mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-25 12:11:10 +00:00
8fb923ddc3
Previously, getrandom would, each time it's called, traverse the file system to find /dev/urandom, fetch some random data from it, then throw away that port. This is quite slow, while calls to getrandom are genrally expected to be fast. Additionally, this means that getrandom can not work when /dev/urandom is unavailable, such as inside a chroot that lacks one. User programs expect calls to getrandom to work inside a chroot if they first call getrandom outside of the chroot. In particular, this is known to break the OpenSSH server, and in that case the issue is exacerbated by the API of arc4random, which prevents it from properly reporting errors, forcing glibc to abort on failure. This causes sshd to just die once it tries to generate a random number. Caching the random server port, in a manner similar to how socket server ports are cached, both improves the performance and works around the chroot issue. Tested on i686-gnu with the following program: pthread_barrier_t barrier; void *worker(void*) { pthread_barrier_wait(&barrier); uint32_t sum = 0; for (int i = 0; i < 10000; i++) { sum += arc4random(); } return (void *)(uintptr_t) sum; } int main() { pthread_t threads[THREAD_COUNT]; pthread_barrier_init(&barrier, NULL, THREAD_COUNT); for (int i = 0; i < THREAD_COUNT; i++) { pthread_create(&threads[i], NULL, worker, NULL); } for (int i = 0; i < THREAD_COUNT; i++) { void *retval; pthread_join(threads[i], &retval); printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval); } In my totally unscientific benchmark, with this patch, this completes in about 7 seconds, whereas previously it took about 50 seconds. This program was also used to test that getrandom () doesn't explode if the random server dies, but instead reopens the /dev/urandom anew. I have also verified that with this patch, OpenSSH can once again accept connections properly. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20221202135558.23781-1-bugaevc@gmail.com> |
||
---|---|---|
argp | ||
assert | ||
benchtests | ||
bits | ||
catgets | ||
ChangeLog.old | ||
conform | ||
crypt | ||
csu | ||
ctype | ||
debug | ||
dirent | ||
dlfcn | ||
elf | ||
gmon | ||
gnulib | ||
grp | ||
gshadow | ||
hesiod | ||
htl | ||
hurd | ||
iconv | ||
iconvdata | ||
include | ||
inet | ||
intl | ||
io | ||
libio | ||
locale | ||
localedata | ||
login | ||
mach | ||
malloc | ||
manual | ||
math | ||
mathvec | ||
misc | ||
nis | ||
nptl | ||
nptl_db | ||
nscd | ||
nss | ||
po | ||
posix | ||
pwd | ||
resolv | ||
resource | ||
rt | ||
scripts | ||
setjmp | ||
shadow | ||
signal | ||
socket | ||
soft-fp | ||
stdio-common | ||
stdlib | ||
string | ||
sunrpc | ||
support | ||
sysdeps | ||
sysvipc | ||
termios | ||
time | ||
timezone | ||
wcsmbs | ||
wctype | ||
.clang-format | ||
.gitattributes | ||
.gitignore | ||
abi-tags | ||
aclocal.m4 | ||
config.h.in | ||
config.make.in | ||
configure | ||
configure.ac | ||
CONTRIBUTED-BY | ||
COPYING | ||
COPYING.LIB | ||
extra-lib.mk | ||
gen-locales.mk | ||
INSTALL | ||
libc-abis | ||
libof-iterator.mk | ||
LICENSES | ||
MAINTAINERS | ||
Makeconfig | ||
Makefile | ||
Makefile.help | ||
Makefile.in | ||
Makerules | ||
NEWS | ||
o-iterator.mk | ||
README | ||
Rules | ||
SHARED-FILES | ||
shlib-versions | ||
test-skeleton.c | ||
version.h |
This directory contains the sources of the GNU C Library. See the file "version.h" for what release version you have. The GNU C Library is the standard system C library for all GNU systems, and is an important part of what makes up a GNU system. It provides the system API for all programs written in C and C-compatible languages such as C++ and Objective C; the runtime facilities of other programming languages use the C library to access the underlying operating system. In GNU/Linux systems, the C library works with the Linux kernel to implement the operating system behavior seen by user applications. In GNU/Hurd systems, it works with a microkernel and Hurd servers. The GNU C Library implements much of the POSIX.1 functionality in the GNU/Hurd system, using configurations i[4567]86-*-gnu. When working with Linux kernels, this version of the GNU C Library requires Linux kernel version 3.2 or later. Also note that the shared version of the libgcc_s library must be installed for the pthread library to work correctly. The GNU C Library supports these configurations for using Linux kernels: aarch64*-*-linux-gnu alpha*-*-linux-gnu arc*-*-linux-gnu arm-*-linux-gnueabi csky-*-linux-gnuabiv2 hppa-*-linux-gnu i[4567]86-*-linux-gnu x86_64-*-linux-gnu Can build either x86_64 or x32 ia64-*-linux-gnu loongarch64-*-linux-gnu Hardware floating point, LE only. m68k-*-linux-gnu microblaze*-*-linux-gnu mips-*-linux-gnu mips64-*-linux-gnu or1k-*-linux-gnu powerpc-*-linux-gnu Hardware or software floating point, BE only. powerpc64*-*-linux-gnu Big-endian and little-endian. s390-*-linux-gnu s390x-*-linux-gnu riscv32-*-linux-gnu riscv64-*-linux-gnu sh[34]-*-linux-gnu sparc*-*-linux-gnu sparc64*-*-linux-gnu If you are interested in doing a port, please contact the glibc maintainers; see https://www.gnu.org/software/libc/ for more information. See the file INSTALL to find out how to configure, build, and install the GNU C Library. You might also consider reading the WWW pages for the C library at https://www.gnu.org/software/libc/. The GNU C Library is (almost) completely documented by the Texinfo manual found in the `manual/' subdirectory. The manual is still being updated and contains some known errors and omissions; we regret that we do not have the resources to work on the manual as much as we would like. For corrections to the manual, please file a bug in the `manual' component, following the bug-reporting instructions below. Please be sure to check the manual in the current development sources to see if your problem has already been corrected. Please see https://www.gnu.org/software/libc/bugs.html for bug reporting information. We are now using the Bugzilla system to track all bug reports. This web page gives detailed information on how to report bugs properly. The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.