From owner-freebsd-security@FreeBSD.ORG  Fri Sep 21 01:39:59 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 664)
	id E14931065673; Fri, 21 Sep 2012 01:39:59 +0000 (UTC)
Date: Thu, 20 Sep 2012 18:39:58 -0700
From: David O'Brien <obrien@FreeBSD.org>
To: John Baldwin <jhb@freebsd.org>
Message-ID: <20120921013958.GA41167@dragon.NUXI.org>
References: <CAG5KPzzRxzVX-+9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com>
	<E1TDHb0-000FIh-0Z@groundzero.grondar.org>
	<20120919220819.GB25606@dragon.NUXI.org>
	<201209200844.10470.jhb@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201209200844.10470.jhb@freebsd.org>
X-Operating-System: FreeBSD 10.0-CURRENT
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Arthur Mesh <arthurmesh@gmail.com>,
	Ian Lepore <freebsd@damnhippie.dyndns.org>,
	Doug Barton <dougb@freebsd.org>, Ben Laurie <benl@freebsd.org>,
	freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>
Subject: Re: Proposed fix; stage 1 (Was: svn commit: r239569 - head/etc/rc.d)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: obrien@freebsd.org
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2012 01:40:00 -0000

On Thu, Sep 20, 2012 at 08:44:10AM -0400, John Baldwin wrote:
> I leave it up to someone else to explicitly ok that this data goes into
> the RANDOM_INTERRUPT queue with the claim of 2 bits of entropy:
> 
> Index: sys/kern/kern_intr.c
...
>+	if (harvest.swi) {
>+		CTR3(KTR_INTR, "swi_sched: pid %d (%s) gathering entropy",
>+		    curproc->p_pid, curthread->td_name);

		CTR3(KTR_INTR, "%s: pid %d (%s) gathering entropy", __func__,
		    curproc->p_pid, curthread->td_name);
--or-- 
		CTR2(KTR_INTR, "swi_sched: pid %d (%s) gathering entropy",
		    curproc->p_pid, curthread->td_name);

This seems to have captured some harvesting.
I applied your patch and only enabled harvest.swi with:
Index: harvest.c
===================================================================
--- harvest.c	(revision 240694)
+++ harvest.c	(working copy)
@@ -51 +51,7 @@ static int read_random_phony(void *, int
-struct harvest_select harvest = { 1, 1, 1, 0 };
+struct harvest_select harvest = {
+	0,	/*ethernet*/
+	0,	/*pt2pt*/
+	0,	/*intr*/
+	1,	/*swi*/
+	0,	/*devprobe*/
+};


ngoc# sysctl kern.random
kern.random.yarrow.gengateinterval: 10
kern.random.yarrow.bins: 10
kern.random.yarrow.fastthresh: 192
kern.random.yarrow.slowthresh: 256
kern.random.yarrow.slowoverthresh: 2
kern.random.sys.seeded: 1
kern.random.sys.harvest.ethernet: 0
kern.random.sys.harvest.point_to_point: 0
kern.random.sys.harvest.devprobe: 0
kern.random.sys.harvest.interrupt: 0
kern.random.sys.harvest.swi: 1
kern.random.sys.harvest.entropy_processed: write=0/0, keyboard=0/0,
mouse=0/0, net=0/0, interrupt=4235/3, device=0/0 pure=0/0

(note, this system is initialized as non-seeded as shown in my previous patch)
-- 
-- David  (obrien@FreeBSD.org)