Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CryptoTests timeout in SeedGenerator reading /dev/random #16720

Open
pshipton opened this issue Feb 14, 2023 · 8 comments
Open

CryptoTests timeout in SeedGenerator reading /dev/random #16720

pshipton opened this issue Feb 14, 2023 · 8 comments
Labels
comp:infra comp:test test failure

Comments

@pshipton
Copy link
Member

pshipton commented Feb 14, 2023
edited
Loading

https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_extended.functional_ppc64le_linux_Nightly_testList_1/457/ - cent7-ppcle-2
https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_extended.functional_x86-64_linux_Nightly_testList_0/451/ - ub18-x86-2

cryptotest/tests/SecureRandomTests.java
cryptotest/CryptoTest.java

Seems a problem reading from the default securerandom.source /dev/random on some machines.
Not sure if it's a valid test, but if I do cat /dev/random on these machines it either hangs right away, or prints a little bit and then hangs. Unless somebody can figure out how to fix the machines, it would be better for the test to use /dev/urandom, which never blocks, by having the test set the system property -Djava.security.egd=file:/dev/urandom.

ACTION: main -- Error. Program `/home/jenkins/workspace/Test_openjdk11_j9_extended.functional_ppc64le_linux_Nightly_testList_1/openjdkbinary/j2sdk-image/bin/java' timed out (timeout set to 120000ms, elapsed time including timeout handling was 120772ms).

"MainThread" prio=5 Id=26 RUNNABLE
	at java.base@11.0.18-internal/java.io.FileInputStream.readBytes(Native Method)
	at java.base@11.0.18-internal/java.io.FileInputStream.read(FileInputStream.java:279)
	at java.base@11.0.18-internal/java.io.FilterInputStream.read(FilterInputStream.java:133)
	at java.base@11.0.18-internal/sun.security.provider.SeedGenerator$URLSeedGenerator.getSeedBytes(SeedGenerator.java:541)
	at java.base@11.0.18-internal/sun.security.provider.SeedGenerator.generateSeed(SeedGenerator.java:144)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.lambda$static$0(AbstractDrbg.java:524)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.getEntropyInput(AbstractDrbg.java:507)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.getEntropyInput(AbstractDrbg.java:494)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.instantiateIfNecessary(AbstractDrbg.java:696)
	- locked sun.security.provider.HashDrbg@37bf7209
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.engineNextBytes(AbstractDrbg.java:378)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.engineNextBytes(AbstractDrbg.java:334)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg$SeederHolder.lambda$static$0(AbstractDrbg.java:558)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.getEntropyInput(AbstractDrbg.java:507)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.getEntropyInput(AbstractDrbg.java:494)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.instantiateIfNecessary(AbstractDrbg.java:696)
	- locked sun.security.provider.HashDrbg@70b36660
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.engineNextBytes(AbstractDrbg.java:378)
	at java.base@11.0.18-internal/sun.security.provider.AbstractDrbg.engineNextBytes(AbstractDrbg.java:334)
	at java.base@11.0.18-internal/sun.security.provider.DRBG.engineNextBytes(DRBG.java:233)
	at java.base@11.0.18-internal/java.security.SecureRandom.nextBytes(SecureRandom.java:768)
	at java.base@11.0.18-internal/java.security.SecureRandom.next(SecureRandom.java:825)
	at java.base@11.0.18-internal/java.util.Random.nextInt(Random.java:329)
	at app//cryptotest.tests.SecureRandomTests.checkAlgorithm(SecureRandomTests.java:73)
	at app//cryptotest.utils.AlgorithmTest.mainLoop(AlgorithmTest.java:79)
	at app//cryptotest.tests.SecureRandomTests.main(SecureRandomTests.java:60)

@llxia @AdamBrousseau
@AdamBrousseau
Copy link
Contributor

We have this issue on some alinux machines too for some time now.

@pshipton
Copy link
Member Author

pshipton commented Feb 14, 2023
edited
Loading

The alinux problem seems to only impact the internal machines, perhaps because there are some tests run internally that we don't run in the open. The same solution applies, i.e. we could run extended.openjdk, or at least the security sub-groups, on alinux with -Djava.security.egd=file:/dev/urandom.

@pshipton
Copy link
Member Author

I suppose /dev/random issues have an impact on adoptium/aqa-tests#3858

@llxia llxia mentioned this issue Feb 15, 2023
Closed
@llxia
Copy link
Contributor

llxia commented Feb 15, 2023

@zzambers suggested checking the system whether there is entropy gathering daemon running there (such as rngd, jitterentropy-rngd, ...). (see #16712 (comment)). Thanks @zzambers.

I do not have access to the openj9 machines. @AdamBrousseau could you please help to check it? Thanks

@zzambers
Copy link

zzambers commented Feb 15, 2023
edited
Loading

From my experience having correctly configured daemon for gathering entropy (rngd or similar) should solve these kind of issues.

In newer distributions this should work out-of-box. In case of RH distributions, rngd daemon supplied by rng-tools package seems to just do the right thing (and has support for both hw random instructions/device and jitter) .

Some older distributions may need a bit of manual setup, based on what is available on given system (and to verify, that daemon picked some source).

In case of VMs we enable rngd both on host and guest systems. And we also have virtio-rng virtual device enabled so that host can pass entropy to it's guests.

@JasonFengJ9
Copy link
Member

JasonFengJ9 commented Feb 16, 2023
edited
Loading

The timeout is observed at JDK17 ppc64le_linux(ubu18le-rt1-3)

java version "17.0.6-beta" 2023-01-17
IBM Semeru Runtime Certified Edition 17.0.6+10-202302150020 (build 17.0.6-beta+10-202302150020)
Eclipse OpenJ9 VM 17.0.6+10-202302150020 (build master-711ca6c2a, JRE 17 Linux ppc64le-64-Bit Compressed References 20230214_341 (JIT enabled, AOT enabled)
OpenJ9   - 711ca6c2a
OMR      - 6adea0343
JCL      - 1ab4ab5327 based on jdk-17.0.6+10)

[2023-02-15T01:32:21.924Z] variation: NoOptions
[2023-02-15T01:32:21.924Z] JVM_OPTIONS:  

[2023-02-15T01:45:55.616Z] TEST: cryptotest/tests/SignatureTests.java

[2023-02-15T01:45:55.622Z] TEST RESULT: Error. Program `/home/jenkins/workspace/Test_openjdk17_j9_extended.functional_ppc64le_linux_testList_1/openjdkbinary/j2sdk-image/bin/java' timed out (timeout set to 120000ms, elapsed time including timeout handling was 121068ms).

[2023-02-15T01:58:26.362Z] TEST: cryptotest/CryptoTest.java

[2023-02-15T01:58:26.377Z] TEST RESULT: Error. Program `/home/jenkins/workspace/Test_openjdk17_j9_extended.functional_ppc64le_linux_testList_1/openjdkbinary/j2sdk-image/bin/java' timed out (timeout set to 600000ms, elapsed time including timeout handling was 601084ms).
[2023-02-15T01:58:26.377Z] --------------------------------------------------
[2023-02-15T01:58:26.377Z] Test results: passed: 29; error: 2
[2023-02-15T01:58:26.377Z] Report written to /home/jenkins/workspace/Test_openjdk17_j9_extended.functional_ppc64le_linux_testList_1/aqa-tests/TKG/output_16764247404956/CryptoTests_0/report/html/report.html
[2023-02-15T01:58:26.377Z] Results written to /home/jenkins/workspace/Test_openjdk17_j9_extended.functional_ppc64le_linux_testList_1/aqa-tests/TKG/output_16764247404956/CryptoTests_0/work
[2023-02-15T01:58:26.377Z] Error: Some tests failed or other problems occurred.
[2023-02-15T01:58:26.377Z] -----------------------------------
[2023-02-15T01:58:26.377Z] CryptoTests_0_FAILED

Also seen at s390x_linux

@llxia llxia mentioned this issue Mar 23, 2023
Open
@pshipton pshipton mentioned this issue Mar 28, 2023
Merged
@pshipton
Copy link
Member Author

pshipton commented Apr 3, 2023
edited
Loading

https://openj9-jenkins.osuosl.org/job/Test_openjdk17_j9_extended.functional_x86-64_linux_Nightly_testList_0/427/ - ub16x64j91
https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_extended.functional_x86-64_linux_aot_Personal_testList_0/149 - ub16x64j95
https://openj9-jenkins.osuosl.org/job/Test_openjdk17_j9_extended.functional_x86-64_linux_aot_Personal_testList_0/115/ - cent7-x64-4

https://openj9-jenkins.osuosl.org/job/Test_openjdk17_j9_extended.functional_ppc64le_linux_aot_Personal_testList_0/115/ - cent7-ppcle-1
https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_extended.functional_ppc64le_linux_aot_Personal_testList_0/149/ - cent7-ppcle-4
https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_extended.functional_ppc64le_linux_aot_Personal_testList_0/148/ - cent7-ppcle-6

@dsouzai dsouzai mentioned this issue Apr 5, 2023
Merged
@pshipton pshipton mentioned this issue Jun 12, 2023
Open
@JasonFengJ9
Copy link
Member

https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_extended.functional_x86-64_linux_Release/66/tapResults/

variation: NoOptions
JVM_OPTIONS:  

TEST: cryptotest/tests/SecureRandomTests.java

TEST RESULT: Error. Program `/home/jenkins/workspace/Test_openjdk11_j9_extended.functional_x86-64_linux_Release_testList_0/openjdkbinary/j2sdk-image/bin/java' timed out (timeout set to 1200000ms, elapsed time including timeout handling was 1200991ms).
--------------------------------------------------
Test results: passed: 30; error: 2
-----------------------------------
CryptoTests_0_FAILED

This was referenced Jul 27, 2023
Closed
Merged
@sxa sxa mentioned this issue Oct 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
comp:infra comp:test test failure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@AdamBrousseau @JasonFengJ9 @pshipton @llxia @zzambers