Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 660812 - =sys-kernel/gentoo-sources-{4.14.52,4.16.18,4.17.6}: x11-misc/sddm hangs until kernel outputs "random: crng init done"
Summary: =sys-kernel/gentoo-sources-{4.14.52,4.16.18,4.17.6}: x11-misc/sddm hangs unti...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 3 votes (vote)
Assignee: LxQt maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-09 16:57 UTC by Till Schäfer
Modified: 2019-10-27 17:04 UTC (History)
12 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
journald.log of affected boot (journald.log,288.52 KB, text/x-log)
2018-07-09 16:57 UTC, Till Schäfer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Till Schäfer 2018-07-09 16:57:08 UTC
Created attachment 538996 [details]
journald.log of affected boot

When I boot the system, it takes a very long time until sddm shows up. When typing something to the keyboard (e.g. switching to another terminal an log in) sddm startup gets much faster. I have notived that the delay is aligned to the kernel message 

random: crng init done

Example: 
[    4.234107] IPv6: ADDRCONF(NETDEV_UP): wlp4s0: link is not ready
[    7.155093] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
[    7.155150] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready
[  253.218244] random: crng init done
[  253.218250] random: 7 urandom warning(s) missed due to ratelimiting

I have attached a journald log of a delayed boot (see 18:16:57)

Thus, this appears to be some entropy problem from my POV. Searching the net I found several other users reporting similar issues: 


https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done
https://bugzilla.redhat.com/show_bug.cgi?id=1572944

# emerge --info
Portage 2.3.40 (python 3.5.5-final-0, default/linux/amd64/17.0/desktop/plasma/systemd, gcc-7.3.0, glibc-2.26-r7, 4.16.18-gentoo x86_64)
=================================================================
System uname: Linux-4.16.18-gentoo-x86_64-Intel-R-_Core-TM-_i7-4810MQ_CPU_@_2.80GHz-with-gentoo-2.4.1
KiB Mem:    16387312 total,  12426032 free
KiB Swap:   16777212 total,  16777212 free
Timestamp of repository gentoo: Mon, 09 Jul 2018 14:24:38 +0000
Head commit of repository gentoo: ec552703614f6befc81d4fe77ff0716c31c46a80

Timestamp of repository kde: Mon, 09 Jul 2018 01:43:54 +0000
sh bash 4.4_p12
ld GNU ld (Gentoo 2.30 p2) 2.30.0
app-shells/bash:          4.4_p12::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.24.3-r1::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.5.5::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.11.6-r3::gentoo, 1.15.1-r2::gentoo
sys-devel/binutils:       2.30-r2::gentoo
sys-devel/gcc:            7.3.0-r3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers)
sys-libs/glibc:           2.26-r7::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000

kde
    location: /var/lib/layman/kde
    sync-type: laymansync
    sync-uri: https://github.com/gentoo-mirror/kde.git
    masters: gentoo
    priority: 50

local_overlay
    location: /usr/local/portage
    masters: gentoo
    priority: 100

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -ggdb"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.3/conf"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.1/ext-active/ /etc/php/cgi-php7.1/ext-active/ /etc/php/cli-php7.1/ext-active/ /etc/portage/package.accept_keywords/99-autounmask /etc/portage/package.unmask/99-autounmask /etc/portage/package.use/99-autounmask /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=native -ggdb"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask-write --autounmask-continue --jobs=2 --load-average=8"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms sign splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi activities aes alsa amd64 apng avx avx2 bash-completion berkdb bluetooth branding brotli bzip2 cairo cdaudio cdda cddb cdparanoia cdr chm cli crypt cryptsetup cups cxx dbus declarative djvu dnssec dri dri3 dts dvd dvdr egl emboss encode epub evdev exif f16c fam ffmpeg flac fma3 fortran gdbm gif glamor gles glib gpg gpm gstreamer gtk gzip iconv icu id3tag idn imagemagick inotify ipv6 irc jpeg jpeg2k kde kipi kwallet lame lcms ldap libnotify libsamplerate libtirpc lzma mad matroska mmx mmxext mng modules mp3 mp4 mpeg mplayer mtp multilib musicbrainz ncurses networkmanager nls nptl ntp ogg opengl openmp openvpn opus otr pam pango pclmul pcre pdf phonon plasma pm-utils png policykit popcnt ppds pulseaudio qemu qml qt5 quicktime rar readline real rss sdl seccomp semantic-desktop spell spice sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg systemd taglib tcpd theora threads thumbnail tiff truetype twolame udev udisks uefi unicode upower usb v4l v4l2 vaapi vcd vim-syntax visualization vorbis vpx wavpack wayland widgets wifi wma wmf wxwidgets x264 x265 xattr xcb xcomposite xinerama xml xv xvid xvidv xvmc xz zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="intel nouveau modesetting" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Amit Prakash Ambasta 2018-07-11 08:26:06 UTC
Also affects gdm on systemd.. the issue exists across distributions and probably due to a kernel change as specified here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572


My currentl work around has been to install sys-apps/rng-tools[jitterentropy] right now which has brought down the boot time from up to 5 minutes to 13s
Comment 2 Amel Hodzic 2018-07-11 08:34:19 UTC
This seems to have been backported upstream, so it's likely to affect >=kernel-4.8

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
Comment 3 PrSo 2018-07-13 19:26:22 UTC
I had similar situation with my machine, and as it comes out, this was not a kernel bug.

I suppose that something has changed with crng initialization because of CVE-2018-1108.

You should install sys-apps/rng-tools, set it up accordingly to your needs/hardware in "/etc/conf.d/rngd" and add it to the boot level:
"rc-update add rngd boot".

Boot delay should be mitigated.
Comment 4 PrSo 2018-07-13 19:30:31 UTC
I have just spotted that you are using systemd so:
"systemctl enable rngd.service"
Comment 5 Viacheslav Ostroukh 2018-07-14 11:31:22 UTC
I had the same problem on stable sys-kernel/gentoo-sources-4.14.52 and stable x11-misc/sddm-0.17.0-r4. IMHO this means that rngd should become a dependency of sddm.
Comment 6 Nikos Chantziaras 2018-07-15 06:10:31 UTC
Same here. SDDM doesn't start X until this point:

[   13.177997] r8169 0000:06:00.0 eth0: link up
[   13.178017] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   56.959275] random: crng init done
[   56.959278] random: 6 urandom warning(s) missed due to ratelimiting

and then I have to press random keys on the keyboard for X to start.
Comment 7 Mike Pagano gentoo-dev 2018-07-15 22:02:05 UTC
Not sure why Jonas assigned this to the kernel.  This patch is in kernels >=4.17.0 and 4.16 is now EOL.

Assigning to sddm maintainers for their thoughts about the dependency and keeping kernel project on CC in case we need to do something here.

Picking on KDE team, since the user appears to be using the DM.
Comment 8 Nikos Chantziaras 2018-07-16 06:57:39 UTC
(In reply to Mike Pagano from comment #7)
> Not sure why Jonas assigned this to the kernel.  This patch is in kernels
> >=4.17.0 and 4.16 is now EOL.

I'm on 4.14, which exhibits the same problem, and it's obviously not EOL.
Comment 9 Till Schäfer 2018-07-16 12:58:19 UTC
The problem persists for 4.17.6.
Comment 10 Till Schäfer 2018-07-18 13:31:10 UTC
There is some broader discussion going on regarding this topic: https://www.phoronix.com/scan.php?page=news_item&px=Linux-Protect-User-Entropy
Comment 11 PrSo 2018-07-18 20:21:28 UTC
There are plans to introduce kernel config option to enable hardware CPU's randr and include it to entropy pool which will mitigate the boot delay.

https://lkml.org/lkml/2018/7/17/1279
Comment 12 Nikos Chantziaras 2018-07-20 17:16:16 UTC
(In reply to PrSo from comment #11)
> There are plans to introduce kernel config option to enable hardware CPU's
> randr and include it to entropy pool which will mitigate the boot delay.
> 
> https://lkml.org/lkml/2018/7/17/1279

Only if the CPU supports it. Not all do.
Comment 13 PrSo 2018-07-20 20:31:52 UTC
Second that, but there could be an alternative besides rng-tools (for those that have such CPU)
Comment 14 Vladimir 2018-07-22 17:57:57 UTC
Same here. 
Workaround for me: emerger haveged and enable it.
Comment 15 Andreas Sturmlechner gentoo-dev 2018-11-26 22:43:10 UTC
Linux kernel >=4.19.0 has a new option, with this enabled, the issue is fixed on my systemd box.

RANDOM_TRUST_CPU - Trust the CPU manufacturer to initialize Linux's CRNG

> Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or
> RDRAND, IBM for the S390 and Power PC architectures) is trustworthy
> for the purposes of initializing Linux's CRNG.  Since this is not
> something that can be independently audited, this amounts to trusting
> that CPU manufacturer (perhaps with the insistence or mandate
> of a Nation State's intelligence or law enforcement agencies)
> has not installed a hidden back door to compromise the CPU's
> random number generation facilities. This can also be configured
> at boot with "random.trust_cpu=on/off".
Alternative userspace solutions mentioned in this bug:
sys-apps/haveged
sys-apps/rng-tools

Maybe this in-kernel option also works, in case people have the hardware:
CONFIG_HW_RANDOM


It seems that, since this bug was reported for more DMs than sddm, it would not be enough for those informations to be only disclosed via sddm ebuild. Thusly reassigning to systemd proj for coordination.