avoid blocking in getrandom system call
This commit is contained in:
Miroslav Lichvar
parent
46c0acfa68
commit
d2850f1c13
34
chrony-getrandom.patch
Normal file
34
chrony-getrandom.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
commit 7c5bd948bb7e21fa0ee22f29e97748b2d0360319
|
||||||
|
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||||
|
Date: Thu May 17 14:16:58 2018 +0200
|
||||||
|
|
||||||
|
util: fall back to reading /dev/urandom when getrandom() blocks
|
||||||
|
|
||||||
|
With recent changes in the Linux kernel, the getrandom() system call may
|
||||||
|
block for a long time after boot on machines that don't have enough
|
||||||
|
entropy. It blocks the chronyd's initialization before it can detach
|
||||||
|
from the terminal and may cause a chronyd service to fail to start due
|
||||||
|
to a timeout.
|
||||||
|
|
||||||
|
At least for now, enable the GRND_NONBLOCK flag to make the system call
|
||||||
|
non-blocking and let the code fall back to reading /dev/urandom (which
|
||||||
|
never blocks) if the system call failed with EAGAIN or any other error.
|
||||||
|
|
||||||
|
This makes the start of chronyd non-deterministic with respect to files
|
||||||
|
that it needs to open and possibly also makes it slightly easier to
|
||||||
|
guess the transmit/receive timestamp in client requests until the
|
||||||
|
urandom source is fully initialized.
|
||||||
|
|
||||||
|
diff --git a/util.c b/util.c
|
||||||
|
index 4b3e455..76417d5 100644
|
||||||
|
--- a/util.c
|
||||||
|
+++ b/util.c
|
||||||
|
@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, unsigned int len)
|
||||||
|
if (disabled)
|
||||||
|
break;
|
||||||
|
|
||||||
|
- if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
|
||||||
|
+ if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) {
|
||||||
|
disabled = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
@ -23,6 +23,8 @@ Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c
|
|||||||
Patch1: chrony-pidfile.patch
|
Patch1: chrony-pidfile.patch
|
||||||
# add NTP servers from DHCP when starting service
|
# add NTP servers from DHCP when starting service
|
||||||
Patch2: chrony-service-helper.patch
|
Patch2: chrony-service-helper.patch
|
||||||
|
# avoid blocking in getrandom system call
|
||||||
|
Patch3: chrony-getrandom.patch
|
||||||
|
|
||||||
BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel
|
BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel
|
||||||
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
|
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
|
||||||
@ -55,6 +57,7 @@ service to other computers in the network.
|
|||||||
%{?gitpatch:%patch0 -p1}
|
%{?gitpatch:%patch0 -p1}
|
||||||
%patch1 -p1 -b .pidfile
|
%patch1 -p1 -b .pidfile
|
||||||
%patch2 -p1 -b .service-helper
|
%patch2 -p1 -b .service-helper
|
||||||
|
%patch3 -p1 -b .getrandom
|
||||||
|
|
||||||
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
|
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user