From owner-freebsd-security@FreeBSD.ORG Sat Sep 22 08:03:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5836910657C4; Sat, 22 Sep 2012 08:03:10 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id E47538FC12; Sat, 22 Sep 2012 08:03:09 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 106D9CB4; Sat, 22 Sep 2012 10:02:07 +0200 (CEST) Date: Sat, 22 Sep 2012 10:03:23 +0200 From: Pawel Jakub Dawidek To: John Baldwin Message-ID: <20120922080323.GA1454@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline In-Reply-To: <201209200758.51924.jhb@freebsd.org> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Sat, 22 Sep 2012 11:19:06 +0000 Cc: Ben Laurie , freebsd-security@freebsd.org, RW , Jonathan Anderson , Mariusz Gromada Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Sep 2012 08:03:10 -0000 --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 20, 2012 at 07:58:51AM -0400, John Baldwin wrote: > On Thursday, September 20, 2012 6:21:04 am Pawel Jakub Dawidek wrote: > > I agree, we should do such analysis for much more devices and different > > kind of devices. A platform might be an important factor as well. > > It is hard to collect decent number of probes when reboot is needed, so > > what I'd recommend is to turn of SMP, boot into single module and > > kldload/kldunload a driver in a loop, of course with kernel patched to > > log those times. >=20 > This is not always representative. Any driver that uses a config intrhook > will run that synchronously during attach() in single user mode but will > not during boot. config intrhook's often go out and do things that take a > variable amount of time (poking hardware, waiting for interrupts, etc.). > That means that timing any such drivers from single user mode will likely > give you more variable attach() times than would occur during boot. Ok, to verify that I implemented some dummy driver that simply returns 0 on device_attach() and does nothing more. Additionally during probe I call device_quiet(dev). It turned out that printing device description during device_attach() over serial console (115200) make the call few orders of magnitude longer:), which in turn provides much more entropy so I wanted to avoid that. I booted the machine with SMP disabled and in single-user mode. I gathered 162833 samples: http://people.freebsd.org/~pjd/misc/device_attach_total_time.txt The values were between 15 and 16 bits, but to simplify things I assumed they are all 16 bits. I discarded top ten bits. This left me with 6bit values [0-63]: http://people.freebsd.org/~pjd/misc/device_attach_6bit.txt I compared empirical distribution with theoretical one and I got this: http://people.freebsd.org/~pjd/misc/device_attach_6bit.jpg Source in libreoffice: http://people.freebsd.org/~pjd/misc/device_attach_6bit.ods Mariusz can verify my findings here, but it looks like discarding top ten bits is enough even for very dummy drivers that don't interact with hardware at all. Note that discarding top ten bits effectively means that we expect 0.1% of the total device_attach() time to be unpredictably different. If discarding top ten bit in case of such dummy driver is enough, we could probably discard less from drivers that interact with real hardware, but even with 43 device_attach() calls during boot on similar hardware and assuming that we can get only 6 bits of entropy from each call, it gives us more than 256 bits of entropy. In other words I don't think we should further complicate this and that we should stick to entropy estimations from my current patch. Having similar tests for different architectures would be of course very welcome. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBdcMcACgkQForvXbEpPzThLwCdHtCMTdgPjYCPmi7FShi1X8Wv 90MAn3Ldd/1fzymsgNeaUK+pa4kcCcB1 =n8Ic -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9--