From owner-svn-src-head@freebsd.org  Wed May  8 14:54:33 2019
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C63AD1589534;
 Wed,  8 May 2019 14:54:33 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5C99D76304;
 Wed,  8 May 2019 14:54:33 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4CF5B75C0;
 Wed,  8 May 2019 14:54:33 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x48EsXD4085818;
 Wed, 8 May 2019 14:54:33 GMT (envelope-from cem@FreeBSD.org)
Received: (from cem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x48EsXYD085817;
 Wed, 8 May 2019 14:54:33 GMT (envelope-from cem@FreeBSD.org)
Message-Id: <201905081454.x48EsXYD085817@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org
 using -f
From: Conrad Meyer <cem@FreeBSD.org>
Date: Wed, 8 May 2019 14:54:33 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r347329 - head/sys/dev/random
X-SVN-Group: head
X-SVN-Commit-Author: cem
X-SVN-Commit-Paths: head/sys/dev/random
X-SVN-Commit-Revision: 347329
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 5C99D76304
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.96)[-0.962,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 14:54:34 -0000

Author: cem
Date: Wed May  8 14:54:32 2019
New Revision: 347329
URL: https://svnweb.freebsd.org/changeset/base/347329

Log:
  random(4): Don't complain noisily when an entropy source is slow
  
  Mjg@ reports that RDSEED (r347239) causes a lot of logspam from this printf,
  and I don't feel that it is especially useful (even ratelimited).  There are
  many other quality/quantity checks we're not performing on entropy sources;
  lack of high frequency availability does not disqualify a good entropy
  source.
  
  There is some discussion in the linked Differential about what logging might
  be appropriate and/or polling policy for slower TRNG sources.  Please feel
  free to chime in if you have opinions.
  
  Reported by:	mjg
  Reviewed by:	markm, delphij
  Approved by:	secteam(delphij)
  X-MFC-With:	r347239
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D20195

Modified:
  head/sys/dev/random/random_harvestq.c

Modified: head/sys/dev/random/random_harvestq.c
==============================================================================
--- head/sys/dev/random/random_harvestq.c	Wed May  8 13:35:51 2019	(r347328)
+++ head/sys/dev/random/random_harvestq.c	Wed May  8 14:54:32 2019	(r347329)
@@ -235,15 +235,19 @@ random_sources_feed(void)
 		for (i = 0; i < p_random_alg_context->ra_poolcount*local_read_rate; i++) {
 			n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
 			KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned too much data (%u > %zu)", __func__, n, sizeof(entropy)));
-			/* It would appear that in some circumstances (e.g. virtualisation),
-			 * the underlying hardware entropy source might not always return
-			 * random numbers. Accept this but make a noise. If too much happens,
-			 * can that source be trusted?
+			/*
+			 * Sometimes the HW entropy source doesn't have anything
+			 * ready for us.  This isn't necessarily untrustworthy.
+			 * We don't perform any other verification of an entropy
+			 * source (i.e., length is allowed to be anywhere from 1
+			 * to sizeof(entropy), quality is unchecked, etc), so
+			 * don't balk verbosely at slow random sources either.
+			 * There are reports that RDSEED on x86 metal falls
+			 * behind the rate at which we query it, for example.
+			 * But it's still a better entropy source than RDRAND.
 			 */
-			if (n == 0) {
-				printf("%s: rs_read for hardware device '%s' returned no entropy.\n", __func__, rrs->rrs_source->rs_ident);
+			if (n == 0)
 				continue;
-			}
 			random_harvest_direct(entropy, n, rrs->rrs_source->rs_source);
 		}
 	}