classification
Title: AIX build fails with failure to get random numbers
Type: compile error Stage: resolved
Components: Build Versions: Python 3.7
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: Michael.Felt, Robert Boehne, christian.heimes, jmadden, vstinner
Priority: normal Keywords:

Created on 2019-05-07 20:59 by Robert Boehne, last changed 2020-02-07 09:20 by Michael.Felt. This issue is now closed.

Files
File name Uploaded Description Edit
config.log.gz Robert Boehne, 2019-05-08 15:26
urandom.c vstinner, 2019-05-09 23:21
Messages (15)
msg341821 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-07 20:59
build fails with:
./python -E ../../Python-3.7.3/setup.py  build
Fatal Python error: _Py_HashRandomization_Init: failed to get random numbers to initialize Python
msg341822 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-07 21:00
robb@nepal:/raid/checkouts-raid/robb/nepal/build-py37$ gmake
xlc_r -c   -DNDEBUG -O -q64 -qlanglvl=extc99     -IObjects -IInclude -IPython -I. -I../../Python-3.7.3/Include -I/raid/checkouts-raid/robb/Python-2.7.15/Modules/zlib   -DPy_BUILD_CORE -o Modules/_math.o ../../Python-3.7.3/Modules/_math.c
LIBPATH=/raid/checkouts-raid/robb/nepal/build-py37 CC='xlc_r' LDSHARED='Modules/ld_so_aix xlc_r -bI:Modules/python.exp -L/raid/checkouts-raid/robb/zlib-dl/Release/rs6000aix_64/lib  -Wl,-blibpath:/opt/IBM/xlmass/8.1.3/lib/aix61:/opt/IBM/xlc/13.1.3/lib:/usr/lib:/lib:/opt/Python-3.7/lib -q64   ' OPT='-DNDEBUG -O'         _TCLTK_INCLUDES='' _TCLTK_LIBS=''       ./python -E ../../Python-3.7.3/setup.py  build
Fatal Python error: _Py_HashRandomization_Init: failed to get random numbers to initialize Python

Makefile:626: recipe for target 'sharedmods' failed
gmake: *** [sharedmods] Error 1
msg341828 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-05-07 21:20
Could you please use a debugger and step through _Py_HashRandomization_Init and pyurandom to see, where the initialization of the RNG is failing?
msg341830 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-07 21:26
Try to compress config.log to attach it. Or at least attach the output of "./configure" as a file.

I'm looking for HAVE_GETRANDOM, HAVE_GETRANDOM_SYSCALL, HAVE_GETENTROPY defines that you can find in pyconfig.h.

About /dev/urandom: does this device exist? Is your user allowed to read from it? For example, run "dd if=/dev/urandom of=random bs=1 count=1" command: does it fail?
msg341892 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-08 15:41
from pyconfig.h:


/* Define to 1 if the getrandom() function is available */
/* #undef HAVE_GETRANDOM */

/* Define to 1 if the Linux getrandom() syscall is available */
/* #undef HAVE_GETRANDOM_SYSCALL */

/* Define to 1 if you have the <linux/random.h> header file. */
/* #undef HAVE_LINUX_RANDOM_H */

/* Define to 1 if you have the `getentropy' function. */
/* #undef HAVE_GETENTROPY */
msg341910 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-08 16:50
Ok, so Python uses /dev/urandom. Can you try to read a few bytes from it? Like 256 bytes. You can try my dd command.
msg341929 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-08 18:55
Opening /dev/urandom seems to return -1

(dbx) print buffer
0x09001000a5f49380 
(dbx) print size
24 
(dbx) print raise
0 
(dbx) step
stopped in dev_urandom at line 311 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  311       if (raise) {
(dbx) step
stopped in dev_urandom at line 378 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  378           fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
(dbx) next
stopped in dev_urandom at line 379 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  379           if (fd < 0) {
(dbx) print fd
-1 
(dbx) step
stopped in dev_urandom at line 380 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  380               return -1;
(dbx) step
stopped in dev_urandom at line 401 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  401   }
(dbx) step
stopped in pyurandom at line 519 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  519   }
(dbx) step
stopped in unnamed block in _Py_HashRandomization_Init at line 611 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  611           if (res < 0) {
(dbx) step
stopped in unnamed block in _Py_HashRandomization_Init at line 612 in file "/raid/checkouts-raid/robb/nepal/build-py37/../../Python-3.7.3/Python/bootstrap_hash.c" ($t1)
  612               return _Py_INIT_USER_ERR("failed to get random numbers "
(dbx) continue
continue
^ unrecognized command
(dbx) cont
Fatal Python error: _Py_HashRandomization_Init: failed to get random numbers to initialize Python
msg341930 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-08 19:09
The call to open("/dev/urandom", flags) is returning -1, and errno is set to 22, EINVAL - Invalid argument.  could the flags be set incorrectly?
msg341936 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-08 19:59
Reading a few bytes from /dev/urandom via dd:


robb@nepal:/raid/checkouts-raid/robb/nepal/build-py37$ dd if=/dev/urandom bs=256 count=1
??S?(#L???????????~]?B?^??8?f&?_|Vi??@??[joG>St??;?$?1?*??24???RD?"4`??aҼ#???f???
?}                                                                               ??^z????????C?@?"?.^?gn??p?t?R*=Ӫ?8*?L??   8??bu?߂???8<d?/yd٠u0$9L_?g?e?P2s?Թ??4<?qF??0'????!
  ?c????%Z?;Pɟo=CIb?1+0 records in.
1+0 records out.
robb@nepal:/raid/checkouts-raid/robb/nepal/build-py37$ dd if=/dev/urandom bs=256 count=1
)|???Cnc9UR???r?(?@w???}?1??I~b?b??CmN?1(??6N?U?(??n???:I@;??@/
N??3w?˫`u??r>?Ŵ?`??y??٫K?.?~陵#5?t??h?e!?G@)B?R???(9kL????X??BUH5=?||??El???a????+????n@??V?c?N?^ͯ?y?n??]??$݇?Mp?,#???K?i8?`?????v??????~`L?1+0 records in.
1+0 records out.
robb@nepal:/raid/checkouts-raid/robb/nepal/build-py37$ dd if=/dev/urandom bs=256 count=1
_d?(?n???1bRԺ{??I??"Ѱ"|???E
                           p??^??q#??
~yZ$u??e}?3?????????qw#?????{*T1+0 records in.nR)?-?B???x??{~hϼ????+?7۪شV????W??"?d?n??V??t??R(\YC?3=?p?-ӽ?m??P???A?M??68??????9Y?](??xn+?a?ܯ?????????W
1+0 records out.
robb@nepal:/raid/checkouts-raid/robb/nepal/build-py37$
msg342009 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-09 23:21
Robert Boehne: pyurandom() uses _Py_open_noraise("/dev/urandom", O_RDONLY) which uses O_CLOEXEC if available. If this flag available? Does it work?

Please try to build attached urandom.c.

Example on my Fedora 29:

open O_RDONLY succeeded
read(16) -> 16
open O_RDONLY | O_CLOEXEC succeeded
read(16) -> 16
msg342076 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-10 16:06
It doesn't look good:

robb@nepal:/raid/checkouts-raid/robb/nepal$ xlc_r -q64 -O0 -g
-qlanglvl=extc1x -o urandom urandom.c

robb@nepal:/raid/checkouts-raid/robb/nepal$ ./urandom

open O_RDONLY failed

open O_RDONLY | O_CLOEXEC failed

robb@nepal:/raid/checkouts-raid/robb/nepal$ uname -a

AIX nepal 1 7 00FA7FB84C00

robb@nepal:/raid/checkouts-raid/robb/nepal$

On Thu, May 9, 2019 at 6:21 PM STINNER Victor <report@bugs.python.org>
wrote:

>
> STINNER Victor <vstinner@redhat.com> added the comment:
>
> Robert Boehne: pyurandom() uses _Py_open_noraise("/dev/urandom", O_RDONLY)
> which uses O_CLOEXEC if available. If this flag available? Does it work?
>
> Please try to build attached urandom.c.
>
> Example on my Fedora 29:
>
> open O_RDONLY succeeded
> read(16) -> 16
> open O_RDONLY | O_CLOEXEC succeeded
> read(16) -> 16
>
> ----------
> Added file: https://bugs.python.org/file48322/urandom.c
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <https://bugs.python.org/issue36843>
> _______________________________________
>
msg342077 - (view) Author: Robert Boehne (Robert Boehne) * Date: 2019-05-10 16:15
I wonder if there's anyone with AIX 7 who can attempt to reproduce this.  We have another AIX machine, but it is down for the moment.  I would like to eliminate a problem on this machine as the cause.
msg342136 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-10 21:28
> open O_RDONLY failed

Ah. That sounds like an issue on your machine or specific to AIX. I don't see what Python can do to support a platform where /dev/urandom doesn't work. Python really needs /dev/urandom at startup to initialize its "hash secret" to reduce the risk of DoS attack attack against dict.

https://python-security.readthedocs.io/vuln/cve-2012-1150_hash_dos.html

Maybe it's a permission issue. Maybe a libc issue. I don't know. But I suggest to close the issue and try to find help from AIX instead.
msg343714 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-05-27 23:51
I close the issue. Maybe contact Michael Felt to get help to debug your issue.
msg361550 - (view) Author: Michael Felt (Michael.Felt) * Date: 2020-02-07 09:20
FYI: I was contacted this week by someone with this problem. 

The problem was resolved after they updated AIX (was 7100-04-00-0000).

Please note: any oslevel -s reporting six zeros at the end needs the SP that is released in parallel with the base.
History
Date User Action Args
2020-02-07 09:20:00Michael.Feltsetnosy: + Michael.Felt
messages: + msg361550
2019-05-27 23:51:27vstinnersetstatus: open -> closed
resolution: not a bug
messages: + msg343714

stage: resolved
2019-05-10 21:28:45vstinnersetmessages: + msg342136
2019-05-10 16:15:00Robert Boehnesetmessages: + msg342077
2019-05-10 16:06:40Robert Boehnesetmessages: + msg342076
2019-05-09 23:21:24vstinnersetfiles: + urandom.c

messages: + msg342009
2019-05-08 19:59:10Robert Boehnesetmessages: + msg341936
2019-05-08 19:09:55Robert Boehnesetmessages: + msg341930
2019-05-08 18:55:32Robert Boehnesetmessages: + msg341929
2019-05-08 16:50:47vstinnersetmessages: + msg341910
2019-05-08 15:41:39Robert Boehnesetmessages: + msg341892
2019-05-08 15:26:56Robert Boehnesetfiles: + config.log.gz
2019-05-07 21:26:56vstinnersetnosy: + vstinner
messages: + msg341830
2019-05-07 21:20:03christian.heimessetnosy: + christian.heimes
messages: + msg341828
2019-05-07 21:08:52jmaddensetnosy: + jmadden
2019-05-07 21:00:29Robert Boehnesetmessages: + msg341822
2019-05-07 20:59:51Robert Boehnecreate