Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp4058973imd;
        Mon, 29 Oct 2018 17:20:17 -0700 (PDT)
X-Google-Smtp-Source: AJdET5elChaYZw0uaieDPN5oebcSgxHcBCFyrEOhM+YtQSYIS22w+lwl1Kn+VeNYxL43qA4sbpsf
X-Received: by 2002:a63:2019:: with SMTP id g25-v6mr15900588pgg.235.1540858817008;
        Mon, 29 Oct 2018 17:20:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540858816; cv=none;
        d=google.com; s=arc-20160816;
        b=fpz9ycRIKWvb410l6NPaxa/d6QywJ4W+uUed3h9pa1jwnf3j33nIam7aDZBZZnHRgW
         phH1JNH/qkzaLwmn9yTmW3yDUd3DkFhXIX+Lk+pcPwOqX1+1UAidPLKiULlqDe2Ub/uE
         fpbJ87RNHfs1SQ+Htgz56Z3fF8uckF8nUxmG18a/8e8LdD7K4eS2j27ciyxYv4AdxZ+Q
         GbM0Sb7H8gy5JKO5nToyzGY+kSl1IxyWx2sFXF5WLwkuKhBhS3viE65r6yURmGtGiAFF
         6PKbXn3/lkONzIG66ol8wBLacauYuZPpkYvLkVc1ywdpMQ9YMUA57FIZAQyfiWlbphDn
         w0rQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:message-id:subject:cc:to:from:date;
        bh=LLOY2f39Dsl4z3Qb5wHXuJ92rx+gp58T235Ovjsdkkk=;
        b=itZ61O8xOuYYWY40wh8hstqzne2oDXR5HviXgd0h8rbBNEH5SBJZdar3LfrrzDhedJ
         cK0VA37AfcdYgD2CwKSGRlazxZ0Bp+1zm5kbDRAGMUQvRAxEu51p1jEc5jQijYY+Y2D8
         uuWqfgVN1wQWiGkWrXXMmDUVxGk1FD7LCRPJlwriv9yVOACdu0nHN91C6r0VShKRDx5i
         iq3TkofG9PzzpBsFgbqVQT52rC+L21eLYs8/dESRkA33ZkEwcPzLJttyTA4vHlhpbF6O
         2nEXY0VPNxYkGz0KJGTA+t9Juvchs5NpJj7nGCm19ZodpcMgg8PdCRQ1eWfUBK+Are/9
         FQhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b41-v6si21832871pla.306.2018.10.29.17.19.59;
        Mon, 29 Oct 2018 17:20:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726061AbeJ3JJY (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Tue, 30 Oct 2018 05:09:24 -0400
Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:37372 "EHLO
        Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1725853AbeJ3JJY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Oct 2018 05:09:24 -0400
Received: from bigeasy by Chamillionaire.breakpoint.cc with local (Exim 4.89)
        (envelope-from <sebastian@breakpoint.cc>)
        id 1gHHjU-00066m-En; Tue, 30 Oct 2018 01:18:08 +0100
Date:   Tue, 30 Oct 2018 01:18:08 +0100
From:   Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To:     Kurt Roeckx <kurt@roeckx.be>, 912087@bugs.debian.org,
        "Package Development List for OpenSSL packages." 
        <pkg-openssl-devel@alioth-lists.debian.net>,
        Theodore Ts'o <tytso@mit.edu>, linux-kernel@vger.kernel.org
Cc:     Bernhard =?utf-8?Q?=C3=9Cbelacker?= <bernhardu@mailbox.org>,
        pkg-systemd-maintainers@lists.alioth.debian.org,
        debian-ssh@lists.debian.org, 912087-submitter@bugs.debian.org
Subject: Re: Bug#912087: openssh-server: Slow startup after the upgrade to
 7.9p1
Message-ID: <20181030001807.7wailpm37mlinsli@breakpoint.cc>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20181029223334.GH10011@roeckx.be>
User-Agent: NeoMutt/20180716
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2018-10-29 23:33:34 [+0100], Kurt Roeckx wrote:
> On Mon, Oct 29, 2018 at 09:58:20PM +0100, Sebastian Andrzej Siewior wrote:
> > On 2018-10-29 18:22:08 [+0100], Kurt Roeckx wrote:
> > > So I believe this is not an openssl issue, but something in the
> > > order that the kernel's RNG is initialized and openssh is started.
> > > Potentionally the RNG isn't initialized at all and you actually
> > > have to wait for the kernel to get it's random data from the slow
> > > way.
> > > 
> > > So I'm reassigning this to systemd and openssh-server, I have no
> > > idea where the problem really is.
> > 
> > I see it, too. So during boot someone invokes "sshd -t" which invokes
> 
> That's:
> ExecStartPre=/usr/sbin/sshd -t
> 
> > 	getrandom(, 32, 0)
> > and this blocks.
> 
> And did systemd-random-seed.service get run before that?

Yes, but it does not matter from what I can see in the code. On my
system this writes 512 to /dev/urandom at timestamp 11.670639. But sshd
does this:

  sshd-2638  [004] .......    22.445819: __x64_sys_getrandom: 1| 32 0
sshd asks for 32 bytes (flags = 0)

  sshd-2638  [004] .......    22.445824: __x64_sys_getrandom: 2
-> crng_ready() is not true so we wait_for_random_bytes()

  sshd-3164  [004] .......   117.577454: __x64_sys_getrandom: 3
-> "crng init done", sshd's getrandom() resumed.

The problem is that the entropy is added but the entropy count is not
increased. So we wait.

Using ioctl(/dev/urandom, RNDADDENTROPY, ) instead writting to
/dev/urandom would do the trick. Or using RNDADDTOENTCNT to increment
the entropy count after it was written. Those two are documented in
random(4). Or RNDRESEEDCRNG could be used to force crng to be reseeded.
It does also the job, too.

Ted, is there any best practise what to do with the seed which as
extrected from /dev/urandom on system shutdown? Using RNDADDTOENTCNT to
speed up init or just write to back to urandom and issue RNDRESEEDCRNG?

> Kurt

Sebastian