Date: Thu, 5 Jul 2012 23:39:02 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: John Baldwin <jhb@freebsd.org> Cc: src-committers@freebsd.org, Andrey Chernov <ache@freebsd.org>, svn-src-all@freebsd.org, David Chisnall <theraven@freebsd.org>, Attilio Rao <attilio@freebsd.org>, Konstantin Belousov <kostikbel@gmail.com>, svn-src-head@freebsd.org, markm@freebsd.org Subject: Re: svn commit: r238118 - head/lib/libc/gen Message-ID: <20120705213901.GA1442@garage.freebsd.pl> In-Reply-To: <201207050749.43210.jhb@freebsd.org> References: <201207041951.q64JpPXu029310@svn.freebsd.org> <8344944B-1CEE-4CAD-96FB-EC5A743F6909@FreeBSD.org> <CAJ-FndAGgkgi5W3LqgMkeK9AquQ=1RhhYcj4jnLmuRg2EwVuqA@mail.gmail.com> <201207050749.43210.jhb@freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, Jul 05, 2012 at 07:49:42AM -0400, John Baldwin wrote: > On Wednesday, July 04, 2012 4:45:54 pm Attilio Rao wrote: > > 2012/7/4 David Chisnall <theraven@freebsd.org>: > > > On 4 Jul 2012, at 21:32, Andrey Chernov wrote: > > > > > >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old > way > > >> initialization) always exists. > > > > > > From the perspective of Capsicum sandboxes, a device node is better than a > sysctl. The kernel must hard-code policy about which sysctls are permitted, > but access to file descriptors is decided on a per-sandbox basis and is > configurable by the user. The same applies to jails, although it's slightly > more effort to make device nodes appear inside a jail. > > > > Also don't understimate the locking factor here. > > I recall that at some point /dev/random was introducing some > > scalability penalty on php (maybe related to the suhosin patch) until > > kib made shared lookups available on devfs. IIRC, sysctls are still > > Giant locked. > > sysctls are not all Giant locked. KERN_ARND is marked MPSAFE, so it does not > use Giant: It doesn't really matter. Our in-kernel random generator has its own giant lock, so is basically single threaded. Compare results of those two on some SMP machine: # dd if=/dev/random of=/dev/null bs=1m count=1024 # sh -c 'for i in `jot $(sysctl -n hw.ncpu)`; do dd if=/dev/random of=/dev/null bs=1m count=128 & done' -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/2CXUACgkQForvXbEpPzS8/QCgr19zdVzPwBJXfplzypty7+zY FMUAniLFmLcedbL7iJo8BusoT/boo3Jh =YNK1 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120705213901.GA1442>