Reduce disk write load in /usr/libexec/save-entropy.

Before this commit, the save-entropy script rotates entropy files like logs. This involves creating a new file that holds the entropy and renaming of all existing entropy files. However, the entropy data do not really need to be kept in a particular order, and replacing the oldest file is sufficient. This commit replaces the rotation with a scan in the [1..entropy_save_num] space that finds the first empty slot, or the slot of the oldest file, and writes entropy into that slot. This also fixes an issue that prevents save-entropy from saving any entropy when there is one non-regular file in any slot as a side effect. Based on an earlier patch from peterj@. PR: 134225 Reported by: peterj Reviewed by: csprng (cem, markm) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D22612
2019-11-30 20:06:53 +00:00 · 2019-11-30 20:06:53 +00:00 · 46413cedf7
commit 46413cedf7
parent e0a1a1e6cb
1 changed files with 51 additions and 14 deletions
--- a/libexec/save-entropy/save-entropy.sh
+++ b/libexec/save-entropy/save-entropy.sh
@ -71,26 +71,63 @@ cd "${entropy_dir}" || {

 for f in saved-entropy.*; do
 	case "${f}" in saved-entropy.\*) continue ;; esac	# No files match
-	[ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f}
+	[ ${f#saved-entropy\.} -gt ${entropy_save_num} ] && unlink ${f}
 done

-umask 377
+umask 177

-n=$(( ${entropy_save_num} - 1 ))
-while [ ${n} -ge 1 ]; do
-	if [ -f "saved-entropy.${n}" ]; then
-		mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
-	elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
+# Scan slots [1..$entropy_save_num), picking an empty slot or the oldest
+# existing file if no empty slot was available.
+#
+# 1. Find out the first regular file or empty slot (and its serial number)
+#
+n=1
+while [ ${n} -le ${entropy_save_num} ]; do
+	save_file="saved-entropy.${n}"
+	if [ ! -e "${save_file}" -o -f "${save_file}" ]; then
+		break
+	else
 		logger -is -t "$0" \
-	"${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
-	    it will not be rotated. Entropy file rotation is aborted.
-		exit 1
+		    "${save_file}" is not a regular file, skipped.
 	fi
-	n=$(( ${n} - 1 ))
+	n=$(( ${n} + 1 ))
 done
+#
+# 2. Start from (serial number + 1), and check if the slot is empty
+#    or is an older regular file, update save_file pointer in either
+#    case, and break early if we found an empty slot.
+#
+if [ -f ${save_file} ]; then
+	n=$(( ${n} + 1 ))
+	while [ ${n} -le ${entropy_save_num} ]; do
+		next_file=saved-entropy.${n}
+		if [ -f "${next_file}" ]; then
+			[ "${next_file}" -ot "${save_file}" ] && \
+			    save_file="${next_file}"
+		elif [ ! -e "${next_file}" ]; then
+			save_file="${next_file}"
+			break
+		else
+			logger -is -t "$0" \
+			    "${next_file}" is not a regular file, skipped.
+		fi
+		n=$(( ${n} + 1 ))
+	done
+fi
+#
+# 3. Check if the pointer we have in hand is really a regular file or
+#    an empty slot, and bail out as that means there is no available slot.
+#
+if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
+	logger -is -t "$0" \
+		No available slot in "${entropy_dir}", save entropy is aborted.
+	exit 1
+fi

-dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
-chflags nodump saved-entropy.1 2>/dev/null || :
-fsync saved-entropy.1 "."
+# Save entropy to the selected slot.
+chmod 600 "${save_file}" 2>/dev/null || :
+dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null
+chflags nodump "${save_file}" 2>/dev/null || :
+fsync "${save_file}" "."

 exit 0