[OE-core][dunfell 25/28] rng-tools: fix rngd_jitter initialization

[Steve Sakoman]

From: Julien Massot <julien.mas...@iot.bzh>

rngd daemon may spam the console when using an older version
than 6.11.

Backport patches from https://github.com/nhorman/rng-tools/pull/99/commits

Signed-off-by: Julien Massot <julien.mas...@iot.bzh>
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 ...-O_NONBLOCK-setting-for-entropy-pipe.patch | 26 +++++++++++++
 ...ialize-AES-key-before-setting-the-en.patch | 38 +++++++++++++++++++
 ...ys-read-from-entropy-pipe-before-set.patch | 38 +++++++++++++++++++
 .../rng-tools/rng-tools_6.9.bb                |  3 ++
 4 files changed, 105 insertions(+)
 create mode 100644 
meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
 create mode 100644 
meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
 create mode 100644 
meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch

diff --git 
a/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
 
b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
new file mode 100644
index 0000000000..3b44095cf5
--- /dev/null
+++ 
b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
@@ -0,0 +1,26 @@
+From 6ce86cb5cf06541cd5aad70fe8494b07b22c247e Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schif...@tq-group.com>
+Date: Wed, 27 Jan 2021 16:10:32 +0100
+Subject: [PATCH] rngd_jitter: fix O_NONBLOCK setting for entropy pipe
+
+A pointer was passed to fcntl instead of the flags variable, setting
+random flags.
+
+Signed-off-by: Matthias Schiffer <matthias.schif...@tq-group.com>
+---
+ rngd_jitter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 32bac53..25b3543 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -465,7 +465,7 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ 
+       flags = fcntl(pipefds[0], F_GETFL, 0);
+       flags |= O_NONBLOCK;
+-      fcntl(pipefds[0], F_SETFL, &flags);
++      fcntl(pipefds[0], F_SETFL, flags);
+ 
+       if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ #ifdef HAVE_LIBGCRYPT
diff --git 
a/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
 
b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
new file mode 100644
index 0000000000..34f8227543
--- /dev/null
+++ 
b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
@@ -0,0 +1,38 @@
+From 330c2ba14510c8103b30d5021adb18f1534031a1 Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schif...@tq-group.com>
+Date: Wed, 27 Jan 2021 16:18:09 +0100
+Subject: [PATCH] rngd_jitter: initialize AES key before setting the entropy
+ pipe to O_NONBLOCK
+
+Signed-off-by: Matthias Schiffer <matthias.schif...@tq-group.com>
+---
+ rngd_jitter.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 25b3543..48f344c 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -463,10 +463,6 @@ int init_jitter_entropy_source(struct rng *ent_src)
+               pthread_mutex_unlock(&tdata[i].statemtx);
+       }
+ 
+-      flags = fcntl(pipefds[0], F_GETFL, 0);
+-      flags |= O_NONBLOCK;
+-      fcntl(pipefds[0], F_SETFL, flags);
+-
+       if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ #ifdef HAVE_LIBGCRYPT
+               /*
+@@ -487,6 +483,11 @@ int init_jitter_entropy_source(struct rng *ent_src)
+                       ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 1;
+               }
+               xread_jitter(aes_buf, tdata[0].buf_sz, ent_src);
++
++              flags = fcntl(pipefds[0], F_GETFL, 0);
++              flags |= O_NONBLOCK;
++              fcntl(pipefds[0], F_SETFL, flags);
++
+ #else
+               message_entsrc(ent_src,LOG_CONS|LOG_INFO, "libgcrypt not 
available. Disabling AES in JITTER source\n");
+               ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
diff --git 
a/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
 
b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
new file mode 100644
index 0000000000..b3bc8028ea
--- /dev/null
+++ 
b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
@@ -0,0 +1,38 @@
+From 36bc92ef2789b13183c8895d83665f48b13c2b9e Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schif...@tq-group.com>
+Date: Wed, 27 Jan 2021 16:22:39 +0100
+Subject: [PATCH] rngd_jitter: always read from entropy pipe before setting
+ O_NONBLOCK
+
+Even with AES disabled, we want to make sure that jent_read_entropy() has
+already generated some entropy before we consider the the source
+initialized. Otherwise "Entropy Generation is slow" log spam will be
+emitteded until this has happened, which can take several seconds.
+
+Signed-off-by: Matthias Schiffer <matthias.schif...@tq-group.com>
+---
+ rngd_jitter.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 48f344c..b736cdd 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -492,6 +492,17 @@ int init_jitter_entropy_source(struct rng *ent_src)
+               message_entsrc(ent_src,LOG_CONS|LOG_INFO, "libgcrypt not 
available. Disabling AES in JITTER source\n");
+               ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
+ #endif
++      } else {
++              /*
++               * Make sure that an entropy gathering thread has generated
++               * at least some entropy before setting O_NONBLOCK and finishing
++               * the entropy source initialization.
++               *
++               * This avoids "Entropy Generation is slow" log spamming that
++               * would otherwise happen until jent_read_entropy() has run
++               * for the first time.
++               */
++              xread_jitter(&i, 1, ent_src);
+       }
+       message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling JITTER rng 
support\n");
+       return 0;
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.9.bb 
b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
index 913342c315..b8c6f022f3 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.9.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
@@ -10,6 +10,9 @@ DEPENDS = "sysfsutils"
 
 SRC_URI = "\
     git://github.com/nhorman/rng-tools.git \
+    file://0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch \
+    file://0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch \
+    file://0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch \
     file://init \
     file://default \
     file://rngd.service \
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147817): 
https://lists.openembedded.org/g/openembedded-core/message/147817
Mute This Topic: https://lists.openembedded.org/mt/80477449/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-