Date: Thu, 20 Sep 2012 18:39:58 -0700 From: David O'Brien <obrien@FreeBSD.org> To: John Baldwin <jhb@freebsd.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@freebsd.org>, Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com> Subject: Re: Proposed fix; stage 1 (Was: svn commit: r239569 - head/etc/rc.d) Message-ID: <20120921013958.GA41167@dragon.NUXI.org> In-Reply-To: <201209200844.10470.jhb@freebsd.org> References: <CAG5KPzzRxzVX-%2B9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com> <E1TDHb0-000FIh-0Z@groundzero.grondar.org> <20120919220819.GB25606@dragon.NUXI.org> <201209200844.10470.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 20, 2012 at 08:44:10AM -0400, John Baldwin wrote:
> I leave it up to someone else to explicitly ok that this data goes into
> the RANDOM_INTERRUPT queue with the claim of 2 bits of entropy:
>
> Index: sys/kern/kern_intr.c
...
>+ if (harvest.swi) {
>+ CTR3(KTR_INTR, "swi_sched: pid %d (%s) gathering entropy",
>+ curproc->p_pid, curthread->td_name);
CTR3(KTR_INTR, "%s: pid %d (%s) gathering entropy", __func__,
curproc->p_pid, curthread->td_name);
--or--
CTR2(KTR_INTR, "swi_sched: pid %d (%s) gathering entropy",
curproc->p_pid, curthread->td_name);
This seems to have captured some harvesting.
I applied your patch and only enabled harvest.swi with:
Index: harvest.c
===================================================================
--- harvest.c (revision 240694)
+++ harvest.c (working copy)
@@ -51 +51,7 @@ static int read_random_phony(void *, int
-struct harvest_select harvest = { 1, 1, 1, 0 };
+struct harvest_select harvest = {
+ 0, /*ethernet*/
+ 0, /*pt2pt*/
+ 0, /*intr*/
+ 1, /*swi*/
+ 0, /*devprobe*/
+};
ngoc# sysctl kern.random
kern.random.yarrow.gengateinterval: 10
kern.random.yarrow.bins: 10
kern.random.yarrow.fastthresh: 192
kern.random.yarrow.slowthresh: 256
kern.random.yarrow.slowoverthresh: 2
kern.random.sys.seeded: 1
kern.random.sys.harvest.ethernet: 0
kern.random.sys.harvest.point_to_point: 0
kern.random.sys.harvest.devprobe: 0
kern.random.sys.harvest.interrupt: 0
kern.random.sys.harvest.swi: 1
kern.random.sys.harvest.entropy_processed: write=0/0, keyboard=0/0,
mouse=0/0, net=0/0, interrupt=4235/3, device=0/0 pure=0/0
(note, this system is initialized as non-seeded as shown in my previous patch)
--
-- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120921013958.GA41167>