From owner-svn-src-all@FreeBSD.ORG Mon Nov 24 17:39:41 2008 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 130DD1065673; Mon, 24 Nov 2008 17:39:41 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 00C2D8FC1E; Mon, 24 Nov 2008 17:39:41 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mAOHdeG4093590; Mon, 24 Nov 2008 17:39:40 GMT (envelope-from cperciva@svn.freebsd.org) Received: (from cperciva@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mAOHde9Q093579; Mon, 24 Nov 2008 17:39:40 GMT (envelope-from cperciva@svn.freebsd.org) Message-Id: <200811241739.mAOHde9Q093579@svn.freebsd.org> From: Colin Percival Date: Mon, 24 Nov 2008 17:39:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185254 - head/sys/dev/random releng/6.3 releng/6.3/sys/conf releng/6.3/sys/dev/random releng/6.4 releng/6.4/sys/dev/random releng/7.0 releng/7.0/sys/conf releng/7.0/sys/dev/random stab... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2008 17:39:41 -0000 Author: cperciva Date: Mon Nov 24 17:39:39 2008 New Revision: 185254 URL: http://svn.freebsd.org/changeset/base/185254 Log: Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom returns. Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:11.arc4random Modified: releng/6.3/UPDATING releng/6.3/sys/conf/newvers.sh releng/6.3/sys/dev/random/randomdev.c releng/6.3/sys/dev/random/randomdev_soft.c releng/6.4/UPDATING releng/6.4/sys/dev/random/randomdev.c releng/6.4/sys/dev/random/randomdev_soft.c releng/7.0/UPDATING releng/7.0/sys/conf/newvers.sh releng/7.0/sys/dev/random/randomdev.c releng/7.0/sys/dev/random/randomdev_soft.c Changes in other areas also in this revision: Modified: head/sys/dev/random/randomdev.c head/sys/dev/random/randomdev_soft.c stable/6/sys/dev/random/randomdev.c stable/6/sys/dev/random/randomdev_soft.c stable/7/sys/dev/random/randomdev.c stable/7/sys/dev/random/randomdev_soft.c Modified: releng/6.3/UPDATING ============================================================================== --- releng/6.3/UPDATING Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.3/UPDATING Mon Nov 24 17:39:39 2008 (r185254) @@ -8,6 +8,10 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20081124: p6 FreeBSD-SA-08:11.arc4random + Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom + returns. + 20081002: p5 FreeBSD-SA-08:10.nd6 Default to ignoring potentially evil IPv6 Neighbor Solicitation messages. Modified: releng/6.3/sys/conf/newvers.sh ============================================================================== --- releng/6.3/sys/conf/newvers.sh Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.3/sys/conf/newvers.sh Mon Nov 24 17:39:39 2008 (r185254) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="6.3" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/6.3/sys/dev/random/randomdev.c ============================================================================== --- releng/6.3/sys/dev/random/randomdev.c Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.3/sys/dev/random/randomdev.c Mon Nov 24 17:39:39 2008 (r185254) @@ -89,6 +89,7 @@ random_close(struct cdev *dev __unused, && (securelevel_gt(td->td_ucred, 0) == 0)) { (*random_systat.reseed)(); random_systat.seeded = 1; + arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */ } return (0); Modified: releng/6.3/sys/dev/random/randomdev_soft.c ============================================================================== --- releng/6.3/sys/dev/random/randomdev_soft.c Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.3/sys/dev/random/randomdev_soft.c Mon Nov 24 17:39:39 2008 (r185254) @@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const u_int, u_int, enum esource); static int random_yarrow_poll(int event,struct thread *td); static int random_yarrow_block(int flag); +static void random_yarrow_flush_reseed(void); struct random_systat random_yarrow = { .ident = "Software, Yarrow", @@ -70,7 +71,7 @@ struct random_systat random_yarrow = { .read = random_yarrow_read, .write = random_yarrow_write, .poll = random_yarrow_poll, - .reseed = random_yarrow_reseed, + .reseed = random_yarrow_flush_reseed, .seeded = 1, }; @@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo; /* Harvested entropy */ static struct entropyfifo harvestfifo[ENTROPYSOURCE]; -/* <0 to end the kthread, 0 to let it run */ +/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */ static int random_kthread_control = 0; static struct proc *random_kthread_proc; @@ -247,7 +248,7 @@ random_kthread(void *arg __unused) local_count = 0; /* Process until told to stop */ - for (; random_kthread_control == 0;) { + for (; random_kthread_control >= 0;) { active = 0; @@ -282,6 +283,13 @@ random_kthread(void *arg __unused) KASSERT(local_count == 0, ("random_kthread: local_count %d", local_count)); + /* + * If a queue flush was commanded, it has now happened, + * and we can mark this by resetting the command. + */ + if (random_kthread_control == 1) + random_kthread_control = 0; + /* Found nothing, so don't belabour the issue */ if (!active) tsleep(&harvestfifo, 0, "-", hz / 10); @@ -406,3 +414,15 @@ random_yarrow_block(int flag) return error; } + +/* Helper routine to perform explicit reseeds */ +static void +random_yarrow_flush_reseed(void) +{ + /* Command a entropy queue flush and wait for it to finish */ + random_kthread_control = 1; + while (random_kthread_control) + tsleep(&harvestfifo, 0, "-", hz / 10); + + random_yarrow_reseed(); +} Modified: releng/6.4/UPDATING ============================================================================== --- releng/6.4/UPDATING Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.4/UPDATING Mon Nov 24 17:39:39 2008 (r185254) @@ -8,6 +8,10 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20081124: FreeBSD-SA-08:11.arc4random + Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom + returns. + 20080904: ntpd upgraded to 4.2.4p5. Modified: releng/6.4/sys/dev/random/randomdev.c ============================================================================== --- releng/6.4/sys/dev/random/randomdev.c Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.4/sys/dev/random/randomdev.c Mon Nov 24 17:39:39 2008 (r185254) @@ -89,6 +89,7 @@ random_close(struct cdev *dev __unused, && (securelevel_gt(td->td_ucred, 0) == 0)) { (*random_systat.reseed)(); random_systat.seeded = 1; + arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */ } return (0); Modified: releng/6.4/sys/dev/random/randomdev_soft.c ============================================================================== --- releng/6.4/sys/dev/random/randomdev_soft.c Mon Nov 24 17:34:00 2008 (r185253) +++ releng/6.4/sys/dev/random/randomdev_soft.c Mon Nov 24 17:39:39 2008 (r185254) @@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const u_int, u_int, enum esource); static int random_yarrow_poll(int event,struct thread *td); static int random_yarrow_block(int flag); +static void random_yarrow_flush_reseed(void); struct random_systat random_yarrow = { .ident = "Software, Yarrow", @@ -70,7 +71,7 @@ struct random_systat random_yarrow = { .read = random_yarrow_read, .write = random_yarrow_write, .poll = random_yarrow_poll, - .reseed = random_yarrow_reseed, + .reseed = random_yarrow_flush_reseed, .seeded = 1, }; @@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo; /* Harvested entropy */ static struct entropyfifo harvestfifo[ENTROPYSOURCE]; -/* <0 to end the kthread, 0 to let it run */ +/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */ static int random_kthread_control = 0; static struct proc *random_kthread_proc; @@ -247,7 +248,7 @@ random_kthread(void *arg __unused) local_count = 0; /* Process until told to stop */ - for (; random_kthread_control == 0;) { + for (; random_kthread_control >= 0;) { active = 0; @@ -282,6 +283,13 @@ random_kthread(void *arg __unused) KASSERT(local_count == 0, ("random_kthread: local_count %d", local_count)); + /* + * If a queue flush was commanded, it has now happened, + * and we can mark this by resetting the command. + */ + if (random_kthread_control == 1) + random_kthread_control = 0; + /* Found nothing, so don't belabour the issue */ if (!active) tsleep(&harvestfifo, 0, "-", hz / 10); @@ -406,3 +414,15 @@ random_yarrow_block(int flag) return error; } + +/* Helper routine to perform explicit reseeds */ +static void +random_yarrow_flush_reseed(void) +{ + /* Command a entropy queue flush and wait for it to finish */ + random_kthread_control = 1; + while (random_kthread_control) + tsleep(&harvestfifo, 0, "-", hz / 10); + + random_yarrow_reseed(); +} Modified: releng/7.0/UPDATING ============================================================================== --- releng/7.0/UPDATING Mon Nov 24 17:34:00 2008 (r185253) +++ releng/7.0/UPDATING Mon Nov 24 17:39:39 2008 (r185254) @@ -8,6 +8,10 @@ Items affecting the ports and packages s /usr/ports/UPDATING. Please read that file before running portupgrade. +20081124: p6 FreeBSD-SA-08:11.arc4random + Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom + returns. + 20081002: p5 FreeBSD-SA-08:10.nd6 Default to ignoring potentially evil IPv6 Neighbor Solicitation messages. Modified: releng/7.0/sys/conf/newvers.sh ============================================================================== --- releng/7.0/sys/conf/newvers.sh Mon Nov 24 17:34:00 2008 (r185253) +++ releng/7.0/sys/conf/newvers.sh Mon Nov 24 17:39:39 2008 (r185254) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="7.0" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/7.0/sys/dev/random/randomdev.c ============================================================================== --- releng/7.0/sys/dev/random/randomdev.c Mon Nov 24 17:34:00 2008 (r185253) +++ releng/7.0/sys/dev/random/randomdev.c Mon Nov 24 17:39:39 2008 (r185254) @@ -90,6 +90,7 @@ random_close(struct cdev *dev __unused, && (securelevel_gt(td->td_ucred, 0) == 0)) { (*random_systat.reseed)(); random_systat.seeded = 1; + arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */ } return (0); Modified: releng/7.0/sys/dev/random/randomdev_soft.c ============================================================================== --- releng/7.0/sys/dev/random/randomdev_soft.c Mon Nov 24 17:34:00 2008 (r185253) +++ releng/7.0/sys/dev/random/randomdev_soft.c Mon Nov 24 17:39:39 2008 (r185254) @@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const u_int, u_int, enum esource); static int random_yarrow_poll(int event,struct thread *td); static int random_yarrow_block(int flag); +static void random_yarrow_flush_reseed(void); struct random_systat random_yarrow = { .ident = "Software, Yarrow", @@ -70,7 +71,7 @@ struct random_systat random_yarrow = { .read = random_yarrow_read, .write = random_yarrow_write, .poll = random_yarrow_poll, - .reseed = random_yarrow_reseed, + .reseed = random_yarrow_flush_reseed, .seeded = 1, }; @@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo; /* Harvested entropy */ static struct entropyfifo harvestfifo[ENTROPYSOURCE]; -/* <0 to end the kthread, 0 to let it run */ +/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */ static int random_kthread_control = 0; static struct proc *random_kthread_proc; @@ -241,7 +242,7 @@ random_kthread(void *arg __unused) local_count = 0; /* Process until told to stop */ - for (; random_kthread_control == 0;) { + for (; random_kthread_control >= 0;) { active = 0; @@ -276,6 +277,13 @@ random_kthread(void *arg __unused) KASSERT(local_count == 0, ("random_kthread: local_count %d", local_count)); + /* + * If a queue flush was commanded, it has now happened, + * and we can mark this by resetting the command. + */ + if (random_kthread_control == 1) + random_kthread_control = 0; + /* Found nothing, so don't belabour the issue */ if (!active) pause("-", hz / 10); @@ -400,3 +408,15 @@ random_yarrow_block(int flag) return error; } + +/* Helper routine to perform explicit reseeds */ +static void +random_yarrow_flush_reseed(void) +{ + /* Command a entropy queue flush and wait for it to finish */ + random_kthread_control = 1; + while (random_kthread_control) + pause("-", hz / 10); + + random_yarrow_reseed(); +}