rpms/rng-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import rng-tools-6.8-4.el8_4

Browse Source
This commit is contained in:
CentOS Sources 2021-09-21 03:14:53 -04:00 committed by root
parent 05cb9ffc36
commit 3a7a2cb26b
5 changed files with 188 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SOURCES/60-hwrng.rules Normal file
View File

@ -0,0 +1 @@
SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640"

161
SOURCES/jitter-use-proper-state-locking.patch Normal file
View File

@ -0,0 +1,161 @@
From: Neil Horman <nhorman@tuxdriver.com>
Date: Tue, 10 Dec 2019 09:57:36 -0500
Subject: Move jitter to use proper state locking/thread signaling
The existing state communication between the main process and jitter threads was
pretty rickety, leading to lots of potential races. Replace it with proper
thread mutex locking and condition signaling. This will improve our ability to
properly shutdown the jitterentropy threads
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
rngd_jitter.c | 70 ++++++++++++++++++++++++++++++---------------------
1 file changed, 41 insertions(+), 29 deletions(-)
diff --git a/rngd_jitter.c b/rngd_jitter.c
index d0b12a4..32bac53 100644
--- a/rngd_jitter.c
+++ b/rngd_jitter.c
@@ -49,7 +49,10 @@ struct thread_data {
struct rand_data *ec;
size_t buf_sz;
int slpmode;
- int active;
+ /* mutex/condition to guard done variable */
+ pthread_cond_t statecond;
+ pthread_mutex_t statemtx;
+ /* done states -1 : init, 0 : ready, 1 : complete */
int done;
struct timespec slptm;
sigjmp_buf jmpbuf;
@@ -252,10 +255,8 @@ static void *thread_entropy_task(void *data)
char *tmpbuf;
struct timespec start, end;
int written;
- int first = 1;
/* STARTUP */
- me->done = 0;
/*
* Set our timeout value
* -1 means adaptive, i.e. sleep for the last
@@ -279,14 +280,19 @@ static void *thread_entropy_task(void *data)
}
/*
- * Use setjmp here to allow us to return early from
- * jent_read_entropy, as it can run for a long time
+ * A signal will call siglongjmp and return us here when we exit
*/
if (sigsetjmp(me->jmpbuf, 1))
goto out_interrupt;
+ /* Indicate we are ready */
+ pthread_mutex_lock(&me->statemtx);
+ me->done = 0;
+ pthread_cond_signal(&me->statecond);
+ pthread_mutex_unlock(&me->statemtx);
+
/* Now go to sleep until there is more work to do */
- do {
+ for(;;) {
message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id);
/* We are awake because we need to refil the buffer */
@@ -308,20 +314,18 @@ static void *thread_entropy_task(void *data)
if ((ret < 0) && (errno != EBADF))
message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
- if (first)
- me->active = 1;
- if (!first && !me->active)
- break;
- first = 0;
written += ret;
}
- } while (me->active);
+ }
out_interrupt:
free(tmpbuf);
out:
+ pthread_mutex_lock(&me->statemtx);
me->done = 1;
+ pthread_cond_signal(&me->statecond);
+ pthread_mutex_unlock(&me->statemtx);
pthread_exit(NULL);
}
@@ -434,8 +438,9 @@ int init_jitter_entropy_source(struct rng *ent_src)
core_id++;
tdata[i].core_id = core_id;
tdata[i].pipe_fd = pipefds[1];
- tdata[i].active = 0;
- tdata[i].done = 0;
+ pthread_cond_init(&tdata[i].statecond, NULL);
+ pthread_mutex_init(&tdata[i].statemtx, NULL);
+ tdata[i].done = -1;
core_id++;
tdata[i].buf_sz = ent_src->rng_options[JITTER_OPT_BUF_SZ].int_val;
tdata[i].ec = jent_entropy_collector_alloc(1, 0);
@@ -448,9 +453,16 @@ int init_jitter_entropy_source(struct rng *ent_src)
/* Make sure all our threads are doing their jobs */
for (i=0; i < num_threads; i++) {
- while (tdata[i].active == 0)
- sched_yield();
- message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
+ /* wait until the done state transitions from negative to zero or more */
+ pthread_mutex_lock(&tdata[i].statemtx);
+ if (tdata[i].done < 0)
+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
+ if (tdata[i].done == 1)
+ /* we failed during startup */
+ message(LOG_DAEMON|LOG_DEBUG, "CPU thread %d failed\n", i);
+ else
+ message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
+ pthread_mutex_unlock(&tdata[i].statemtx);
}
flags = fcntl(pipefds[0], F_GETFL, 0);
@@ -492,23 +504,23 @@ void close_jitter_entropy_source(struct rng *ent_src)
char tmpbuf[1024];
int flags;
- /* Flag all the threads so they exit */
- for (i=0; i < num_threads; i++)
- tdata[i].active = 0;
-
+ /* Close the pipes to prevent further writing */
close(pipefds[1]);
/* And wait for completion of each thread */
for (i=0; i < num_threads; i++) {
- message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
+ /* Signal the threads to exit */
pthread_kill(threads[i], SIGUSR1);
- while (!tdata[i].done)
- if(tdata[i].done) {
- message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
- pthread_join(threads[i], NULL);
- jent_entropy_collector_free(tdata[i].ec);
- } else
- sched_yield();
+ /* and wait for them to shutdown */
+ pthread_mutex_lock(&tdata[i].statemtx);
+ if (!tdata[i].done) {
+ message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
+ }
+ pthread_mutex_unlock(&tdata[i].statemtx);
+ message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
+ pthread_join(threads[i], NULL);
+ jent_entropy_collector_free(tdata[i].ec);
}
close(pipefds[0]);
--
2.26.3

2
SOURCES/rngd-wake-threshold.service
View File

@ -7,7 +7,7 @@ CapabilityBoundingSet=CAP_SYS_ADMIN
AmbientCapabilities=CAP_SYS_ADMIN
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold"
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle"
[Install]
WantedBy=sysinit.target

3
SOURCES/rngd.service
View File

@ -1,5 +1,6 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Daemon
ConditionVirtualization=!container
Requires=rngd-wake-threshold.service
[Service]
@ -7,7 +8,7 @@ User=rngd
Group=rngd
CapabilityBoundingSet=CAP_SYS_ADMIN
AmbientCapabilities=CAP_SYS_ADMIN
ExecStart=/sbin/rngd -f --fill-watermark=0
ExecStart=/usr/sbin/rngd -f --fill-watermark=0
TimeoutStartSec=60s
[Install]

39
SPECS/rng-tools.spec
View File

@ -1,29 +1,28 @@
%global _hardened_build 1
%global _sbindir /sbin
Summary: Random number generator related utilities
Name: rng-tools
Version: 6.8
Release: 3%{?dist}
Release: 4%{?dist}
Group: System Environment/Base
License: GPLv2+
URL: https://github.com/nhorman/rng-tools
Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz
Source1: rngd.service
Source2: jitterentropy-library-2.1.2.tar.gz
Source3: rngd-wake-threshold.service
Source2: jitterentropy-library-2.1.2.tar.gz
Source3: rngd-wake-threshold.service
Source4: 60-hwrng.rules
Patch0: jitterentropy-remove-install.patch
Patch1: jitterentropy-build-static.patch
Patch1: jitterentropy-build-static.patch
Patch2: jitter-setjmp.patch
Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch
Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch
Patch5: jitter-rdtsc.patch
Patch6: jitter-use-proper-state-locking.patch
# https://sourceforge.net/p/gkernel/patches/111/
BuildRequires: gettext
BuildRequires: systemd-units
BuildRequires: gettext
BuildRequires: systemd-units
BuildRequires: libgcrypt-devel
BuildRequires: autoconf automake
BuildRequires: libsysfs-devel libcurl-devel
@ -34,12 +33,11 @@ Requires(postun): systemd-units
Requires: libgcrypt libsysfs
Requires: openssl libxml2 libcurl
%description
Hardware random number generation tools.
%prep
%setup
%prep
%setup
tar xvf %{SOURCE2}
mv jitterentropy-library-2.1.2 jitterentropy-library
%patch0 -p1
@ -48,6 +46,7 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%build
./autogen.sh
@ -57,15 +56,17 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
%install
%make_install
# install systemd unit file
# install systemd unit file and udev rules
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3}
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE4}
%pre
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
%post
%systemd_post rngd.service rngd-wake-threshold.service
udevadm trigger --sysname-match=hw_random --settle
%preun
%systemd_preun rngd.service rngd-wake-threshold.service
@ -83,11 +84,18 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
%{_mandir}/man8/rngd.8.*
%attr(0644,root,root) %{_unitdir}/rngd.service
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
%changelog
* Mon May 24 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-4
- There is no need to hardcode _sbindir anymore, also the old value is incorrect
- Update the rngd.service file
- Fix a busyloop bug (bz 1956248)
- Fix /dev/hwrng permission issue (bz 1955522)
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
- Fix coarse clock time on Azure (bz 180155)
* Mon Dec 02 2019 Neil Horman <nhorman@redhat.com> - 6.8-2
- Fix erroneous message due to bad errno check (bz 1776710)
- Enable addition of 0 value for fill-watermark (bz 1776710)
@ -108,7 +116,7 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
- default to 1 thread on cpu 0 if getaffinty returns error (bz 1658855)
* Thu May 17 2018 Neil Horman <nhorman@redhat.com> 6.2-1
- Update to latest upstream
- Update to latest upstream
- Add CI self tests
* Thu Feb 15 2018 Adam Williamson <awilliam@redhat.com> - 6.1-4
@ -197,4 +205,3 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
* Wed Mar 24 2010 Jeff Garzik <jgarzik@redhat.com> - 2-1
- initial revision (as rng-tools)