Author: delphij
Date: Sat Dec 14 09:49:36 2019
New Revision: 355748
URL: https://svnweb.freebsd.org/changeset/base/355748
Log:
MFC r345744, r348122, r355247
r345744: random(4): Attempt to persist entropy promptly
r348122: save-entropy(8), rc.d/random: Set nodump flag
r355247: Reduce disk write load in /usr/libexec/save-entropy.
Modified:
stable/12/libexec/rc/rc.d/random
stable/12/libexec/save-entropy/save-entropy.sh
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/libexec/rc/rc.d/random
==============================================================================
--- stable/12/libexec/rc/rc.d/random Sat Dec 14 08:28:10 2019
(r355747)
+++ stable/12/libexec/rc/rc.d/random Sat Dec 14 09:49:36 2019
(r355748)
@@ -25,7 +25,9 @@ save_dev_random()
for f ; do
debug "saving entropy to $f"
dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
- chmod 600 "$f"
+ ( chflags nodump "$f" 2>/dev/null || : ) &&
+ chmod 600 "$f" &&
+ fsync "$f" "$(dirname "$f")"
done
umask ${oumask}
}
@@ -98,7 +100,7 @@ random_stop()
[Nn][Oo])
;;
*)
- echo -n 'Writing entropy file:'
+ echo -n 'Writing entropy file: '
rm -f ${entropy_file} 2> /dev/null
oumask=`umask`
umask 077
@@ -117,9 +119,7 @@ random_stop()
warn 'write failed (read-only fs?)'
;;
*)
- dd if=/dev/random of=${entropy_file_confirmed} \
- bs=4096 count=1 2> /dev/null ||
- warn 'write failed (unwriteable file or full fs?)'
+ save_dev_random "${entropy_file_confirmed}"
echo '.'
;;
esac
@@ -130,7 +130,7 @@ random_stop()
[Nn][Oo])
;;
*)
- echo -n 'Writing early boot entropy file:'
+ echo -n 'Writing early boot entropy file: '
rm -f ${entropy_boot_file} 2> /dev/null
oumask=`umask`
umask 077
@@ -142,9 +142,7 @@ random_stop()
warn 'write failed (read-only fs?)'
;;
*)
- dd if=/dev/random of=${entropy_boot_file_confirmed} \
- bs=4096 count=1 2> /dev/null ||
- warn 'write failed (unwriteable file or full fs?)'
+ save_dev_random "${entropy_boot_file_confirmed}"
echo '.'
;;
esac
Modified: stable/12/libexec/save-entropy/save-entropy.sh
==============================================================================
--- stable/12/libexec/save-entropy/save-entropy.sh Sat Dec 14 08:28:10
2019 (r355747)
+++ stable/12/libexec/save-entropy/save-entropy.sh Sat Dec 14 09:49:36
2019 (r355748)
@@ -71,24 +71,63 @@ cd "${entropy_dir}" || {
for f in saved-entropy.*; do
case "${f}" in saved-entropy.\*) continue ;; esac # No files match
- [ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f}
+ [ ${f#saved-entropy\.} -gt ${entropy_save_num} ] && unlink ${f}
done
-umask 377
+umask 177
-n=$(( ${entropy_save_num} - 1 ))
-while [ ${n} -ge 1 ]; do
- if [ -f "saved-entropy.${n}" ]; then
- mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
- elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
+# Scan slots [1..$entropy_save_num), picking an empty slot or the oldest
+# existing file if no empty slot was available.
+#
+# 1. Find out the first regular file or empty slot (and its serial number)
+#
+n=1
+while [ ${n} -le ${entropy_save_num} ]; do
+ save_file="saved-entropy.${n}"
+ if [ ! -e "${save_file}" -o -f "${save_file}" ]; then
+ break
+ else
logger -is -t "$0" \
- "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
- it will not be rotated. Entropy file rotation is aborted.
- exit 1
+ "${save_file}" is not a regular file, skipped.
fi
- n=$(( ${n} - 1 ))
+ n=$(( ${n} + 1 ))
done
+#
+# 2. Start from (serial number + 1), and check if the slot is empty
+# or is an older regular file, update save_file pointer in either
+# case, and break early if we found an empty slot.
+#
+if [ -f ${save_file} ]; then
+ n=$(( ${n} + 1 ))
+ while [ ${n} -le ${entropy_save_num} ]; do
+ next_file=saved-entropy.${n}
+ if [ -f "${next_file}" ]; then
+ [ "${next_file}" -ot "${save_file}" ] && \
+ save_file="${next_file}"
+ elif [ ! -e "${next_file}" ]; then
+ save_file="${next_file}"
+ break
+ else
+ logger -is -t "$0" \
+ "${next_file}" is not a regular file, skipped.
+ fi
+ n=$(( ${n} + 1 ))
+ done
+fi
+#
+# 3. Check if the pointer we have in hand is really a regular file or
+# an empty slot, and bail out as that means there is no available slot.
+#
+if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
+ logger -is -t "$0" \
+ No available slot in "${entropy_dir}", save entropy is aborted.
+ exit 1
+fi
-dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
+# Save entropy to the selected slot.
+chmod 600 "${save_file}" 2>/dev/null || :
+dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null
+chflags nodump "${save_file}" 2>/dev/null || :
+fsync "${save_file}" "."
exit 0
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
