[Pkg-gnupg-commit] [gnupg2] 242/292: agent: Kludge to mitigate blocking calls in Libgcrypt.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:47 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 4473db1ef24031ff4e26c9a9de95dbe898ed2b97
Author: Werner Koch <wk at gnupg.org>
Date: Fri Nov 11 20:35:36 2016 +0100
agent: Kludge to mitigate blocking calls in Libgcrypt.
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--
During key generation Libgrypt will read from /dev/random which may
block. Libgcrypt is not nPth aware and thus the entire process will
block. Fortunately there is also a select with a short timeout to run
the progress callback. We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.
This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
agent/gpg-agent.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index a3c1aa8..d767879 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -384,9 +384,9 @@ static pid_t parent_pid = (pid_t)(-1);
static int active_connections;
/* This object is used to dispatch progress messages from Libgcrypt to
- * the right thread. Given that we won't have at max a few dozen
- * connections at the same time using a linked list is the easiest way
- * to handle this. */
+ * the right thread. Given that we will have at max only a few dozen
+ * connections at a time, using a linked list is the easiest way to
+ * handle this. */
struct progress_dispatch_s
{
struct progress_dispatch_s *next;
@@ -1747,6 +1747,17 @@ agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
break;
if (dispatch && dispatch->cb)
dispatch->cb (dispatch->ctrl, what, printchar, current, total);
+
+ /* If Libgcrypt tells us that it needs more entropy, we better take
+ * a nap to give other threads a chance to run. Note that Libgcrypt
+ * does not know about nPth and thus when it selects and reads from
+ * /dev/random this will block the process. Maybe we should add a
+ * function similar to gpgrt_set_syscall_clamp to Libgcrypt or use
+ * those clamps directly. For now sleeping for 100ms seems to be
+ * appropriate. */
+ if (what && !strcmp (what, "need_entropy"))
+ npth_usleep (100000);
+
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list