>Category:       bin
>Synopsis:       rndctl -L broken
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 04 10:45:00 +0000 2020
>Last-Modified:  Tue Jan 12 07:00:01 +0000 2021
>Originator:     Martin Husemann
>Release:        NetBSD 9.99.74
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD h-pulse.aprisoft.de 9.99.74 NetBSD 9.99.74 (GENERIC64) #160: Tue Oct 20 20:56:57 CEST 2020 martin@seven-days-to-the-wolves.aprisoft.de:/work/src/sys/arch/evbarm/compile/GENERIC64 evbarm
Architecture: aarch64
Machine: evbarm
>Description:

On a machine with no entropy:

 # sysctl kern.entropy
kern.entropy.collection = 1
kern.entropy.depletion = 0
kern.entropy.consolidate = -16384
kern.entropy.gather = -16384
kern.entropy.needed = 256
kern.entropy.pending = 0
kern.entropy.epoch = 20

I can not add entropy via rndctl -L:
 # rndctl -L /tmp/entropy
 # sysctl kern.entropy
kern.entropy.collection = 1
kern.entropy.depletion = 0
kern.entropy.consolidate = -16384
kern.entropy.gather = -16384
kern.entropy.needed = 256
kern.entropy.pending = 0
kern.entropy.epoch = 21

and there is no diagnostic message telling me what is wrong (epoch > 0 is
a hint, this machine used to have entropy and I manually depleted it for
testing).

>How-To-Repeat:
s/a

>Fix:
n/a

>Audit-Trail:
From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/55783: rndctl -L broken
Date: Tue, 12 Jan 2021 06:58:38 +0000

 The patch below might improve it.  Need to make sure it doesn't cause
 overlapping output like <https://gnats.netbsd.org/55458>, though.


 diff -r 039916e1f0c6 share/man/man4/rnd.4
 --- a/share/man/man4/rnd.4	Sun Jan 10 18:19:10 2021 +0000
 +++ b/share/man/man4/rnd.4	Tue Jan 12 06:56:24 2021 +0000
 @@ -628,6 +628,13 @@ A buggy bootloader tried to provide an e
  the kernel.
  Subsequent seeds will be entered into the entropy pool, but they will
  be considered to contribute no entropy.
 +.It entropy: already seeded
 +A seed was loaded with
 +.Dv RNDADDDATA
 +.Pq e.g., via Ic rndctl -L
 +a second time, or after the bootloader already provided a seed.
 +The seed will be entered into the pool, but it will be considered to
 +contribute no entropy, in case it was actually using the same file.
  .It entropy: ready
  The system has full entropy for the first time.
  .El
 diff -r 039916e1f0c6 sys/kern/kern_entropy.c
 --- a/sys/kern/kern_entropy.c	Sun Jan 10 18:19:10 2021 +0000
 +++ b/sys/kern/kern_entropy.c	Tue Jan 12 06:56:24 2021 +0000
 @@ -2313,7 +2313,9 @@ entropy_ioctl(unsigned long cmd, void *d
  		 */
  		if (privileged && rdata->entropy && rdata->len) {
  			mutex_enter(&E->lock);
 -			if (!E->seeded) {
 +			if (E->seeded) {
 +				printf("entropy: already seeded\n");
 +			} else {
  				entropybits = MIN(rdata->entropy,
  				    MIN(rdata->len, ENTROPY_CAPACITY)*NBBY);
  				E->seeded = true;

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.