[LEDE-DEV] Update to util-linux 2.30.1 breaks x86_64 squashfs-combined
Syrone Wong
wong.syrone at gmail.com
Fri Sep 29 18:29:43 PDT 2017
It seems security is ignored completely. getrandom() makes sure it
gets initialized before reading any random numbers.
The correct way is to backport new random facilities to old kernels or
just switch all old kernels to the new one.
Prevent getrandom() is a dangerous workaround to bypass the real problem.
PS: I have a partially backported one located at [0] if anyone has interest
[0]: https://github.com/wongsyrone/lede-1/blob/master/target/linux/generic/pending-4.4/999-02-backport-random.patch
Best Regards,
Syrone Wong
On Sat, Sep 30, 2017 at 9:18 AM, Florian Fainelli <f.fainelli at gmail.com> wrote:
>
>
> On 09/29/2017 06:01 PM, Philip Prindeville wrote:
>>
>>> On Sep 29, 2017, at 4:39 AM, Felix Fietkau <nbd at nbd.name> wrote:
>>>
>>> On 2017-09-29 12:20, Felix Fietkau wrote:
>>>> On 2017-09-11 02:33, Philip Prindeville wrote:
>>>>> Changing the subject from the previous thread as it turned out to not have to do with sysupgrade at all.
>>>>>
>>>>> What I can tell is this, having added some tracing to fstools.
>>>>>
>>>>> We get to the call to system() in rootdisk_volume_init():
>>>>>
>>>>> https://git.lede-project.org/?p=project/fstools.git;a=blob;f=libfstools/rootdisk.c;h=dd00c1b4e5b4aa9b748610fa3e93d301a67101a7;hb=HEAD#l269
>>>>>
>>>>> and it never seems to return. The value of “str” is “mkfs.f2fs -q -l rootfs_data /dev/loop0”.
>>>>>
>>>>> What would cause this to hang rather than return an error?
>>>> I've used sysrq to trace this and found out that it's hanging in the
>>>> getrandom system call, which could be used through util-linux library
>>>> code. That also explains why the update broke it.
>>>>
>>>> I will prepare a patch that forces util-linux to stick to /dev/urandom
>>>> instead - that should hopefully fix this for good.
>>> Pushed the fix, please test.
>>>
>>> - Felix
>>
>>
>> Tested on x86_64. Seems to work.
>
> To avoid patching mored packages in the future, would it make sense to
> LD_PRELOAD a library which overrides the SYS_getrandom() with a non
> blocking version/early return at appropriate times during system
> boot/upgrades which would suffer from low entropy?
> --
> Florian
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list