Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Oct 2020 04:05:37 +0100
From:      tech-lists <tech-lists@zyxst.net>
To:        freebsd-questions@freebsd.org
Subject:   errors happening with /usr/libexec/save-entropy on 12.1-p10
Message-ID:  <20201011030537.GA30207@rpi4.gilescoppice.lan>

Next in thread | Raw E-Mail | Index | Archive | Help

--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I've noticed recently in the daily security email that *sometimes* when
this is run out of /etc/crontab on a 12.1-p10 system:

# Save some entropy so that /dev/random can re-seed on boot.
*/11    *       *       *       *       operator
/usr/libexec/save-entropy

that it'll generate an error visible in the security email like this:

[redacted] kernel log messages: +pid 12995 (dd), uid 2 inumber 2086730
on /: filesystem full

(the filesystem has plenty of inodes spare and plenty of space)

It's the only one I've seen so far (12.1-p10) with this issue. 12-stable
doesn't have this problem, but the /usr/libexec/save-entropy is=20
significantly different:

[12.1-p10 snip]
umask 377

n=3D$(( ${entropy_save_num} - 1 ))
while [ ${n} -ge 1 ]; do
         if [ -f "saved-entropy.${n}" ]; then
                 mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
         elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
                 logger -is -t "$0" \
         "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
             it will not be rotated. Entropy file rotation is aborted.
                 exit 1
         fi
         n=3D$(( ${n} - 1 ))
done

dd if=3D/dev/random of=3Dsaved-entropy.1 bs=3D${entropy_save_sz} count=3D1 =
2>/dev/null

exit 0
[snip]

Weird umask too. What's also weird is that it doesn't happen when it's
*not* expected to be under load.

$FreeBSD: stable/12/libexec/save-entropy/save-entropy.sh 355748
2019-12-14 09:49:09Z delphij $ has this:

[12-stable-r365826-snip]

# 3. Check if the pointer we have in hand is really a regular file or
#    an empty slot, and bail out as that means there is no available slot.
#
if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
         logger -is -t "$0" \
                 No available slot in "${entropy_dir}", save entropy is abo=
rted.
         exit 1
fi

# Save entropy to the selected slot.
chmod 600 "${save_file}" 2>/dev/null || :
dd if=3D/dev/random of=3D"${save_file}" bs=3D${entropy_save_sz} count=3D1 2=
>/dev/null
chflags nodump "${save_file}" 2>/dev/null || :
fsync "${save_file}" "."

[snip]

What I'm asking is, would transplanting a working 12-stable /usr/libexec/sa=
ve-entropy=20
into the 12.1-p10 system having the problem be a simple fix or are there
other things I've not considered, like the entropy subsystem being=20
significantly modified between 12.1-R and recent 12-stable?

thanks,
--=20
J.

--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAl+CdngACgkQs8o7QhFz
NAXxFQ/+KwmWfp2gpeWIrDZlb9okyNq4veCTJk9z+NCUGxE0FngYiTLGa+65el4U
tnphFtMpfEAQOHa61vwytsm605krlX6ULWaxfjJULvFDiQbNY6urbrW3i0uM7dgt
jIJznmFp4bpsfDLtz/+yr+tART2+OgevqPSaVnSuEnBnht8XPyWM0TeO97jFhrUq
/mpnQAxVYlfdGjFjSGd2PIdO+dxSTwCxTzOoBZD5hVMzgs0zSIJeHBHS8hIYqHE5
Ulp4N8BMCp+WsAu3v+zgv9gObotyNWC92K0mj5XivRvbnfTd7uh6nK1Mlaw+mTra
iCNH+b60V3/5YqQ+20RiH6nMz3tT3au6i4CptP3f8oVxH5FX25BvV6GszwIzIcE6
XwHu/9sfkdk6K+LfunYg0zci5/s/ZgSimp+l2VSCeErm1xjRLX219t5rwgfqAysp
C31lME6aOCZS6BaQ63yZK3TPBF7HASaUzwkgBd/IB15o1uTIq4tEXoCLUz7g/C70
pmfbgUNwteSYiXix0JhX9ZmA4Y8o3pBkN4z/j9d6vXdrrMswvy2vDBkQAHwyRZll
b7zVbRL2d4n0xD/Ju1ZNtPKWMw0iKtqC3OCdtlWutBOnw+83+i7eLB/Bk7PNulGG
aSN/ykSe8NETdnZgyUKB1UUoRAnnSkAWDnzp6URO/KVkqkgKOlM=
=+gov
-----END PGP SIGNATURE-----

--BOKacYhQ+x31HxR3--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20201011030537.GA30207>