From owner-svn-src-all@freebsd.org Tue Sep 3 14:07:49 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E2577DD224; Tue, 3 Sep 2019 14:06:57 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N8011j4tz4Q4r; Tue, 3 Sep 2019 14:06:57 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id B84401AE06; Tue, 3 Sep 2019 14:06:22 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 6A01C1D6B6; Tue, 16 Apr 2019 15:17:40 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3213069A6F; Tue, 16 Apr 2019 15:17:40 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 1ACB71D6B5; Tue, 16 Apr 2019 15:17:40 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 6E89A1D6B3 for ; Tue, 16 Apr 2019 15:17:37 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-io1-f67.google.com (mail-io1-f67.google.com [209.85.166.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3294469A69; Tue, 16 Apr 2019 15:17:37 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-io1-f67.google.com with SMTP id b6so17964184iog.0; Tue, 16 Apr 2019 08:17:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=eFxP0v23LemMLdkZtcNbFOfwMKUt3TlaL94W1NiItWM=; b=WN/Wu+tUjve206M7vbpTtsIBM38hOqHqZ/bJpULZyqWHocwTbdmae9GLc0AklaYWx1 XRTEMjBaOATA2TDFV8rAQtMS1tLEEOp9X+Ep2Lx2Hl8VABLxJR1h/xMAbTwpRZo+WaR5 cllOFiH/ZzWn8VSTRSyjDq5dT/HcOoTwDq4laJwxzMsaih90DUtbZ+2uT/MPBhTqkKhC XrMfY2F8cFRLot75QlgN5bj7sNpp/Qr04OJRKPdCPwRn2FFn5BU/+2O3rCFmua9h83F2 LgU8U6Xyc/pTD++I2bIquI1CXUye8g93ceJz+oqTk45WjB3psg0ZXFbCs5a56EoH4MGh tY3Q== X-Gm-Message-State: APjAAAVHJqsny/9QgNhkmQUZ76GzGhkPkQtDMWXSo2SgnEOm5/PHO10O +wr0AZ5/qPTnivh63BkNJK656S5u X-Google-Smtp-Source: APXvYqzMtYOFmmXyhWwet7Z8Urm1HPQUr1LNgKlj5oJH7NMyu1hZ89kb7xgRxys+6AyAfR6Bzi6nhQ== X-Received: by 2002:a6b:3c0e:: with SMTP id k14mr55214266iob.162.1555427855314; Tue, 16 Apr 2019 08:17:35 -0700 (PDT) Received: from mail-it1-f174.google.com (mail-it1-f174.google.com. [209.85.166.174]) by smtp.gmail.com with ESMTPSA id t78sm9308473itb.39.2019.04.16.08.17.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Apr 2019 08:17:35 -0700 (PDT) Received: by mail-it1-f174.google.com with SMTP id y204so33599560itf.3; Tue, 16 Apr 2019 08:17:35 -0700 (PDT) X-Received: by 2002:a02:62ce:: with SMTP id d197mr22018379jac.91.1555427854989; Tue, 16 Apr 2019 08:17:34 -0700 (PDT) MIME-Version: 1.0 References: <201904151840.x3FIeaEQ009242@repo.freebsd.org> <20190416150352.c604a280368ccb2992a861e8@bidouilliste.com> In-Reply-To: Reply-To: cem@freebsd.org From: Conrad Meyer X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys To: Warner Losh Cc: src-committers , svn-src-all , svn-src-head Content-Type: text/plain; charset="UTF-8" Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 3213069A6F X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.976,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:07:49 -0000 X-Original-Date: Tue, 16 Apr 2019 08:17:24 -0700 X-List-Received-Date: Tue, 03 Sep 2019 14:07:49 -0000 On Tue, Apr 16, 2019 at 6:19 AM Warner Losh wrote: > On Tue, Apr 16, 2019, 7:04 AM Emmanuel Vadot wrote: >> It's not only CI, all release images (memstick, iso) don't have >> a /boot/entropy. >> Also all arm/arm64 image don't have this file too. >> If /boot/entropy is needed and isn't present loader(8) should gather >> some entropy and pass this to the kernel for the first boot. > > Maybe we need to bootstrap the entropy file as part of buildworld. I'm not sure if the loader can find enough... Well, one thing we should explicitly *not do* is distribute the same "entropy" to everyone in released images. So there is some difficulty here. Buildworld does not know if the target of the build is a one-off or a release image. Something like makerelease still seems inappropriately dangerous. The idea of loader-provided entropy is not that it generates the entropy itself, but that it can access the /boot/ filesystem to load entropy and pass it to the kernel as a fake module. I think we have identified that at least stack_chk_init was silently broken on a number of systems, using non-random stack guards. Now it's loudly broken. Ed has proposed a happy medium where we can check, in stack_chk_init, if the random device is seeded (via new KPI) and give users a big stick tunable to proceed without entropy or not. For now, I think we would default that to "proceed" just to unbreak CI and any other sharp corners. But the goal would be to default that to "panic" eventually. I don't know enough about stack_chk_init to determine how late it can be seeded. It seems to have come in in r180012 as a component of -fstack-protector. I will do a little investigating. Suggestions on appropriate reviewers welcome (I think ru@ is no longer with the project). Best regards, Conrad