rng-tools: fix rngd_jitter initialization

rngd daemon may spam the console when using an older version than 6.11. Backport patches from https://github.com/nhorman/rng-tools/pull/99/commits (From OE-Core rev: 28707d202e56c9fe12492e3370fb56d920560642) Signed-off-by: Julien Massot <julien.massot@iot.bzh> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Julien Massot <julien.massot@iot.bzh> 2021-02-03 16:28:37 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-02-10 23:55:53 +0000
commit: 36688f92e75d0147532bc9939ec18012d86c2630 (patch)
tree: e43d70cf8e90f4c11ec113c7c332323176a98473
parent: fb3995faec26b19978554326f1739715ed63b809 (diff)
download: poky-36688f92e75d0147532bc9939ec18012d86c2630.tar.gz
4 files changed, 105 insertions, 0 deletions
diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
new file mode 100644
index 0000000000..3b44095cf5
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
@@ -0,0 +1,26 @@
+From 6ce86cb5cf06541cd5aad70fe8494b07b22c247e Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schiffer@tq-group.com>
+Date: Wed, 27 Jan 2021 16:10:32 +0100
+Subject: [PATCH] rngd_jitter: fix O_NONBLOCK setting for entropy pipe
+A pointer was passed to fcntl instead of the flags variable, setting
+random flags.
+Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
+---
+ rngd_jitter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 32bac53..25b3543 100644
+--- a/rngd_jitter.c
+++ b/rngd_jitter.c
+@@ -465,7 +465,7 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ 
+        flags = fcntl(pipefds[0], F_GETFL, 0);
+        flags |= O_NONBLOCK;
+-       fcntl(pipefds[0], F_SETFL, &flags);
+       fcntl(pipefds[0], F_SETFL, flags);
+ 
+        if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ #ifdef HAVE_LIBGCRYPT
diff --git a/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
new file mode 100644
index 0000000000..34f8227543
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
@@ -0,0 +1,38 @@
+From 330c2ba14510c8103b30d5021adb18f1534031a1 Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schiffer@tq-group.com>
+Date: Wed, 27 Jan 2021 16:18:09 +0100
+Subject: [PATCH] rngd_jitter: initialize AES key before setting the entropy
+ pipe to O_NONBLOCK
+Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
+---
+ rngd_jitter.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 25b3543..48f344c 100644
+--- a/rngd_jitter.c
+++ b/rngd_jitter.c
+@@ -463,10 +463,6 @@ int init_jitter_entropy_source(struct rng *ent_src)
+                pthread_mutex_unlock(&tdata[i].statemtx);
+        }
+ 
+-       flags = fcntl(pipefds[0], F_GETFL, 0);
+-       flags |= O_NONBLOCK;
+-       fcntl(pipefds[0], F_SETFL, flags);
+-
+        if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ #ifdef HAVE_LIBGCRYPT
+                /*
+@@ -487,6 +483,11 @@ int init_jitter_entropy_source(struct rng *ent_src)
+                        ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 1;
+                }
+                xread_jitter(aes_buf, tdata[0].buf_sz, ent_src);
+
+               flags = fcntl(pipefds[0], F_GETFL, 0);
+               flags |= O_NONBLOCK;
+               fcntl(pipefds[0], F_SETFL, flags);
+
+ #else
+                message_entsrc(ent_src,LOG_CONS|LOG_INFO, "libgcrypt not available. Disabling AES in JITTER source\n");
+                ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
diff --git a/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
new file mode 100644
index 0000000000..b3bc8028ea
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
@@ -0,0 +1,38 @@
+From 36bc92ef2789b13183c8895d83665f48b13c2b9e Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schiffer@tq-group.com>
+Date: Wed, 27 Jan 2021 16:22:39 +0100
+Subject: [PATCH] rngd_jitter: always read from entropy pipe before setting
+ O_NONBLOCK
+Even with AES disabled, we want to make sure that jent_read_entropy() has
+already generated some entropy before we consider the the source
+initialized. Otherwise "Entropy Generation is slow" log spam will be
+emitteded until this has happened, which can take several seconds.
+Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
+---
+ rngd_jitter.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 48f344c..b736cdd 100644
+--- a/rngd_jitter.c
+++ b/rngd_jitter.c
+@@ -492,6 +492,17 @@ int init_jitter_entropy_source(struct rng *ent_src)
+                message_entsrc(ent_src,LOG_CONS|LOG_INFO, "libgcrypt not available. Disabling AES in JITTER source\n");
+                ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
+ #endif
+       } else {
+               /*
+                * Make sure that an entropy gathering thread has generated
+                * at least some entropy before setting O_NONBLOCK and finishing
+                * the entropy source initialization.
+                *
+                * This avoids "Entropy Generation is slow" log spamming that
+                * would otherwise happen until jent_read_entropy() has run
+                * for the first time.
+                */
+               xread_jitter(&i, 1, ent_src);
+        }
+        message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling JITTER rng support\n");
+        return 0;
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.9.bb b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
index 913342c315..b8c6f022f3 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.9.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
@@ -10,6 +10,9 @@ DEPENDS = "sysfsutils"
 SRC_URI = "\
    git://github.com/nhorman/rng-tools.git \
+    file://0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch \
+    file://0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch \
+    file://0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch \
    file://init \
    file://default \
    file://rngd.service \
author	Julien Massot <julien.massot@iot.bzh>	2021-02-03 16:28:37 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-10 23:55:53 +0000
commit	36688f92e75d0147532bc9939ec18012d86c2630 (patch)
tree	e43d70cf8e90f4c11ec113c7c332323176a98473
parent	fb3995faec26b19978554326f1739715ed63b809 (diff)
download	poky-36688f92e75d0147532bc9939ec18012d86c2630.tar.gz

diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch new file mode 100644 index 0000000000..3b44095cf5 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
@@ -0,0 +1,26 @@
		1	From 6ce86cb5cf06541cd5aad70fe8494b07b22c247e Mon Sep 17 00:00:00 2001
		2	From: Matthias Schiffer <matthias.schiffer@tq-group.com>
		3	Date: Wed, 27 Jan 2021 16:10:32 +0100
		4	Subject: [PATCH] rngd_jitter: fix O_NONBLOCK setting for entropy pipe
		5
		6	A pointer was passed to fcntl instead of the flags variable, setting
		7	random flags.
		8
		9	Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
		10	---
		11	rngd_jitter.c \| 2 +-
		12	1 file changed, 1 insertion(+), 1 deletion(-)
		13
		14	diff --git a/rngd_jitter.c b/rngd_jitter.c
		15	index 32bac53..25b3543 100644
		16	--- a/rngd_jitter.c
		17	+++ b/rngd_jitter.c
		18	@@ -465,7 +465,7 @@ int init_jitter_entropy_source(struct rng *ent_src)
		19
		20	flags = fcntl(pipefds[0], F_GETFL, 0);
		21	flags \|= O_NONBLOCK;
		22	- fcntl(pipefds[0], F_SETFL, &flags);
		23	+ fcntl(pipefds[0], F_SETFL, flags);
		24
		25	if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
		26	#ifdef HAVE_LIBGCRYPT


diff --git a/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch new file mode 100644 index 0000000000..34f8227543 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
@@ -0,0 +1,38 @@
		1	From 330c2ba14510c8103b30d5021adb18f1534031a1 Mon Sep 17 00:00:00 2001
		2	From: Matthias Schiffer <matthias.schiffer@tq-group.com>
		3	Date: Wed, 27 Jan 2021 16:18:09 +0100
		4	Subject: [PATCH] rngd_jitter: initialize AES key before setting the entropy
		5	pipe to O_NONBLOCK
		6
		7	Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
		8	---
		9	rngd_jitter.c \| 9 +++++----
		10	1 file changed, 5 insertions(+), 4 deletions(-)
		11
		12	diff --git a/rngd_jitter.c b/rngd_jitter.c
		13	index 25b3543..48f344c 100644
		14	--- a/rngd_jitter.c
		15	+++ b/rngd_jitter.c
		16	@@ -463,10 +463,6 @@ int init_jitter_entropy_source(struct rng *ent_src)
		17	pthread_mutex_unlock(&tdata[i].statemtx);
		18	}
		19
		20	- flags = fcntl(pipefds[0], F_GETFL, 0);
		21	- flags \|= O_NONBLOCK;
		22	- fcntl(pipefds[0], F_SETFL, flags);
		23	-
		24	if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
		25	#ifdef HAVE_LIBGCRYPT
		26	/*
		27	@@ -487,6 +483,11 @@ int init_jitter_entropy_source(struct rng *ent_src)
		28	ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 1;
		29	}
		30	xread_jitter(aes_buf, tdata[0].buf_sz, ent_src);
		31	+
		32	+ flags = fcntl(pipefds[0], F_GETFL, 0);
		33	+ flags \|= O_NONBLOCK;
		34	+ fcntl(pipefds[0], F_SETFL, flags);
		35	+
		36	#else
		37	message_entsrc(ent_src,LOG_CONS\|LOG_INFO, "libgcrypt not available. Disabling AES in JITTER source\n");
		38	ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;


diff --git a/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch new file mode 100644 index 0000000000..b3bc8028ea --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
@@ -0,0 +1,38 @@
		1	From 36bc92ef2789b13183c8895d83665f48b13c2b9e Mon Sep 17 00:00:00 2001
		2	From: Matthias Schiffer <matthias.schiffer@tq-group.com>
		3	Date: Wed, 27 Jan 2021 16:22:39 +0100
		4	Subject: [PATCH] rngd_jitter: always read from entropy pipe before setting
		5	O_NONBLOCK
		6
		7	Even with AES disabled, we want to make sure that jent_read_entropy() has
		8	already generated some entropy before we consider the the source
		9	initialized. Otherwise "Entropy Generation is slow" log spam will be
		10	emitteded until this has happened, which can take several seconds.
		11
		12	Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
		13	---
		14	rngd_jitter.c \| 11 +++++++++++
		15	1 file changed, 11 insertions(+)
		16
		17	diff --git a/rngd_jitter.c b/rngd_jitter.c
		18	index 48f344c..b736cdd 100644
		19	--- a/rngd_jitter.c
		20	+++ b/rngd_jitter.c
		21	@@ -492,6 +492,17 @@ int init_jitter_entropy_source(struct rng *ent_src)
		22	message_entsrc(ent_src,LOG_CONS\|LOG_INFO, "libgcrypt not available. Disabling AES in JITTER source\n");
		23	ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
		24	#endif
		25	+ } else {
		26	+ /*
		27	+ * Make sure that an entropy gathering thread has generated
		28	+ * at least some entropy before setting O_NONBLOCK and finishing
		29	+ * the entropy source initialization.
		30	+ *
		31	+ * This avoids "Entropy Generation is slow" log spamming that
		32	+ * would otherwise happen until jent_read_entropy() has run
		33	+ * for the first time.
		34	+ */
		35	+ xread_jitter(&i, 1, ent_src);
		36	}
		37	message_entsrc(ent_src,LOG_DAEMON\|LOG_INFO, "Enabling JITTER rng support\n");
		38	return 0;


diff --git a/meta/recipes-support/rng-tools/rng-tools_6.9.bb b/meta/recipes-support/rng-tools/rng-tools_6.9.bb index 913342c315..b8c6f022f3 100644 --- a/meta/recipes-support/rng-tools/rng-tools_6.9.bb +++ b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
@@ -10,6 +10,9 @@ DEPENDS = "sysfsutils"
10		10
11	SRC_URI = "\	11	SRC_URI = "\
12	git://github.com/nhorman/rng-tools.git \	12	git://github.com/nhorman/rng-tools.git \
		13	file://0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch \
		14	file://0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch \
		15	file://0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch \
13	file://init \	16	file://init \
14	file://default \	17	file://default \
15	file://rngd.service \	18	file://rngd.service \