Welcome! Log In Create A New Profile

Advanced

Problems with urandom device!

Posted by John 
John
Problems with urandom device!
April 07, 2011 02:44PM
Okay, so this has been a kind of an odd/hard to track issue. I've
looked for bug reports, and wanted to verify to see if anyone else has
seen this behaviour before or knows what may be going on.

I've got two vm's running RHEL6 and a custom compiled php-5.3.5
running php-fpm with chrooted site pools. I have had, in the past,
problems with running out of random numbers due to low entropy. I
thought this was related but it's not as I've fixed the low entropy
problem.

/dev/urandom is never supposed to block. But it is blocking,
sometimes.

I have a /dev/urandom (created with mknod c 1 9 urandom) in the
jails. I can successfully get a wordpress ldap plugin to connect via
ldaps. Most of the time. But sometimes it will stop working, and
will never return to working condition until something happens with
the device file. I may implement a temporary workaround, the problem
is I don't know how often I'm going to need to adjust the file (i.e.
head -128 dev/urandom|rngtest appears to have temporarily solved it,
as has changing the permissions on the file).

An strace of the php-fpm pools shows the following system call
failures:
[pid 24271] open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1
EINVAL (Invalid argument)
[pid 24271] open("/dev/random", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1
ENOENT (No such file or directory)
[pid 24271] open("/dev/srandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1
ENOENT (No such file or directory)


/dev/random and /dev/srandom don't exist, so that's normal. But /dev/
urandom's EINVAL error indicates it blocked, which it should never do
according to everything I've found on how urandom works.

I think I am going to file a bug report on this one, but has anyone
else seen this happen?

Thanks,

John
Antony Dovgal
Re: Problems with urandom device!
April 08, 2011 04:16AM
On 04/07/2011 10:37 PM, John wrote:
> I think I am going to file a bug report on this one, but has anyone
> else seen this happen?

File a bug report on /dev/urandom or on open()?

'Cause I don't see how that can be a problem with an _application_ using a syscall to read your /dev/urandom.
I would look in the direction of /dev/urandom details first.
Since you're using chroot, you've obviously created all those pseudo-devices yourself,
so it must have something to do with that, not with an application using open() syscall and blocking.

--
Wbr,
Antony Dovgal
---
http://pinba.org - realtime statistics for PHP
John Muir
Re: Problems with urandom device!
April 12, 2011 10:26AM
Good question,

Half the problem is recreating the issue reliably. I can recreate it
somewhat randomly but that doesn't help much. If I can narrow it down to a
test case that reliably creates the issue, then I'll see about removing
parts and pieces of the configuration (nfs4, chroot, single vs multiple web
servers, php-fpm/fastcgi) to see if I can find what relates directly to it,
as it could be specific to my setup.

I haven't had issues with any other applications reading /dev/urandom. Part
of my suspicion related to seeing a post talking about php-fpm using a
hard-coded call to /dev/urandom, but it wasn't clear about what exactly was
going on there. I'd hoped maybe someone had seen similar behavior to what
I'm seeing and could comment on it.

Thanks,

John



On Fri, Apr 8, 2011 at 2:14 AM, Antony Dovgal <tony@daylessday.org> wrote:

> On 04/07/2011 10:37 PM, John wrote:
>
>> I think I am going to file a bug report on this one, but has anyone
>> else seen this happen?
>>
>
> File a bug report on /dev/urandom or on open()?
>
> 'Cause I don't see how that can be a problem with an _application_ using a
> syscall to read your /dev/urandom.
> I would look in the direction of /dev/urandom details first.
> Since you're using chroot, you've obviously created all those
> pseudo-devices yourself,
> so it must have something to do with that, not with an application using
> open() syscall and blocking.
>
> --
> Wbr,
> Antony Dovgal
> ---
> http://pinba.org - realtime statistics for PHP
>
陈智宏
Re: Problems with urandom device!
April 12, 2011 10:32AM
Nginx 1.0.0 Released!!!!

www.nginx.net
John Muir
Re: Problems with urandom device!
May 04, 2011 01:30PM
As a followup to this, it turns out the issue lies somewhere in nfs4 file
locking not being correctly handled between the two web servers. After
setting up bind mounts back to the local server for the device files (to a
different directory) the issues opening /dev/urandom completely disappear.
Not an issue with php-fpm at all.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 171
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready