From owner-svn-src-head@freebsd.org Sat Oct 27 15:09:36 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4716A108851C; Sat, 27 Oct 2018 15:09:36 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EED246DC0A; Sat, 27 Oct 2018 15:09:35 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CF95911ECA; Sat, 27 Oct 2018 15:09:35 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9RF9ZIO056769; Sat, 27 Oct 2018 15:09:35 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9RF9ZK1056767; Sat, 27 Oct 2018 15:09:35 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201810271509.w9RF9ZK1056767@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: Conrad Meyer Date: Sat, 27 Oct 2018 15:09:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339814 - in head/sys: dev/random sys X-SVN-Group: head X-SVN-Commit-Author: cem X-SVN-Commit-Paths: in head/sys: dev/random sys X-SVN-Commit-Revision: 339814 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Oct 2018 15:09:36 -0000 Author: cem Date: Sat Oct 27 15:09:35 2018 New Revision: 339814 URL: https://svnweb.freebsd.org/changeset/base/339814 Log: random(4): Match enabled sources mask to build options r287023 and r334450 added build option mechanisms to permanently disable spammy and/or low quality entropy sources. Follow-up those changes by updating the 'enabled' sources mask to match. When sources are compile-time disabled, represent them as disabled in the source mask, and prevent users from modifying that, like pure sources. (Modifying the mask bit would have no effect, but users might think it did if it was not prevented.) Mostly a cosmetic change. Reviewed by: markm Approved by: secteam (gordon) X-MFC-With: 334450 Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D17252 Modified: head/sys/dev/random/random_harvestq.c head/sys/sys/random.h Modified: head/sys/dev/random/random_harvestq.c ============================================================================== --- head/sys/dev/random/random_harvestq.c Sat Oct 27 14:44:39 2018 (r339813) +++ head/sys/dev/random/random_harvestq.c Sat Oct 27 15:09:35 2018 (r339814) @@ -64,6 +64,17 @@ __FBSDID("$FreeBSD$"); #include #include +#if defined(RANDOM_ENABLE_ETHER) +#define _RANDOM_HARVEST_ETHER_OFF 0 +#else +#define _RANDOM_HARVEST_ETHER_OFF (1u << RANDOM_NET_ETHER) +#endif +#if defined(RANDOM_ENABLE_UMA) +#define _RANDOM_HARVEST_UMA_OFF 0 +#else +#define _RANDOM_HARVEST_UMA_OFF (1u << RANDOM_UMA) +#endif + static void random_kthread(void); static void random_sources_feed(void); @@ -254,6 +265,10 @@ read_rate_increment(u_int chunk) static int random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS) { + static const u_int user_immutable_mask = + (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START)) | + _RANDOM_HARVEST_ETHER_OFF | _RANDOM_HARVEST_UMA_OFF; + int error; u_int value, orig_value; @@ -268,8 +283,8 @@ random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS) /* * Disallow userspace modification of pure entropy sources. */ - hc_source_mask = (value & ~RANDOM_HARVEST_PURE_MASK) | - (orig_value & RANDOM_HARVEST_PURE_MASK); + hc_source_mask = (value & ~user_immutable_mask) | + (orig_value & user_immutable_mask); return (0); } @@ -351,13 +366,17 @@ random_print_harvestmask_symbolic(SYSCTL_HANDLER_ARGS) static void random_harvestq_init(void *unused __unused) { + static const u_int almost_everything_mask = + (((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1) & + ~_RANDOM_HARVEST_ETHER_OFF & ~_RANDOM_HARVEST_UMA_OFF); + struct sysctl_oid *random_sys_o; random_sys_o = SYSCTL_ADD_NODE(&random_clist, SYSCTL_STATIC_CHILDREN(_kern_random), OID_AUTO, "harvest", CTLFLAG_RW, 0, "Entropy Device Parameters"); - hc_source_mask = RANDOM_HARVEST_EVERYTHING_MASK; + hc_source_mask = almost_everything_mask; SYSCTL_ADD_PROC(&random_clist, SYSCTL_CHILDREN(random_sys_o), OID_AUTO, "mask", CTLTYPE_UINT | CTLFLAG_RW, Modified: head/sys/sys/random.h ============================================================================== --- head/sys/sys/random.h Sat Oct 27 14:44:39 2018 (r339813) +++ head/sys/sys/random.h Sat Oct 27 15:09:35 2018 (r339814) @@ -92,9 +92,6 @@ enum random_entropy_source { _Static_assert(ENTROPYSOURCE <= 32, "hardcoded assumption that values fit in a typical word-sized bitset"); -#define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1) -#define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START)) - #define RANDOM_LEGACY_BOOT_ENTROPY_MODULE "/boot/entropy" #define RANDOM_CACHED_BOOT_ENTROPY_MODULE "boot_entropy_cache" #define RANDOM_CACHED_SKIP_START 256