import rng-tools-6.8-5.el8
This commit is contained in:
parent
78dd57eba8
commit
c8deb6be88
1
SOURCES/60-hwrng.rules
Normal file
1
SOURCES/60-hwrng.rules
Normal file
@ -0,0 +1 @@
|
|||||||
|
SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640"
|
161
SOURCES/jitter-use-proper-state-locking.patch
Normal file
161
SOURCES/jitter-use-proper-state-locking.patch
Normal file
@ -0,0 +1,161 @@
|
|||||||
|
From: Neil Horman <nhorman@tuxdriver.com>
|
||||||
|
Date: Tue, 10 Dec 2019 09:57:36 -0500
|
||||||
|
Subject: Move jitter to use proper state locking/thread signaling
|
||||||
|
|
||||||
|
The existing state communication between the main process and jitter threads was
|
||||||
|
pretty rickety, leading to lots of potential races. Replace it with proper
|
||||||
|
thread mutex locking and condition signaling. This will improve our ability to
|
||||||
|
properly shutdown the jitterentropy threads
|
||||||
|
|
||||||
|
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
||||||
|
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||||
|
---
|
||||||
|
rngd_jitter.c | 70 ++++++++++++++++++++++++++++++---------------------
|
||||||
|
1 file changed, 41 insertions(+), 29 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
||||||
|
index d0b12a4..32bac53 100644
|
||||||
|
--- a/rngd_jitter.c
|
||||||
|
+++ b/rngd_jitter.c
|
||||||
|
@@ -49,7 +49,10 @@ struct thread_data {
|
||||||
|
struct rand_data *ec;
|
||||||
|
size_t buf_sz;
|
||||||
|
int slpmode;
|
||||||
|
- int active;
|
||||||
|
+ /* mutex/condition to guard done variable */
|
||||||
|
+ pthread_cond_t statecond;
|
||||||
|
+ pthread_mutex_t statemtx;
|
||||||
|
+ /* done states -1 : init, 0 : ready, 1 : complete */
|
||||||
|
int done;
|
||||||
|
struct timespec slptm;
|
||||||
|
sigjmp_buf jmpbuf;
|
||||||
|
@@ -252,10 +255,8 @@ static void *thread_entropy_task(void *data)
|
||||||
|
char *tmpbuf;
|
||||||
|
struct timespec start, end;
|
||||||
|
int written;
|
||||||
|
- int first = 1;
|
||||||
|
/* STARTUP */
|
||||||
|
|
||||||
|
- me->done = 0;
|
||||||
|
/*
|
||||||
|
* Set our timeout value
|
||||||
|
* -1 means adaptive, i.e. sleep for the last
|
||||||
|
@@ -279,14 +280,19 @@ static void *thread_entropy_task(void *data)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Use setjmp here to allow us to return early from
|
||||||
|
- * jent_read_entropy, as it can run for a long time
|
||||||
|
+ * A signal will call siglongjmp and return us here when we exit
|
||||||
|
*/
|
||||||
|
if (sigsetjmp(me->jmpbuf, 1))
|
||||||
|
goto out_interrupt;
|
||||||
|
|
||||||
|
+ /* Indicate we are ready */
|
||||||
|
+ pthread_mutex_lock(&me->statemtx);
|
||||||
|
+ me->done = 0;
|
||||||
|
+ pthread_cond_signal(&me->statecond);
|
||||||
|
+ pthread_mutex_unlock(&me->statemtx);
|
||||||
|
+
|
||||||
|
/* Now go to sleep until there is more work to do */
|
||||||
|
- do {
|
||||||
|
+ for(;;) {
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id);
|
||||||
|
|
||||||
|
/* We are awake because we need to refil the buffer */
|
||||||
|
@@ -308,20 +314,18 @@ static void *thread_entropy_task(void *data)
|
||||||
|
if ((ret < 0) && (errno != EBADF))
|
||||||
|
message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
|
||||||
|
- if (first)
|
||||||
|
- me->active = 1;
|
||||||
|
- if (!first && !me->active)
|
||||||
|
- break;
|
||||||
|
- first = 0;
|
||||||
|
written += ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
- } while (me->active);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
out_interrupt:
|
||||||
|
free(tmpbuf);
|
||||||
|
out:
|
||||||
|
+ pthread_mutex_lock(&me->statemtx);
|
||||||
|
me->done = 1;
|
||||||
|
+ pthread_cond_signal(&me->statecond);
|
||||||
|
+ pthread_mutex_unlock(&me->statemtx);
|
||||||
|
pthread_exit(NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -434,8 +438,9 @@ int init_jitter_entropy_source(struct rng *ent_src)
|
||||||
|
core_id++;
|
||||||
|
tdata[i].core_id = core_id;
|
||||||
|
tdata[i].pipe_fd = pipefds[1];
|
||||||
|
- tdata[i].active = 0;
|
||||||
|
- tdata[i].done = 0;
|
||||||
|
+ pthread_cond_init(&tdata[i].statecond, NULL);
|
||||||
|
+ pthread_mutex_init(&tdata[i].statemtx, NULL);
|
||||||
|
+ tdata[i].done = -1;
|
||||||
|
core_id++;
|
||||||
|
tdata[i].buf_sz = ent_src->rng_options[JITTER_OPT_BUF_SZ].int_val;
|
||||||
|
tdata[i].ec = jent_entropy_collector_alloc(1, 0);
|
||||||
|
@@ -448,9 +453,16 @@ int init_jitter_entropy_source(struct rng *ent_src)
|
||||||
|
|
||||||
|
/* Make sure all our threads are doing their jobs */
|
||||||
|
for (i=0; i < num_threads; i++) {
|
||||||
|
- while (tdata[i].active == 0)
|
||||||
|
- sched_yield();
|
||||||
|
- message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
|
||||||
|
+ /* wait until the done state transitions from negative to zero or more */
|
||||||
|
+ pthread_mutex_lock(&tdata[i].statemtx);
|
||||||
|
+ if (tdata[i].done < 0)
|
||||||
|
+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
|
||||||
|
+ if (tdata[i].done == 1)
|
||||||
|
+ /* we failed during startup */
|
||||||
|
+ message(LOG_DAEMON|LOG_DEBUG, "CPU thread %d failed\n", i);
|
||||||
|
+ else
|
||||||
|
+ message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
|
||||||
|
+ pthread_mutex_unlock(&tdata[i].statemtx);
|
||||||
|
}
|
||||||
|
|
||||||
|
flags = fcntl(pipefds[0], F_GETFL, 0);
|
||||||
|
@@ -492,23 +504,23 @@ void close_jitter_entropy_source(struct rng *ent_src)
|
||||||
|
char tmpbuf[1024];
|
||||||
|
int flags;
|
||||||
|
|
||||||
|
- /* Flag all the threads so they exit */
|
||||||
|
- for (i=0; i < num_threads; i++)
|
||||||
|
- tdata[i].active = 0;
|
||||||
|
-
|
||||||
|
+ /* Close the pipes to prevent further writing */
|
||||||
|
close(pipefds[1]);
|
||||||
|
|
||||||
|
/* And wait for completion of each thread */
|
||||||
|
for (i=0; i < num_threads; i++) {
|
||||||
|
- message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
|
||||||
|
+ /* Signal the threads to exit */
|
||||||
|
pthread_kill(threads[i], SIGUSR1);
|
||||||
|
- while (!tdata[i].done)
|
||||||
|
- if(tdata[i].done) {
|
||||||
|
- message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
|
||||||
|
- pthread_join(threads[i], NULL);
|
||||||
|
- jent_entropy_collector_free(tdata[i].ec);
|
||||||
|
- } else
|
||||||
|
- sched_yield();
|
||||||
|
+ /* and wait for them to shutdown */
|
||||||
|
+ pthread_mutex_lock(&tdata[i].statemtx);
|
||||||
|
+ if (!tdata[i].done) {
|
||||||
|
+ message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
|
||||||
|
+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
|
||||||
|
+ }
|
||||||
|
+ pthread_mutex_unlock(&tdata[i].statemtx);
|
||||||
|
+ message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
|
||||||
|
+ pthread_join(threads[i], NULL);
|
||||||
|
+ jent_entropy_collector_free(tdata[i].ec);
|
||||||
|
}
|
||||||
|
|
||||||
|
close(pipefds[0]);
|
||||||
|
--
|
||||||
|
2.26.3
|
||||||
|
|
@ -7,7 +7,7 @@ CapabilityBoundingSet=CAP_SYS_ADMIN
|
|||||||
AmbientCapabilities=CAP_SYS_ADMIN
|
AmbientCapabilities=CAP_SYS_ADMIN
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=yes
|
RemainAfterExit=yes
|
||||||
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold"
|
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle"
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=sysinit.target
|
WantedBy=sysinit.target
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Hardware RNG Entropy Gatherer Daemon
|
Description=Hardware RNG Entropy Gatherer Daemon
|
||||||
|
ConditionVirtualization=!container
|
||||||
Requires=rngd-wake-threshold.service
|
Requires=rngd-wake-threshold.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
@ -7,7 +8,7 @@ User=rngd
|
|||||||
Group=rngd
|
Group=rngd
|
||||||
CapabilityBoundingSet=CAP_SYS_ADMIN
|
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||||
AmbientCapabilities=CAP_SYS_ADMIN
|
AmbientCapabilities=CAP_SYS_ADMIN
|
||||||
ExecStart=/sbin/rngd -f --fill-watermark=0
|
ExecStart=/usr/sbin/rngd -f --fill-watermark=0
|
||||||
TimeoutStartSec=60s
|
TimeoutStartSec=60s
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -1,10 +1,9 @@
|
|||||||
%global _hardened_build 1
|
%global _hardened_build 1
|
||||||
%global _sbindir /sbin
|
|
||||||
|
|
||||||
Summary: Random number generator related utilities
|
Summary: Random number generator related utilities
|
||||||
Name: rng-tools
|
Name: rng-tools
|
||||||
Version: 6.8
|
Version: 6.8
|
||||||
Release: 3%{?dist}
|
Release: 5%{?dist}
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: https://github.com/nhorman/rng-tools
|
URL: https://github.com/nhorman/rng-tools
|
||||||
@ -12,6 +11,7 @@ Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version
|
|||||||
Source1: rngd.service
|
Source1: rngd.service
|
||||||
Source2: jitterentropy-library-2.1.2.tar.gz
|
Source2: jitterentropy-library-2.1.2.tar.gz
|
||||||
Source3: rngd-wake-threshold.service
|
Source3: rngd-wake-threshold.service
|
||||||
|
Source4: 60-hwrng.rules
|
||||||
|
|
||||||
Patch0: jitterentropy-remove-install.patch
|
Patch0: jitterentropy-remove-install.patch
|
||||||
Patch1: jitterentropy-build-static.patch
|
Patch1: jitterentropy-build-static.patch
|
||||||
@ -19,8 +19,7 @@ Patch2: jitter-setjmp.patch
|
|||||||
Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch
|
Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch
|
||||||
Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch
|
Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch
|
||||||
Patch5: jitter-rdtsc.patch
|
Patch5: jitter-rdtsc.patch
|
||||||
|
Patch6: jitter-use-proper-state-locking.patch
|
||||||
# https://sourceforge.net/p/gkernel/patches/111/
|
|
||||||
|
|
||||||
BuildRequires: gettext
|
BuildRequires: gettext
|
||||||
BuildRequires: systemd-units
|
BuildRequires: systemd-units
|
||||||
@ -34,7 +33,6 @@ Requires(postun): systemd-units
|
|||||||
Requires: libgcrypt libsysfs
|
Requires: libgcrypt libsysfs
|
||||||
Requires: openssl libxml2 libcurl
|
Requires: openssl libxml2 libcurl
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Hardware random number generation tools.
|
Hardware random number generation tools.
|
||||||
|
|
||||||
@ -48,6 +46,7 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
|
|||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
@ -57,15 +56,17 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
|
|||||||
%install
|
%install
|
||||||
%make_install
|
%make_install
|
||||||
|
|
||||||
# install systemd unit file
|
# install systemd unit file and udev rules
|
||||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3}
|
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3}
|
||||||
|
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE4}
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
|
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%systemd_post rngd.service rngd-wake-threshold.service
|
%systemd_post rngd.service rngd-wake-threshold.service
|
||||||
|
udevadm trigger --sysname-match=hw_random --settle
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%systemd_preun rngd.service rngd-wake-threshold.service
|
%systemd_preun rngd.service rngd-wake-threshold.service
|
||||||
@ -83,8 +84,18 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
|
|||||||
%{_mandir}/man8/rngd.8.*
|
%{_mandir}/man8/rngd.8.*
|
||||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||||
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
|
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
|
||||||
|
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 27 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-5
|
||||||
|
- Fix /dev/hwrng permissions issue at boot time (bz 1955522)
|
||||||
|
|
||||||
|
* Mon May 24 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-4
|
||||||
|
- There is no need to hardcode _sbindir anymore, also the old value is incorrect
|
||||||
|
- Update the rngd.service file
|
||||||
|
- Fix a busyloop bug (bz 1956248)
|
||||||
|
- Fix /dev/hwrng permission issue (bz 1955522)
|
||||||
|
|
||||||
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
|
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
|
||||||
- Fix coarse clock time on Azure (bz 180155)
|
- Fix coarse clock time on Azure (bz 180155)
|
||||||
|
|
||||||
@ -197,4 +208,3 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
|
|||||||
|
|
||||||
* Wed Mar 24 2010 Jeff Garzik <jgarzik@redhat.com> - 2-1
|
* Wed Mar 24 2010 Jeff Garzik <jgarzik@redhat.com> - 2-1
|
||||||
- initial revision (as rng-tools)
|
- initial revision (as rng-tools)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user