Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 6 Apr 2019 09:00:06 +0000 (UTC)
From:      Mark Murray <markm@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r345981 - stable/11/sys/dev/random
Message-ID:  <201904060900.x36906LW022393@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: markm
Date: Sat Apr  6 09:00:06 2019
New Revision: 345981
URL: https://svnweb.freebsd.org/changeset/base/345981

Log:
  Backport fixes from FreeBSD-12 to help the random(4) device thread
  not overwhelm the OS:
  
  a) Use the correct symbolic constant when calculating 10'ths of a
  second. This means that expensive reseeds happen at ony 1/10 Hz,
  not some kHz.
  
  b) Rate limit internal high-rate harveting efforts. This stops the
  harvesting thread from total overkilling the high-grade entropy-
  gathering work, while still being very conservatively safe.
  
  PR:		230808
  Reported by:	danilo,eugen
  Tested by:	eugen
  Approved by:	so (blanket permission granted as I am the authour of this code)
  Relnotes:	Yes

Modified:
  stable/11/sys/dev/random/fortuna.c
  stable/11/sys/dev/random/random_harvestq.c

Modified: stable/11/sys/dev/random/fortuna.c
==============================================================================
--- stable/11/sys/dev/random/fortuna.c	Sat Apr  6 06:02:42 2019	(r345980)
+++ stable/11/sys/dev/random/fortuna.c	Sat Apr  6 09:00:06 2019	(r345981)
@@ -358,7 +358,7 @@ random_fortuna_pre_read(void)
 	if (fortuna_state.fs_pool[0].fsp_length >= fortuna_state.fs_minpoolsize
 #ifdef _KERNEL
 	    /* FS&K - Use 'getsbinuptime()' to prevent reseed-spamming. */
-	    && (now - fortuna_state.fs_lasttime > hz/10)
+	    && (now - fortuna_state.fs_lasttime > SBT_1S/10)
 #endif
 	) {
 #ifdef _KERNEL

Modified: stable/11/sys/dev/random/random_harvestq.c
==============================================================================
--- stable/11/sys/dev/random/random_harvestq.c	Sat Apr  6 06:02:42 2019	(r345980)
+++ stable/11/sys/dev/random/random_harvestq.c	Sat Apr  6 09:00:06 2019	(r345981)
@@ -55,6 +55,10 @@ __FBSDID("$FreeBSD$");
 #include <machine/atomic.h>
 #include <machine/cpu.h>
 
+#include <crypto/rijndael/rijndael-api-fst.h>
+#include <crypto/sha2/sha256.h>
+
+#include <dev/random/hash.h>
 #include <dev/random/randomdev.h>
 #include <dev/random/random_harvestq.h>
 
@@ -209,8 +213,12 @@ random_sources_feed(void)
 	/* It's an indenting error. Yeah, Yeah. */
 #endif
 	local_read_rate = atomic_readandclear_32(&read_rate);
+	/* Perform at least one read per round */
+	local_read_rate = MAX(local_read_rate, 1);
+	/* But not exceeding RANDOM_KEYSIZE_WORDS */
+	local_read_rate = MIN(local_read_rate, RANDOM_KEYSIZE_WORDS);
 	LIST_FOREACH(rrs, &source_list, rrs_entries) {
-		for (i = 0; i < p_random_alg_context->ra_poolcount*(local_read_rate + 1); i++) {
+		for (i = 0; i < p_random_alg_context->ra_poolcount*local_read_rate; i++) {
 			n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
 			KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned too much data (%u > %zu)", __func__, n, sizeof(entropy)));
 			/* It would appear that in some circumstances (e.g. virtualisation),



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904060900.x36906LW022393>