a35233e62d
Rewrite init_kernel_rng() to ensure proper logging Signed-off-by: Vladis Dronov <vdronov@redhat.com>
225 lines
6.8 KiB
Diff
225 lines
6.8 KiB
Diff
From dbb1a83124140c83bc32c1af58bb22bcbfb86ab3 Mon Sep 17 00:00:00 2001
|
|
From: Vladis Dronov <vdronov@redhat.com>
|
|
Date: Fri, 18 Jun 2021 17:16:13 +0200
|
|
Subject: Rewrite init_kernel_rng() to ensure proper logging
|
|
|
|
We want to log errors in default_watermark(), so actually we should not
|
|
call it before logging is initialized, i.e. before processing command
|
|
line switches and setting am_daemon. With that, default_watermark() is
|
|
less needed. Adjust the code by merging it into init_kernel_rng() which
|
|
is called exactly after logging is initialized and "-l" case is handled.
|
|
|
|
Also use LOG_DEBUG priority for informational messages about entropy pool.
|
|
Initialize arguments->fill_watermark with -1 so we can distinguish cases
|
|
when watermark was or was not set by a command line switch.
|
|
|
|
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
---
|
|
rngd.c | 14 +++++---------
|
|
rngd_linux.c | 54 +++++++++++++++++++++++++++-------------------------
|
|
rngd_linux.h | 4 ----
|
|
3 files changed, 33 insertions(+), 39 deletions(-)
|
|
|
|
diff --git a/rngd.c b/rngd.c
|
|
index e85e723..a358fc7 100644
|
|
--- a/rngd.c
|
|
+++ b/rngd.c
|
|
@@ -62,7 +62,7 @@
|
|
int kent_pool_size;
|
|
|
|
/* Background/daemon mode */
|
|
-bool am_daemon; /* True if we went daemon */
|
|
+bool am_daemon = false; /* True if we went daemon */
|
|
bool msg_squash = false; /* True if we want no messages on the console */
|
|
bool quiet = false; /* True if we want no console output at all */
|
|
volatile bool server_running = true; /* set to false, to stop daemon */
|
|
@@ -132,6 +132,7 @@ static struct arguments default_arguments = {
|
|
.random_name = "/dev/random",
|
|
.pid_file = "/var/run/rngd.pid",
|
|
.random_step = 64,
|
|
+ .fill_watermark = -1,
|
|
.daemon = true,
|
|
.test = false,
|
|
.list = false,
|
|
@@ -845,9 +846,6 @@ int main(int argc, char **argv)
|
|
|
|
openlog("rngd", 0, LOG_DAEMON);
|
|
|
|
- /* Get the default watermark level for this platform */
|
|
- arguments->fill_watermark = default_watermark();
|
|
-
|
|
/* Parsing of commandline parameters */
|
|
if (argp_parse(&argp, argc, argv, 0, 0, arguments) < 0)
|
|
return 1;
|
|
@@ -865,13 +863,12 @@ int main(int argc, char **argv)
|
|
pid_fd = write_pid_file(arguments->pid_file);
|
|
if (pid_fd < 0)
|
|
return 1;
|
|
-
|
|
}
|
|
|
|
if (arguments->list) {
|
|
int found = 0;
|
|
message(LOG_CONS|LOG_INFO, "Entropy sources that are available but disabled\n");
|
|
- for (i=0; i < ENT_MAX; i++)
|
|
+ for (i=0; i < ENT_MAX; i++)
|
|
if (entropy_sources[i].init && entropy_sources[i].disabled == true) {
|
|
found = 1;
|
|
message(LOG_CONS|LOG_INFO, "%d: %s (%s)\n", i,
|
|
@@ -885,7 +882,6 @@ int main(int argc, char **argv)
|
|
message(LOG_DAEMON|LOG_INFO, "Initializing available sources\n");
|
|
|
|
/* Init entropy sources */
|
|
-
|
|
for (i=0; i < ENT_MAX; i++) {
|
|
ent_src = &entropy_sources[i];
|
|
if (ent_src->init && ent_src->disabled == false) {
|
|
@@ -907,14 +903,14 @@ int main(int argc, char **argv)
|
|
int rc = 1;
|
|
msg_squash = false;
|
|
message(LOG_CONS|LOG_INFO, "Available and enabled entropy sources:\n");
|
|
- for (i=0; i < ENT_MAX; i++)
|
|
+ for (i=0; i < ENT_MAX; i++)
|
|
if (entropy_sources[i].init && entropy_sources[i].disabled == false) {
|
|
rc = 1;
|
|
message(LOG_CONS|LOG_INFO, "%d: %s (%s)\n", i,
|
|
entropy_sources[i].rng_name, entropy_sources[i].rng_sname);
|
|
}
|
|
message(LOG_CONS|LOG_INFO, "Available entropy sources that failed initalization:\n");
|
|
- for (i=0; i < ENT_MAX; i++)
|
|
+ for (i=0; i < ENT_MAX; i++)
|
|
if (entropy_sources[i].init && entropy_sources[i].disabled == true && entropy_sources[i].failed_init == true) {
|
|
rc = 1;
|
|
message(LOG_CONS|LOG_INFO, "%d: %s (%s)\n", i,
|
|
diff --git a/rngd_linux.c b/rngd_linux.c
|
|
index c52c62d..873723c 100644
|
|
--- a/rngd_linux.c
|
|
+++ b/rngd_linux.c
|
|
@@ -54,20 +54,26 @@ static int random_fd;
|
|
extern int kent_pool_size;
|
|
|
|
/*
|
|
- * Get the default watermark
|
|
+ * Initialize the interface to the Linux Kernel
|
|
+ * entropy pool (through /dev/random)
|
|
+ *
|
|
+ * randomdev is the path to the random device
|
|
*/
|
|
|
|
#define DEFAULT_WATERMARK_GUESS 4096
|
|
|
|
-int default_watermark(void)
|
|
+void init_kernel_rng(const char* randomdev)
|
|
{
|
|
FILE *f;
|
|
+ int err;
|
|
unsigned int wm;
|
|
|
|
+ /* Try to open and read poolsize sysfs file */
|
|
f = fopen("/proc/sys/kernel/random/poolsize", "r");
|
|
if (!f) {
|
|
wm = DEFAULT_WATERMARK_GUESS;
|
|
- message(LOG_DAEMON|LOG_ERR, "can't open /proc/sys/kernel/random/poolsize: %s",
|
|
+ message(LOG_DAEMON|LOG_WARNING,
|
|
+ "can't open /proc/sys/kernel/random/poolsize: %s\n",
|
|
strerror(errno));
|
|
goto err;
|
|
}
|
|
@@ -75,42 +81,36 @@ int default_watermark(void)
|
|
/* Use DEFAULT_WATERMARK_GUESS if fscanf fails */
|
|
if(fscanf(f,"%u", &wm) < 1) {
|
|
wm = DEFAULT_WATERMARK_GUESS;
|
|
- message(LOG_DAEMON|LOG_ERR, "can't read /proc/sys/kernel/random/poolsize: %s",
|
|
+ message(LOG_DAEMON|LOG_WARNING,
|
|
+ "can't read /proc/sys/kernel/random/poolsize: %s\n",
|
|
strerror(errno));
|
|
}
|
|
+ fclose(f);
|
|
|
|
err:
|
|
+ /* Set the fill_watermark to wm if it was not set on a command line */
|
|
kent_pool_size = wm;
|
|
wm = wm*3/4;
|
|
- message(LOG_DAEMON|LOG_ERR, "kernel entropy pool size: %d pool watermark: %d",
|
|
- kent_pool_size, wm);
|
|
-
|
|
- if (f)
|
|
- fclose(f);
|
|
- return wm;
|
|
-}
|
|
-
|
|
-/*
|
|
- * Initialize the interface to the Linux Kernel
|
|
- * entropy pool (through /dev/random)
|
|
- *
|
|
- * randomdev is the path to the random device
|
|
- */
|
|
-void init_kernel_rng(const char* randomdev)
|
|
-{
|
|
- FILE *f;
|
|
- int err;
|
|
+ if (arguments->fill_watermark == -1)
|
|
+ arguments->fill_watermark = wm;
|
|
|
|
+ /* Try to open randomdev file for writing */
|
|
random_fd = open(randomdev, O_RDWR);
|
|
if (random_fd == -1) {
|
|
message(LOG_DAEMON|LOG_ERR, "can't open %s: %s",
|
|
randomdev, strerror(errno));
|
|
exit(EXIT_USAGE);
|
|
}
|
|
+
|
|
/* Don't set the watermark if the watermark is zero */
|
|
- if (!arguments->fill_watermark)
|
|
+ if (!arguments->fill_watermark) {
|
|
+ message(LOG_DAEMON|LOG_DEBUG,
|
|
+ "Kernel entropy pool size %d, pool watermark is not set\n",
|
|
+ kent_pool_size);
|
|
return;
|
|
+ }
|
|
|
|
+ /* Actually set entropy pool watermark */
|
|
f = fopen("/proc/sys/kernel/random/write_wakeup_threshold", "w");
|
|
if (!f) {
|
|
err = 1;
|
|
@@ -119,12 +119,14 @@ void init_kernel_rng(const char* randomdev)
|
|
/* Note | not || here... we always want to close the file */
|
|
err = ferror(f) | fclose(f);
|
|
}
|
|
- if (err) {
|
|
+ if (err)
|
|
message(LOG_DAEMON|LOG_WARNING,
|
|
"unable to adjust write_wakeup_threshold: %s\n",
|
|
strerror(errno));
|
|
- }
|
|
-
|
|
+ else
|
|
+ message(LOG_DAEMON|LOG_DEBUG,
|
|
+ "Kernel entropy pool size %d, pool watermark %d\n",
|
|
+ kent_pool_size, arguments->fill_watermark);
|
|
}
|
|
|
|
struct entropy {
|
|
diff --git a/rngd_linux.h b/rngd_linux.h
|
|
index 4cb2a4a..a485383 100644
|
|
--- a/rngd_linux.h
|
|
+++ b/rngd_linux.h
|
|
@@ -26,9 +26,6 @@
|
|
#include <unistd.h>
|
|
#include <stdint.h>
|
|
|
|
-/* The default watermark level for this platform */
|
|
-extern int default_watermark(void);
|
|
-
|
|
/*
|
|
* Initialize the interface to the Linux Kernel
|
|
* entropy pool (through /dev/random)
|
|
@@ -44,4 +41,3 @@ extern int random_add_entropy(void *buf, size_t size);
|
|
extern void random_sleep(void);
|
|
|
|
#endif /* RNGD_LINUX__H */
|
|
-
|
|
--
|
|
2.26.3
|
|
|