svn commit: r355247 - head/libexec/save-entropy

[Xin LI]

Author: delphij
Date: Sat Nov 30 20:06:53 2019
New Revision: 355247
URL: https://svnweb.freebsd.org/changeset/base/355247

Log:
  Reduce disk write load in /usr/libexec/save-entropy.
  
  Before this commit, the save-entropy script rotates entropy files
  like logs. This involves creating a new file that holds the entropy
  and renaming of all existing entropy files. However, the entropy
  data do not really need to be kept in a particular order, and
  replacing the oldest file is sufficient.
  
  This commit replaces the rotation with a scan in the
  [1..entropy_save_num] space that finds the first empty slot, or
  the slot of the oldest file, and writes entropy into that slot.
  
  This also fixes an issue that prevents save-entropy from saving
  any entropy when there is one non-regular file in any slot as a
  side effect.
  
  Based on an earlier patch from peterj at .
  
  PR:		134225
  Reported by:	peterj
  Reviewed by:	csprng (cem, markm)
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D22612

Modified:
  head/libexec/save-entropy/save-entropy.sh

Modified: head/libexec/save-entropy/save-entropy.sh
==============================================================================
--- head/libexec/save-entropy/save-entropy.sh	Sat Nov 30 20:04:40 2019	(r355246)
+++ head/libexec/save-entropy/save-entropy.sh	Sat Nov 30 20:06:53 2019	(r355247)
@@ -71,26 +71,63 @@ cd "${entropy_dir}" || {
 
 for f in saved-entropy.*; do
 	case "${f}" in saved-entropy.\*) continue ;; esac	# No files match
-	[ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f}
+	[ ${f#saved-entropy\.} -gt ${entropy_save_num} ] && unlink ${f}
 done
 
-umask 377
+umask 177
 
-n=$(( ${entropy_save_num} - 1 ))
-while [ ${n} -ge 1 ]; do
-	if [ -f "saved-entropy.${n}" ]; then
-		mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
-	elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
+# Scan slots [1..$entropy_save_num), picking an empty slot or the oldest
+# existing file if no empty slot was available.
+#
+# 1. Find out the first regular file or empty slot (and its serial number)
+#
+n=1
+while [ ${n} -le ${entropy_save_num} ]; do
+	save_file="saved-entropy.${n}"
+	if [ ! -e "${save_file}" -o -f "${save_file}" ]; then
+		break
+	else
 		logger -is -t "$0" \
-	"${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
-	    it will not be rotated. Entropy file rotation is aborted.
-		exit 1
+		    "${save_file}" is not a regular file, skipped.
 	fi
-	n=$(( ${n} - 1 ))
+	n=$(( ${n} + 1 ))
 done
+#
+# 2. Start from (serial number + 1), and check if the slot is empty
+#    or is an older regular file, update save_file pointer in either
+#    case, and break early if we found an empty slot.
+#
+if [ -f ${save_file} ]; then
+	n=$(( ${n} + 1 ))
+	while [ ${n} -le ${entropy_save_num} ]; do
+		next_file=saved-entropy.${n}
+		if [ -f "${next_file}" ]; then
+			[ "${next_file}" -ot "${save_file}" ] && \
+			    save_file="${next_file}"
+		elif [ ! -e "${next_file}" ]; then
+			save_file="${next_file}"
+			break
+		else
+			logger -is -t "$0" \
+			    "${next_file}" is not a regular file, skipped.
+		fi
+		n=$(( ${n} + 1 ))
+	done
+fi
+#
+# 3. Check if the pointer we have in hand is really a regular file or
+#    an empty slot, and bail out as that means there is no available slot.
+#
+if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
+	logger -is -t "$0" \
+		No available slot in "${entropy_dir}", save entropy is aborted.
+	exit 1
+fi
 
-dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
-chflags nodump saved-entropy.1 2>/dev/null || :
-fsync saved-entropy.1 "."
+# Save entropy to the selected slot.
+chmod 600 "${save_file}" 2>/dev/null || :
+dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null
+chflags nodump "${save_file}" 2>/dev/null || :
+fsync "${save_file}" "."
 
 exit 0