From owner-svn-src-head@freebsd.org Sat Aug 22 12:59:09 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C36D9BD0EB; Sat, 22 Aug 2015 12:59:09 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3AE913A6; Sat, 22 Aug 2015 12:59:09 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7MCx9Br093714; Sat, 22 Aug 2015 12:59:09 GMT (envelope-from markm@FreeBSD.org) Received: (from markm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7MCx6bn093702; Sat, 22 Aug 2015 12:59:06 GMT (envelope-from markm@FreeBSD.org) Message-Id: <201508221259.t7MCx6bn093702@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markm set sender to markm@FreeBSD.org using -f From: Mark Murray Date: Sat, 22 Aug 2015 12:59:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r287023 - in head: share/man/man4 sys/conf sys/dev/random sys/sys sys/vm X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Aug 2015 12:59:09 -0000 Author: markm Date: Sat Aug 22 12:59:05 2015 New Revision: 287023 URL: https://svnweb.freebsd.org/changeset/base/287023 Log: Make the UMA harvesting go away completely if not wanted. Default to "not wanted". Provide and document the RANDOM_ENABLE_UMA option. Change RANDOM_FAST to RANDOM_UMA to clarify the harvesting. Remove RANDOM_DEBUG option, replace with SDT probes. These will be of use to folks measuring the harvesting effect when deciding whether to use RANDOM_ENABLE_UMA. Requested by: scottl and others. Approved by: so (/dev/random blanket) Differential Revision: https://reviews.freebsd.org/D3197 Modified: head/share/man/man4/random.4 head/sys/conf/NOTES head/sys/conf/options head/sys/dev/random/build.sh head/sys/dev/random/fortuna.c head/sys/dev/random/random_harvestq.c head/sys/dev/random/unit_test.c head/sys/dev/random/yarrow.c head/sys/sys/random.h head/sys/vm/uma_core.c Modified: head/share/man/man4/random.4 ============================================================================== --- head/share/man/man4/random.4 Sat Aug 22 07:45:49 2015 (r287022) +++ head/share/man/man4/random.4 Sat Aug 22 12:59:05 2015 (r287023) @@ -32,6 +32,7 @@ .Sh SYNOPSIS .Cd "device random" .Cd "options RANDOM_LOADABLE" +.Cd "options RANDOM_ENABLE_UMA" .Sh DESCRIPTION The .Nm @@ -177,6 +178,24 @@ must be locked against load and unload events, and also must be indirect calls to allow for removal. +.Pp +When +.Cd "options RANDOM_ENABLE_UMA" +is used, +the +.Pa /dev/random +device will obtain entropy +from the zone allocator. +This is potentially very high rate, +and if so will be of questionable use. +If this is the case, +use of this option +is not recommended. +Determining this is not trivial, +so experimenting and measurement +using tools such as +.Xr dtrace 1 +will be required. .Sh RANDOMNESS The use of randomness in the field of computing is a rather subtle issue because randomness means Modified: head/sys/conf/NOTES ============================================================================== --- head/sys/conf/NOTES Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/conf/NOTES Sat Aug 22 12:59:05 2015 (r287023) @@ -2985,8 +2985,10 @@ options MAXFILES=999 #options RANDOM_YARROW # Yarrow CSPRNG (old default) #options RANDOM_LOADABLE # Allow the algorithm to be loaded as # a module. -# For developers. -options RANDOM_DEBUG # Extra debugging messages +# Select this to allow high-rate but potentially expensive +# harvesting of Slab-Allocator entropy. In very high-rate +# situations the value of doing this is dubious at best. +options RANDOM_ENABLE_UMA # slab allocator # Module to enable execution of application via emulators like QEMU options IMAGACT_BINMISC Modified: head/sys/conf/options ============================================================================== --- head/sys/conf/options Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/conf/options Sat Aug 22 12:59:05 2015 (r287023) @@ -945,17 +945,16 @@ RACCT_DEFAULT_TO_DISABLED opt_global.h RCTL opt_global.h # Random number generator(s) -# The DEBUG option is in global.h as the random harvesting -# puts probes all over the place, and it makes little sense -# to pollute these headers with an extra include. -RANDOM_DEBUG opt_random.h -# Which CSPRNG hashes we get. +# Which CSPRNG hash we get. # If Yarrow is not chosen, Fortuna is selected. RANDOM_YARROW opt_random.h # With this, no entropy processor is loaded, but the entropy # harvesting infrastructure is present. This means an entropy # processor may be loaded as a module. RANDOM_LOADABLE opt_random.h +# This turns on high-rate and potentially expensive harvesting in +# the uma slab allocator. +RANDOM_ENABLE_UMA opt_global.h # Intel em(4) driver EM_MULTIQUEUE opt_em.h Modified: head/sys/dev/random/build.sh ============================================================================== --- head/sys/dev/random/build.sh Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/dev/random/build.sh Sat Aug 22 12:59:05 2015 (r287023) @@ -35,7 +35,7 @@ # <(sed -e 's/fortuna/wombat/g' \ # -e 's/FORTUNA/WOMBAT/g' fortuna.c) | less # -cc -g -O0 -pthread -DRANDOM_DEBUG \ +cc -g -O0 -pthread \ -I../.. -lstdthreads -Wall \ unit_test.c \ yarrow.c \ @@ -46,7 +46,7 @@ cc -g -O0 -pthread -DRANDOM_DEBUG \ ../../crypto/sha2/sha256c.c \ -lz \ -o yunit_test -cc -g -O0 -pthread -DRANDOM_DEBUG \ +cc -g -O0 -pthread \ -I../.. -lstdthreads -Wall \ unit_test.c \ fortuna.c \ Modified: head/sys/dev/random/fortuna.c ============================================================================== --- head/sys/dev/random/fortuna.c Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/dev/random/fortuna.c Sat Aug 22 12:59:05 2015 (r287023) @@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -94,6 +95,11 @@ CTASSERT(RANDOM_FORTUNA_DEFPOOLSIZE <= R CTASSERT(RANDOM_BLOCKSIZE == sizeof(uint128_t)); CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE); +/* Probes for dtrace(1) */ +SDT_PROVIDER_DECLARE(random); +SDT_PROVIDER_DEFINE(random); +SDT_PROBE_DEFINE2(random, fortuna, event_processor, debug, "u_int", "struct fs_pool *"); + /* * This is the beastie that needs protecting. It contains all of the * state that we are excited about. Exactly one is instantiated. @@ -379,16 +385,7 @@ random_fortuna_pre_read(void) } else break; } -#ifdef RANDOM_DEBUG - { - u_int j; - - printf("random: reseedcount [%d]", fortuna_state.fs_reseedcount); - for (j = 0; j < RANDOM_FORTUNA_NPOOLS; j++) - printf(" %X", fortuna_state.fs_pool[j].fsp_length); - printf("\n"); - } -#endif + SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool); /* FS&K */ random_fortuna_reseed_internal(s, i < RANDOM_FORTUNA_NPOOLS ? i + 1 : RANDOM_FORTUNA_NPOOLS); /* Clean up and secure */ Modified: head/sys/dev/random/random_harvestq.c ============================================================================== --- head/sys/dev/random/random_harvestq.c Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/dev/random/random_harvestq.c Sat Aug 22 12:59:05 2015 (r287023) @@ -170,7 +170,7 @@ random_kthread(void) /* XXX: FIX!! Increase the high-performance data rate? Need some measurements first. */ for (i = 0; i < RANDOM_ACCUM_MAX; i++) { if (harvest_context.hc_entropy_fast_accumulator.buf[i]) { - random_harvest_direct(harvest_context.hc_entropy_fast_accumulator.buf + i, sizeof(harvest_context.hc_entropy_fast_accumulator.buf[0]), 4, RANDOM_FAST); + random_harvest_direct(harvest_context.hc_entropy_fast_accumulator.buf + i, sizeof(harvest_context.hc_entropy_fast_accumulator.buf[0]), 4, RANDOM_UMA); harvest_context.hc_entropy_fast_accumulator.buf[i] = 0; } } @@ -261,7 +261,7 @@ static const char *(random_source_descr[ "INTERRUPT", "SWI", "FS_ATIME", - "HIGH_PERFORMANCE", /* ENVIRONMENTAL_END */ + "UMA", /* ENVIRONMENTAL_END */ "PURE_OCTEON", "PURE_SAFE", "PURE_GLXSB", Modified: head/sys/dev/random/unit_test.c ============================================================================== --- head/sys/dev/random/unit_test.c Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/dev/random/unit_test.c Sat Aug 22 12:59:05 2015 (r287023) @@ -29,7 +29,7 @@ /* Build this by going: -cc -g -O0 -pthread -DRANDOM_ -DRANDOM_DEBUG -I../.. -lstdthreads -Wall \ +cc -g -O0 -pthread -DRANDOM_ -I../.. -lstdthreads -Wall \ unit_test.c \ yarrow.c \ fortuna.c \ Modified: head/sys/dev/random/yarrow.c ============================================================================== --- head/sys/dev/random/yarrow.c Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/dev/random/yarrow.c Sat Aug 22 12:59:05 2015 (r287023) @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -77,6 +78,11 @@ __FBSDID("$FreeBSD$"); CTASSERT(RANDOM_BLOCKSIZE == sizeof(uint128_t)); CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE); +/* Probes for dtrace(1) */ +SDT_PROVIDER_DECLARE(random); +SDT_PROVIDER_DEFINE(random); +SDT_PROBE_DEFINE3(random, yarrow, event_processor, debug, "boolean", "u_int", "struct ys_pool *"); + /* * This is the beastie that needs protecting. It contains all of the * state that we are excited about. Exactly one is instantiated. @@ -261,20 +267,7 @@ random_yarrow_reseed_internal(u_int fast KASSERT(yarrow_state.ys_pool[RANDOM_YARROW_FAST].ysp_thresh > 0, ("random: Yarrow fast threshold = 0")); KASSERT(yarrow_state.ys_pool[RANDOM_YARROW_SLOW].ysp_thresh > 0, ("random: Yarrow slow threshold = 0")); RANDOM_RESEED_ASSERT_LOCK_OWNED(); -#ifdef RANDOM_DEBUG - /* WARNING! This is dangerously tedious to do with mutexes held! */ - printf("random: %s ", __func__); - printf("type/pool = %s ", fastslow == RANDOM_YARROW_FAST ? "RANDOM_YARROW_FAST" : "RANDOM_YARROW_SLOW"); - printf("seeded = %s\n", yarrow_state.ys_seeded ? "true" : "false"); - printf("random: fast - thresh %d,1 - ", yarrow_state.ys_pool[RANDOM_YARROW_FAST].ysp_thresh); - for (i = RANDOM_START; i < ENTROPYSOURCE; i++) - printf(" %d", yarrow_state.ys_pool[RANDOM_YARROW_FAST].ysp_source_bits[i]); - printf("\n"); - printf("random: slow - thresh %d,%d - ", yarrow_state.ys_pool[RANDOM_YARROW_SLOW].ysp_thresh, yarrow_state.ys_slowoverthresh); - for (i = RANDOM_START; i < ENTROPYSOURCE; i++) - printf(" %d", yarrow_state.ys_pool[RANDOM_YARROW_SLOW].ysp_source_bits[i]); - printf("\n"); -#endif + SDT_PROBE3(random, yarrow, event_processor, debug, yarrow_state.ys_seeded, yarrow_state.ys_slowoverthresh, yarrow_state.ys_pool); /* 1. Hash the accumulated entropy into v[0] */ randomdev_hash_init(&context); /* Feed the slow pool hash in if slow */ Modified: head/sys/sys/random.h ============================================================================== --- head/sys/sys/random.h Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/sys/random.h Sat Aug 22 12:59:05 2015 (r287023) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2000-2013 Mark R. V. Murray + * Copyright (c) 2000-2015 Mark R. V. Murray * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -35,9 +35,11 @@ #include "opt_random.h" +#if !defined(KLD_MODULE) #if defined(RANDOM_LOADABLE) && defined(RANDOM_YARROW) #error "Cannot define both RANDOM_LOADABLE and RANDOM_YARROW" #endif +#endif struct uio; @@ -78,8 +80,8 @@ enum random_entropy_source { RANDOM_INTERRUPT, RANDOM_SWI, RANDOM_FS_ATIME, - RANDOM_FAST, /* Special!! Miscellaneous high performance stuff, like UMA/SLAB Allocator */ - RANDOM_ENVIRONMENTAL_END = RANDOM_FAST, + RANDOM_UMA, /* Special!! UMA/SLAB Allocator */ + RANDOM_ENVIRONMENTAL_END = RANDOM_UMA, /* Fast hardware random-number sources from here on. */ RANDOM_PURE_OCTEON, RANDOM_PURE_SAFE, @@ -105,6 +107,12 @@ void random_harvest_direct(const void *, #define random_harvest_direct(a, b, c, d) do {} while (0) #endif +#if defined(RANDOM_ENABLE_UMA) +#define random_harvest_fast_uma(a, b, c, d) random_harvest_fast(a, b, c, d) +#else /* !defined(RANDOM_ENABLE_UMA) */ +#define random_harvest_fast_uma(a, b, c, d) do {} while (0) +#endif /* defined(RANDOM_ENABLE_UMA) */ + #endif /* _KERNEL */ #endif /* _SYS_RANDOM_H_ */ Modified: head/sys/vm/uma_core.c ============================================================================== --- head/sys/vm/uma_core.c Sat Aug 22 07:45:49 2015 (r287022) +++ head/sys/vm/uma_core.c Sat Aug 22 12:59:05 2015 (r287023) @@ -2135,8 +2135,8 @@ uma_zalloc_arg(uma_zone_t zone, void *ud int lockfail; int cpu; - /* XXX: FIX? The entropy here is desirable, but the harvesting may be expensive */ - random_harvest_fast(&zone, sizeof(zone), 1, RANDOM_FAST); + /* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */ + random_harvest_fast_uma(&zone, sizeof(zone), 1, RANDOM_UMA); /* This is the fast path allocation */ #ifdef UMA_DEBUG_ALLOC_1 @@ -2677,8 +2677,8 @@ uma_zfree_arg(uma_zone_t zone, void *ite int lockfail; int cpu; - /* XXX: FIX? The entropy here is desirable, but the harvesting may be expensive */ - random_harvest_fast(&zone, sizeof(zone), 1, RANDOM_FAST); + /* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */ + random_harvest_fast_uma(&zone, sizeof(zone), 1, RANDOM_UMA); #ifdef UMA_DEBUG_ALLOC_1 printf("Freeing item %p to %s(%p)\n", item, zone->uz_name, zone);