[ovs-git] Open vSwitch: stream-ssl: Avoid logging no-match error redundantly. (master)

dev at openvswitch.org dev at openvswitch.org
Thu Aug 9 21:19:52 UTC 2012

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, master has been updated
       via  b6d729adb55c24fdeafecdae8565ba04586b93a0 (commit)
       via  47ebcf25ef6d1475b5e634d79218ad553f72fdcd (commit)
      from  eefbf18198a131d479762b1d37be3552e7271acb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b6d729adb55c24fdeafecdae8565ba04586b93a0
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=b6d729adb55c24fdeafecdae8565ba04586b93a0
Author: Ben Pfaff <blp at nicira.com>
stream-ssl: Avoid logging no-match error redundantly.
If we've already reported an error at this point, then we currently report
a no-match error also, but that doesn't add any useful information; it's
just noise in the log.

Signed-off-by: Ben Pfaff <blp at nicira.com>

commit 47ebcf25ef6d1475b5e634d79218ad553f72fdcd
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=47ebcf25ef6d1475b5e634d79218ad553f72fdcd
Author: Ben Pfaff <blp at nicira.com>
stream-ssl: Seed OpenSSL if it fails to seed itself.
We occasionally see OpenSSL fail to seed its random number generator in
heavily loaded hypervisors.  I suspect the following scenario:

1. OpenSSL calls read() to get 32 bytes from /dev/urandom.
2. The kernel generates 10 bytes of randomness and copies it out.
3. A signal arrives (perhaps SIGALRM).
4. The kernel interrupts the system call to service the signal.
5. Userspace gets 10 bytes of entropy.
6. OpenSSL doesn't read again to get the final 22 bytes.  Therefore
   OpenSSL doesn't have enough entropy to consider itself initialized.
   It never tries again, so we're stuck forever.

The only part I'm not entirely sure about is #6, because the OpenSSL code
is so hard to read.

Thanks to Alex Yip for suggesting that this might be a startup problem.

Bug #10164.
Reported-by: Ram Jothikumar <ram at nicira.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>


Summary of changes:
 lib/stream-ssl.c |   34 +++++++++++++++++++++++++++++++++-
 1 files changed, 33 insertions(+), 1 deletions(-)

Open vSwitch

More information about the git mailing list