Jitterentropy-Rngd high CPU use

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

michaels2408

Occasional Visitor
Recently updated my RT-AC88U to 386.2.4 . Since, I have seen very high CPU usage from the jitterentropy-rngd daemon, somtimes as high as 80% getting close to maxing out both cores. On a positive note this is not consistent. It waxes and wanes with usage increases when WAN throughput is higher. Is this normal?

1620289360616.png
 

dave14305

Part of the Furniture
You’re also running haveged which is probably trying to do the same thing. Maybe a conflict?
 

michaels2408

Occasional Visitor
A yes missed that. Was installed when I added DNScrypt. Remove and working much better. Thank you for seeing that.
 

profd

New Around Here
Hmm. I have this too but i cannot locate how to easily remove it.

This is a new install and it will have got in with amtm and i have installed:

DIversion
Skynet
scribe
unbound Manager
uiDivStats
uiScribe

Any suggestions on how to isolate and resolve the issue cleanly? Im new to asuswrt but familar with linux etc.
 

michaels2408

Occasional Visitor
Haveged usually installs with DNScrypt which you do not have listed. If it is installed then the easiest way is to go to ssh into the router and navigate to /tmp/opt/etc/init.d . Look for S**haveged startup script, remove and reboot. If you want to save the script just move it to another directory.
 

profd

New Around Here
Ok nice now i know where init.d is i feel better :)

i just made it non executable "chmod -x S02haveged"
 

RMerlin

Asuswrt-Merlin dev
I recommend you notify script developers that they should ensure they do not install haveged when another entropy generating daemon is present.
 

Zastoff

Very Senior Member
In dnscrypt installer, Haveged is optional to install. Can be uninstalled from dnscrypt installer menu also.
It is not the entware version of haveged that is used by dnscrypt installer, Think this version was compiled especially for asuswrt-merlin.
I have dnscrypt installer's haveged installed and have not noticed any issues so far, been keeping a eye on it since this tread came.
 
Last edited:

DonnyJohnny

Very Senior Member
In dnscrypt installer, Haveged is optional to install. Can be uninstalled from dnscrypt installer menu also.
It is not the entware version of haveged that is used by dnscrypt installer, Think this version was compiled especially for asuswrt-merlin.
I have dnscrypt installer's haveged installed and have not noticed any issues so far, been keeping a eye on it since this tread came.
Just wonder if 2 entropy generators running, will it be better or just generating unnecessary cpu load?
 

Zastoff

Very Senior Member
Just wonder if 2 entropy generators running, will it be better or just generating unnecessary cpu load?
The use of more then one RNG will make the entropy in the pool more unpredictable.
I am no expert on the RNG`s but found this command to check the pool:
Code:
cat /proc/sys/kernel/random/entropy_avail
With dnscypt installer`s Haveged(and entware version), The pool can never get below 1024bit i think, maximum should be 4096bit
I still haven`t seen any cpu spikes here with using both. Ofc if it seems to be a issue, Haveged should be removed.
When available, other sources of randomness are used to stir the entropy pool and make it less predictable.
Code:
PID  PPID    USER    STAT VSZ   VSZ%    CPU  CPU% ↓  COMMAND
911     1    izzt    S    7548    0.8    0    0.0    /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1
1094    1    izzt    S    2004    0.2    0    0.0    /usr/sbin/jitterentropy-rngd -p /var/run/jitterentropy-rngd.pid
Some extra info:
 
Last edited:

DonnyJohnny

Very Senior Member
I am no expert on the RNG`s but found this command to check the pool:
Code:
cat /proc/sys/kernel/random/entropy_avail
With dnscypt installer`s Haveged(and entware version), The pool can never get below 1024bit i think, maximum should be 4096bit
I still haven`t seen any cpu spikes here with using both. Ofc if it seems to be a issue, Haveged should be removed.

Code:
PID  PPID    USER    STAT VSZ   VSZ%    CPU  CPU% ↓  COMMAND
911     1    izzt    S    7548    0.8    0    0.0    /jffs/dnscrypt/haveged -w 1024 -d 32 -i 32 -v 1
1094    1    izzt    S    2004    0.2    0    0.0    /usr/sbin/jitterentropy-rngd -p /var/run/jitterentropy-rngd.pid
Some extra info:
Did a test with jitterentropy alone (no haveged installed), also 1024-1033.

If u have both installed and still 1024 mean no effect but waste memory and cpu resources?
 

Zastoff

Very Senior Member
Did a test with jitterentropy alone (no haveged installed), also 1024-1033.

If u have both installed and still 1024 mean no effect but waste memory and cpu resources?
Just updated my previous post to better answer your question.
The use of more then one RNG will make the entropy in the pool more unpredictable.
Maybe it is overkill in using more then one..
I am still using it to test if i get any conflicts or increased cpu use from it.
 
Last edited:

kernol

Very Senior Member
Unbound Manager installs it too.
Any idea whether removing it breaks Unbound Manager ?
Enjoying stability of 386.2_4 and lack the expertise to know the answer ... and sure don't want to break anything ;)!
 

dave14305

Part of the Furniture
Any idea whether removing it breaks Unbound Manager ?
Enjoying stability of 386.2_4 and lack the expertise to know the answer ... and sure don't want to break anything ;)!
I don’t know that there was ever a good reason to install it with Unbound, but there were a lot of conflicting ideas back in those days. :)
 

SomeWhereOverTheRainBow

Very Senior Member
Just updated my previous post to better answer your question.

Maybe it is overkill in using more then one..
I am still using it to test if i get any conflicts or increased cpu use from it.
from what I can tell there seems to be no interaction between haveged and jitterentropy-rngd, specifically logs should be examined around the time these cpu spikes occur. I think the spikes may be related to something else.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top