diff options
| author | Jonathan Giannuzzi <jonathan@giannuzzi.be> | 2018-10-10 14:17:27 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-10-10 14:18:47 -0700 |
| commit | 8388a505e735045f31c6f7180711ef57148dc517 (patch) | |
| tree | 8f5e5a7ed88d47f52f309e732871f7d622d02a01 | |
| parent | ddb34b3690c07f6c8efe2b96f89166145c4a7d3c (diff) | |
Support for older Linux kernels without getrandom
Change-Id: I1fb9f5b47a264a7617912f6f56f995f3c4c5e578
PiperOrigin-RevId: 216591484
| -rw-r--r-- | pkg/rand/rand_linux.go | 31 | ||||
| -rw-r--r-- | runsc/boot/BUILD | 1 | ||||
| -rw-r--r-- | runsc/boot/loader.go | 12 |
3 files changed, 38 insertions, 6 deletions
diff --git a/pkg/rand/rand_linux.go b/pkg/rand/rand_linux.go index 37ac07620..a2be66b3b 100644 --- a/pkg/rand/rand_linux.go +++ b/pkg/rand/rand_linux.go @@ -17,23 +17,46 @@ package rand import ( + "crypto/rand" "io" + "sync" "golang.org/x/sys/unix" ) // reader implements an io.Reader that returns pseudorandom bytes. -type reader struct{} +type reader struct { + once sync.Once + useGetrandom bool +} // Read implements io.Reader.Read. -func (reader) Read(p []byte) (int, error) { - return unix.Getrandom(p, 0) +func (r *reader) Read(p []byte) (int, error) { + r.once.Do(func() { + _, err := unix.Getrandom(p, 0) + if err != unix.ENOSYS { + r.useGetrandom = true + } + }) + + if r.useGetrandom { + return unix.Getrandom(p, 0) + } + return rand.Read(p) } // Reader is the default reader. -var Reader io.Reader = reader{} +var Reader io.Reader = &reader{} // Read reads from the default reader. func Read(b []byte) (int, error) { return io.ReadFull(Reader, b) } + +// Init can be called to make sure /dev/urandom is pre-opened on kernels that +// do not support getrandom(2). +func Init() error { + p := make([]byte, 1) + _, err := Read(p) + return err +} diff --git a/runsc/boot/BUILD b/runsc/boot/BUILD index a38a3a94e..c1e035d3b 100644 --- a/runsc/boot/BUILD +++ b/runsc/boot/BUILD @@ -25,6 +25,7 @@ go_library( "//pkg/control/server", "//pkg/cpuid", "//pkg/log", + "//pkg/rand", "//pkg/sentry/arch", "//pkg/sentry/context", "//pkg/sentry/control", diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index dc3c6c3d0..859446344 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -17,7 +17,7 @@ package boot import ( "fmt" - "math/rand" + mrand "math/rand" "os" "os/signal" "runtime" @@ -30,6 +30,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/abi/linux" "gvisor.googlesource.com/gvisor/pkg/cpuid" "gvisor.googlesource.com/gvisor/pkg/log" + "gvisor.googlesource.com/gvisor/pkg/rand" "gvisor.googlesource.com/gvisor/pkg/sentry/arch" "gvisor.googlesource.com/gvisor/pkg/sentry/control" "gvisor.googlesource.com/gvisor/pkg/sentry/fs/host" @@ -133,7 +134,7 @@ type execProcess struct { func init() { // Initialize the random number generator. - rand.Seed(gtime.Now().UnixNano()) + mrand.Seed(gtime.Now().UnixNano()) // Register the global syscall table. kernel.RegisterSyscallTable(slinux.AMD64) @@ -167,9 +168,16 @@ type Args struct { // New initializes a new kernel loader configured by spec. // New also handles setting up a kernel for restoring a container. func New(args Args) (*Loader, error) { + // We initialize the rand package now to make sure /dev/urandom is pre-opened + // on kernels that do not support getrandom(2). + if err := rand.Init(); err != nil { + return nil, fmt.Errorf("error setting up rand: %v", err) + } + if err := usage.Init(); err != nil { return nil, fmt.Errorf("error setting up memory usage: %v", err) } + // Create kernel and platform. p, err := createPlatform(args.Conf, args.DeviceFD) if err != nil { |