2019-10-30 04:19:32 +00:00
|
|
|
/* Hurdish implementation of getrandom
|
2023-01-06 21:08:04 +00:00
|
|
|
Copyright (C) 2016-2023 Free Software Foundation, Inc.
|
2019-10-30 04:19:32 +00:00
|
|
|
This file is part of the GNU C Library.
|
|
|
|
|
|
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
|
|
|
modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
License as published by the Free Software Foundation; either
|
|
|
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
License along with the GNU C Library; if not, see
|
|
|
|
|
<https://www.gnu.org/licenses/>. */
|
|
|
|
|
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
#include <hurd.h>
|
2019-10-30 04:19:32 +00:00
|
|
|
#include <sys/random.h>
|
|
|
|
|
#include <fcntl.h>
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
|
|
|
|
|
__libc_rwlock_define_initialized (static, lock);
|
|
|
|
|
static file_t random_server, random_server_nonblock,
|
|
|
|
|
urandom_server, urandom_server_nonblock;
|
2019-10-30 04:19:32 +00:00
|
|
|
|
2022-01-01 16:51:18 +00:00
|
|
|
extern char *__trivfs_server_name __attribute__((weak));
|
2021-12-30 20:25:24 +00:00
|
|
|
|
2019-10-30 04:19:32 +00:00
|
|
|
/* Write up to LENGTH bytes of randomness starting at BUFFER.
|
|
|
|
|
Return the number of bytes written, or -1 on error. */
|
|
|
|
|
ssize_t
|
2019-12-13 09:10:59 +00:00
|
|
|
__getrandom (void *buffer, size_t length, unsigned int flags)
|
2019-10-30 04:19:32 +00:00
|
|
|
{
|
|
|
|
|
const char *random_source = "/dev/urandom";
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
int open_flags = O_RDONLY;
|
|
|
|
|
file_t server, *cached_server;
|
|
|
|
|
error_t err;
|
|
|
|
|
char *data = buffer;
|
|
|
|
|
mach_msg_type_number_t nread = length;
|
|
|
|
|
|
|
|
|
|
switch (flags)
|
|
|
|
|
{
|
|
|
|
|
case 0:
|
|
|
|
|
cached_server = &urandom_server;
|
|
|
|
|
break;
|
|
|
|
|
case GRND_RANDOM:
|
|
|
|
|
cached_server = &random_server;
|
|
|
|
|
break;
|
|
|
|
|
case GRND_NONBLOCK:
|
|
|
|
|
cached_server = &urandom_server_nonblock;
|
|
|
|
|
break;
|
|
|
|
|
case GRND_RANDOM | GRND_NONBLOCK:
|
|
|
|
|
cached_server = &random_server_nonblock;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return __hurd_fail (EINVAL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (flags & GRND_RANDOM)
|
|
|
|
|
random_source = "/dev/random";
|
|
|
|
|
if (flags & GRND_NONBLOCK)
|
|
|
|
|
open_flags |= O_NONBLOCK;
|
|
|
|
|
/* No point in passing either O_NOCTTY, O_IGNORE_CTTY, or O_CLOEXEC
|
|
|
|
|
to file_name_lookup, since we're not making an fd. */
|
2019-10-30 04:19:32 +00:00
|
|
|
|
2022-01-01 16:51:18 +00:00
|
|
|
if (&__trivfs_server_name && __trivfs_server_name
|
|
|
|
|
&& __trivfs_server_name[0] == 'r'
|
|
|
|
|
&& __trivfs_server_name[1] == 'a'
|
|
|
|
|
&& __trivfs_server_name[2] == 'n'
|
|
|
|
|
&& __trivfs_server_name[3] == 'd'
|
|
|
|
|
&& __trivfs_server_name[4] == 'o'
|
|
|
|
|
&& __trivfs_server_name[5] == 'm'
|
|
|
|
|
&& __trivfs_server_name[6] == '\0')
|
2021-12-30 20:25:24 +00:00
|
|
|
/* We are random, don't try to read ourselves! */
|
|
|
|
|
return length;
|
|
|
|
|
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
again:
|
|
|
|
|
__libc_rwlock_rdlock (lock);
|
|
|
|
|
server = *cached_server;
|
|
|
|
|
if (MACH_PORT_VALID (server))
|
|
|
|
|
/* Attempt to read some random data using this port. */
|
|
|
|
|
err = __io_read (server, &data, &nread, -1, length);
|
|
|
|
|
else
|
|
|
|
|
err = MACH_SEND_INVALID_DEST;
|
|
|
|
|
__libc_rwlock_unlock (lock);
|
2019-10-30 04:19:32 +00:00
|
|
|
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
if (err == MACH_SEND_INVALID_DEST || err == MIG_SERVER_DIED)
|
|
|
|
|
{
|
|
|
|
|
file_t oldserver = server;
|
|
|
|
|
mach_port_urefs_t urefs;
|
|
|
|
|
|
|
|
|
|
/* Slow path: the cached port didn't work, or there was no
|
|
|
|
|
cached port in the first place. */
|
|
|
|
|
|
|
|
|
|
__libc_rwlock_wrlock (lock);
|
|
|
|
|
server = *cached_server;
|
|
|
|
|
if (server != oldserver)
|
|
|
|
|
{
|
|
|
|
|
/* Someone else must have refetched the port while we were
|
|
|
|
|
waiting for the lock. */
|
|
|
|
|
__libc_rwlock_unlock (lock);
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (MACH_PORT_VALID (server))
|
|
|
|
|
{
|
|
|
|
|
/* It could be that someone else has refetched the port and
|
|
|
|
|
it got the very same name. So check whether it is a send
|
|
|
|
|
right (and not a dead name). */
|
|
|
|
|
err = __mach_port_get_refs (__mach_task_self (), server,
|
|
|
|
|
MACH_PORT_RIGHT_SEND, &urefs);
|
|
|
|
|
if (!err && urefs > 0)
|
|
|
|
|
{
|
|
|
|
|
__libc_rwlock_unlock (lock);
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now we're sure that it's dead. */
|
|
|
|
|
__mach_port_deallocate (__mach_task_self (), server);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
server = *cached_server = __file_name_lookup (random_source,
|
|
|
|
|
open_flags, 0);
|
|
|
|
|
__libc_rwlock_unlock (lock);
|
|
|
|
|
if (!MACH_PORT_VALID (server))
|
|
|
|
|
/* No luck. */
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
return __hurd_fail (err);
|
2019-12-17 18:29:29 +00:00
|
|
|
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
if (data != buffer)
|
|
|
|
|
{
|
|
|
|
|
if (nread > length)
|
|
|
|
|
{
|
|
|
|
|
__vm_deallocate (__mach_task_self (), (vm_address_t) data, nread);
|
|
|
|
|
return __hurd_fail (EGRATUITOUS);
|
|
|
|
|
}
|
|
|
|
|
memcpy (buffer, data, nread);
|
|
|
|
|
__vm_deallocate (__mach_task_self (), (vm_address_t) data, nread);
|
|
|
|
|
}
|
2019-10-30 04:19:32 +00:00
|
|
|
|
hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.
Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.
In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.
Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.
Tested on i686-gnu with the following program:
pthread_barrier_t barrier;
void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}
int main() {
pthread_t threads[THREAD_COUNT];
pthread_barrier_init(&barrier, NULL, THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}
In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 13:55:58 +00:00
|
|
|
return nread;
|
2019-10-30 04:19:32 +00:00
|
|
|
}
|
2019-12-13 09:10:59 +00:00
|
|
|
|
|
|
|
|
libc_hidden_def (__getrandom)
|
|
|
|
|
weak_alias (__getrandom, getrandom)
|
