Date: Thu, 20 Feb 2003 19:28:09 -0800 From: Kirk McKusick <mckusick@beastie.mckusick.com> To: Juli Mallett <jmallett@FreeBSD.ORG> Cc: src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG, "Andrey A. Chernov" <ache@nagual.pp.ru>, Nate Lawson <nate@root.org>, David Schultz <dschultz@uclink.Berkeley.EDU>, Poul-Henning Kamp <phk@critter.freebsd.dk> Subject: Re: cvs commit: src/sbin/newfs mkfs.c src/sys/ufs/ffs ffs_alloc.c ... Message-ID: <200302210328.h1L3S9FL058578@beastie.mckusick.com> In-Reply-To: Your message of "Fri, 14 Feb 2003 15:33:28 CST."
next in thread | raw e-mail | index | archive | help
Date: Fri, 14 Feb 2003 15:33:28 -0600 From: Juli Mallett <jmallett@FreeBSD.ORG> To: Kirk McKusick <mckusick@FreeBSD.ORG> Cc: src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/newfs mkfs.c src/sys/ufs/ffs ... * De: Kirk McKusick <mckusick@FreeBSD.org> [ Data: 2003-02-14 ] [ Subjecte: cvs commit: src/sbin/newfs mkfs.c ... > mckusick 2003/02/14 13:31:58 PST > > Modified files: > sbin/newfs mkfs.c > sys/ufs/ffs ffs_alloc.c ffs_vfsops.c > Log: > Replace use of random() with arc4random() to provide less guessable > values for the initial inode generation numbers in newfs and for > newly allocated inode generation numbers in the kernel. Are the sequences for it also repeatable in the newfs case for e.g. the regression tests, where it is used unseeded? Thanx, juli. -- Juli Mallett <jmallett@FreeBSD.org> AIM: BSDFlata -- IRC: juli on EFnet OpenDarwin, Mono, FreeBSD Developer ircd-hybrid Developer, EFnet addict FreeBSD on MIPS-Anything on FreeBSD Never trust an ELF, COFF or Mach-O! As has been pointed out, arc4random is a lot less guessable than than random. The reason that the fix needs to be in newfs is because it selects the random value for the root directory of the filesystem which is especially important that it not be guessable. Since the complaint at hand is that the regression is broken, I have fixed that problem in newfs itself. When the -R flag is given to newfs it substitutes a highly predictable and completely repeatable function for arc4random. Proposed fix below. Kirk McKusick =-=-=-=-= Index: mkfs.c =================================================================== RCS file: /usr/ncvs/src/sbin/newfs/mkfs.c,v retrieving revision 1.67 diff -c -r1.67 mkfs.c *** mkfs.c 2002/12/02 19:31:53 1.67 --- mkfs.c 2003/02/20 21:40:33 *************** *** 101,107 **** ((sblock.fs_magic == FS_UFS1_MAGIC) ? \ (dp)->dp1.field : (dp)->dp2.field) - static int randinit; static caddr_t iobuf; static long iobufsize; static ufs2_daddr_t alloc(int size, int mode); --- 98,103 ---- *************** *** 117,122 **** --- 113,119 ---- static void setblock(struct fs *, unsigned char *, int); static void wtfs(ufs2_daddr_t, int, char *); static void wtfsflush(void); + static u_int32_t newfs_random(void); void mkfs(struct partition *pp, char *fsys) *************** *** 128,140 **** int width; char tmpbuf[100]; /* XXX this will break in about 2,500 years */ ! if (Rflag) utime = 1000000000; ! else time(&utime); ! if (!Rflag && !randinit) { ! randinit = 1; ! srandomdev(); } sblock.fs_old_flags = FS_FLAGS_UPDATED; sblock.fs_flags = 0; --- 125,135 ---- int width; char tmpbuf[100]; /* XXX this will break in about 2,500 years */ ! if (Rflag) { utime = 1000000000; ! } else { time(&utime); ! arc4random_stir(); } sblock.fs_old_flags = FS_FLAGS_UPDATED; sblock.fs_flags = 0; *************** *** 393,399 **** sblock.fs_state = 0; sblock.fs_clean = 1; sblock.fs_id[0] = (long)utime; ! sblock.fs_id[1] = random(); sblock.fs_fsmnt[0] = '\0'; csfrags = howmany(sblock.fs_cssize, sblock.fs_fsize); sblock.fs_dsize = sblock.fs_size - sblock.fs_sblkno - --- 388,394 ---- sblock.fs_state = 0; sblock.fs_clean = 1; sblock.fs_id[0] = (long)utime; ! sblock.fs_id[1] = newfs_random(); sblock.fs_fsmnt[0] = '\0'; csfrags = howmany(sblock.fs_cssize, sblock.fs_fsize); sblock.fs_dsize = sblock.fs_size - sblock.fs_sblkno - *************** *** 655,664 **** dp2 = (struct ufs2_dinode *)(&iobuf[start]); for (i = 0; i < acg.cg_initediblk; i++) { if (sblock.fs_magic == FS_UFS1_MAGIC) { ! dp1->di_gen = random(); dp1++; } else { ! dp2->di_gen = random(); dp2++; } } --- 650,659 ---- dp2 = (struct ufs2_dinode *)(&iobuf[start]); for (i = 0; i < acg.cg_initediblk; i++) { if (sblock.fs_magic == FS_UFS1_MAGIC) { ! dp1->di_gen = newfs_random(); dp1++; } else { ! dp2->di_gen = newfs_random(); dp2++; } } *************** *** 672,678 **** i += sblock.fs_frag) { dp1 = (struct ufs1_dinode *)(&iobuf[start]); for (j = 0; j < INOPB(&sblock); j++) { ! dp1->di_gen = random(); dp1++; } wtfs(fsbtodb(&sblock, cgimin(&sblock, cylno) + i), --- 667,673 ---- i += sblock.fs_frag) { dp1 = (struct ufs1_dinode *)(&iobuf[start]); for (j = 0; j < INOPB(&sblock); j++) { ! dp1->di_gen = newfs_random(); dp1++; } wtfs(fsbtodb(&sblock, cgimin(&sblock, cylno) + i), *************** *** 1042,1045 **** --- 1037,1054 ---- if (1 << n == val) return (n); errx(1, "ilog2: %d is not a power of 2\n", val); + } + + /* + * For the regression test, return predictable random values. + * Otherwise use a true random number generator. + */ + static u_int32_t + newfs_random(void) + { + static int nextnum = 1; + + if (Rflag) + return (nextnum++); + return (arc4random()); } Index: ref.test =================================================================== RCS file: /usr/ncvs/src/sbin/newfs/ref.test,v retrieving revision 1.1 diff -c -r1.1 ref.test *** ref.test 2002/03/19 21:05:29 1.1 --- ref.test 2003/02/21 03:24:23 *************** *** 1,7 **** # $FreeBSD: src/sbin/newfs/ref.test,v 1.1 2002/03/19 21:05:29 phk Exp $ ! ba20315918bf2d2885eed49fee03e3ca ! e2170dc5d6bd192f85da9d1085550265 ! 510df6ee7aadd7a5477b47c1a967e8db ! 47a1a6afcd21c166f32027020b0b6a7e ! 6e3b83f554b0216206a2768f8b01d9a1 ! f6035a903644e118f09c6041fb29f7ce --- 1,7 ---- # $FreeBSD: src/sbin/newfs/ref.test,v 1.1 2002/03/19 21:05:29 phk Exp $ ! 00c08266df6b0c79d2673515c182216a ! c00458f223a9119190591e8b8679bf97 ! 7d5b3c75244898dbb07a4cd20860c8a1 ! a69179c925b67edc20c289c3321ae87a ! 4d1c6cf3c563044a59c3d426bb890ece ! 841ed8884da029d4590b56b2f033f404 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302210328.h1L3S9FL058578>