CVS commit: src/sys/dev

[Taylor R Campbell]

Module Name:    src
Committed By:   riastradh
Date:           Sun Jul 21 22:30:19 UTC 2013

Modified Files:
        src/sys/dev: rndpseudo.c

Log Message:
When reading from /dev/random, block at most once in cprng_strong.

We are not obligated to return exactly as many bytes as requested,
and many applications -- notably those that use stdio or otherwise
buffered I/O to read from /dev/random -- try to read many more than
32 bytes at a time from /dev/random even if all they are about to use
is 32 bytes.

In this case, blocking until we have enough entropy to fill a large
buffer causes needless application delays, e.g. causing cgdconfig
(which reads from /dev/random with stdio) to hang at boot when trying
to configure a random-keyed device for swap.

Patch tested by Aran Clauson.  Fixes PR kern/48028.


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/dev/rndpseudo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/rndpseudo.c
diff -u src/sys/dev/rndpseudo.c:1.15 src/sys/dev/rndpseudo.c:1.16
--- src/sys/dev/rndpseudo.c:1.15	Tue Jul  2 13:27:42 2013
+++ src/sys/dev/rndpseudo.c	Sun Jul 21 22:30:19 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: rndpseudo.c,v 1.15 2013/07/02 13:27:42 pgoyette Exp $	*/
+/*	$NetBSD: rndpseudo.c,v 1.16 2013/07/21 22:30:19 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 1997-2013 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rndpseudo.c,v 1.15 2013/07/02 13:27:42 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rndpseudo.c,v 1.16 2013/07/21 22:30:19 riastradh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -387,6 +387,22 @@ rnd_read(struct file *fp, off_t *offp, s
 		error = uiomove(buf, n_read, uio);
 		if (error)
 			goto out;
+
+		/*
+		 * Do at most one iteration for /dev/random and return
+		 * a short read without hanging further.  Hanging
+		 * breaks applications worse than short reads.  Reads
+		 * can't be zero unless nonblocking from /dev/random;
+		 * in that case, ask caller to retry, instead of just
+		 * returning zero bytes, which means EOF.
+		 */
+		KASSERT((0 < n_read) || (ctx->rc_hard &&
+			ISSET(fp->f_flag, FNONBLOCK)));
+		if (ctx->rc_hard) {
+			if (n_read == 0)
+				error = EAGAIN;
+			goto out;
+		}
 	}
 
 out:	pool_cache_put(rnd_temp_buffer_cache, buf);