mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-15 06:42:51 +01:00
Reduce disk write load in /usr/libexec/save-entropy.
Before this commit, the save-entropy script rotates entropy files like logs. This involves creating a new file that holds the entropy and renaming of all existing entropy files. However, the entropy data do not really need to be kept in a particular order, and replacing the oldest file is sufficient. This commit replaces the rotation with a scan in the [1..entropy_save_num] space that finds the first empty slot, or the slot of the oldest file, and writes entropy into that slot. This also fixes an issue that prevents save-entropy from saving any entropy when there is one non-regular file in any slot as a side effect. Based on an earlier patch from peterj@. PR: 134225 Reported by: peterj Reviewed by: csprng (cem, markm) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D22612
This commit is contained in:
parent
e0a1a1e6cb
commit
46413cedf7
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=355247
@ -71,26 +71,63 @@ cd "${entropy_dir}" || {
|
||||
|
||||
for f in saved-entropy.*; do
|
||||
case "${f}" in saved-entropy.\*) continue ;; esac # No files match
|
||||
[ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f}
|
||||
[ ${f#saved-entropy\.} -gt ${entropy_save_num} ] && unlink ${f}
|
||||
done
|
||||
|
||||
umask 377
|
||||
umask 177
|
||||
|
||||
n=$(( ${entropy_save_num} - 1 ))
|
||||
while [ ${n} -ge 1 ]; do
|
||||
if [ -f "saved-entropy.${n}" ]; then
|
||||
mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
|
||||
elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
|
||||
# Scan slots [1..$entropy_save_num), picking an empty slot or the oldest
|
||||
# existing file if no empty slot was available.
|
||||
#
|
||||
# 1. Find out the first regular file or empty slot (and its serial number)
|
||||
#
|
||||
n=1
|
||||
while [ ${n} -le ${entropy_save_num} ]; do
|
||||
save_file="saved-entropy.${n}"
|
||||
if [ ! -e "${save_file}" -o -f "${save_file}" ]; then
|
||||
break
|
||||
else
|
||||
logger -is -t "$0" \
|
||||
"${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
|
||||
it will not be rotated. Entropy file rotation is aborted.
|
||||
exit 1
|
||||
"${save_file}" is not a regular file, skipped.
|
||||
fi
|
||||
n=$(( ${n} - 1 ))
|
||||
n=$(( ${n} + 1 ))
|
||||
done
|
||||
#
|
||||
# 2. Start from (serial number + 1), and check if the slot is empty
|
||||
# or is an older regular file, update save_file pointer in either
|
||||
# case, and break early if we found an empty slot.
|
||||
#
|
||||
if [ -f ${save_file} ]; then
|
||||
n=$(( ${n} + 1 ))
|
||||
while [ ${n} -le ${entropy_save_num} ]; do
|
||||
next_file=saved-entropy.${n}
|
||||
if [ -f "${next_file}" ]; then
|
||||
[ "${next_file}" -ot "${save_file}" ] && \
|
||||
save_file="${next_file}"
|
||||
elif [ ! -e "${next_file}" ]; then
|
||||
save_file="${next_file}"
|
||||
break
|
||||
else
|
||||
logger -is -t "$0" \
|
||||
"${next_file}" is not a regular file, skipped.
|
||||
fi
|
||||
n=$(( ${n} + 1 ))
|
||||
done
|
||||
fi
|
||||
#
|
||||
# 3. Check if the pointer we have in hand is really a regular file or
|
||||
# an empty slot, and bail out as that means there is no available slot.
|
||||
#
|
||||
if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
|
||||
logger -is -t "$0" \
|
||||
No available slot in "${entropy_dir}", save entropy is aborted.
|
||||
exit 1
|
||||
fi
|
||||
|
||||
dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
|
||||
chflags nodump saved-entropy.1 2>/dev/null || :
|
||||
fsync saved-entropy.1 "."
|
||||
# Save entropy to the selected slot.
|
||||
chmod 600 "${save_file}" 2>/dev/null || :
|
||||
dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null
|
||||
chflags nodump "${save_file}" 2>/dev/null || :
|
||||
fsync "${save_file}" "."
|
||||
|
||||
exit 0
|
||||
|
Loading…
Reference in New Issue
Block a user