From owner-freebsd-arch@FreeBSD.ORG Thu Aug 8 19:32:28 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 630BF1F5 for ; Thu, 8 Aug 2013 19:32:28 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2F6612E0E for ; Thu, 8 Aug 2013 19:32:27 +0000 (UTC) Received: by mail-ie0-f181.google.com with SMTP id x14so2461342ief.26 for ; Thu, 08 Aug 2013 12:32:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:sender:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=rhpRaROoxLnGf68SPkNXfmb4LZ0b5i+7nm80RqUSAVc=; b=i/3l3PhwZrZaerI6+EqGYOTIQhXUkxu/eHj4KZLHGTuMj4WO9MuLia5VlDJmO1DXfv k2Z2mLbI13VYliZIQvcfaB6/H3ycKPQZfC+dbcENQHftrStYDA24EKg+BmjN5VzpILVK DgXTEuVM1n1XgWfFR/nBUJgsVKw9cGWpRwVHl6pufUg788pxRquPgFO0lHQqPHZ9egj6 AoJWCY1Nt3hoC0/Qh1acoJt29rbRGWmPY4R91lAjzf0gOuLlZrb1fUAo9QmKFOXhMDQo whNmO1ByXT/TcPr2PwZHsfyWB+d9bvhDUb2gcvupHQVqCbMaKvWNB4kkc8IcrZHTLj6q MLlg== X-Gm-Message-State: ALoCoQmn9iECHEHl4ffWSX4G5MSIYhCCYypop7pDUKUgypa9c4A8kGq5+aPjwByleCvBDawlPOx9 X-Received: by 10.50.47.20 with SMTP id z20mr264743igm.34.1375989847779; Thu, 08 Aug 2013 12:24:07 -0700 (PDT) Received: from monkey-bot.int.fusionio.com ([209.117.142.2]) by mx.google.com with ESMTPSA id nm17sm8510394igb.5.2013.08.08.12.24.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 08 Aug 2013 12:24:06 -0700 (PDT) Sender: Warner Losh Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Warner Losh In-Reply-To: <201308081023.53040.jhb@freebsd.org> Date: Thu, 8 Aug 2013 13:24:03 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130807182858.GA79286@dragon.NUXI.org> <20130807192736.GA7099@troutmask.apl.washington.edu> <201308081023.53040.jhb@freebsd.org> To: John Baldwin X-Mailer: Apple Mail (2.1085) Cc: Arthur Mesh , Steve Kargl , secteam@freebsd.org, freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Aug 2013 19:32:28 -0000 On Aug 8, 2013, at 8:23 AM, John Baldwin wrote: > On Wednesday, August 07, 2013 4:20:29 pm Peter Wemm wrote: >> On Wed, Aug 7, 2013 at 12:27 PM, Steve Kargl >> wrote: >>> On Wed, Aug 07, 2013 at 11:28:58AM -0700, David O'Brien wrote: >>>>=20 >>>> * Make Yarrow an optional kernel component -- enabled by = "YARROW_RNG" >>>> option. The files sha2.c, hash.c, randomdev_soft.c and yarrow.c >>>> comprise yarrow. random(4) device doesn't really depend on >>>> rijndael-*. Yarrow, however, does. >>>>=20 >>>> * If the kernel doesn't have any random_adaptor adapters present = then >>>> the creation of /dev/random is postponed until next random_adaptor >>>> is kldload'ed. >>>=20 >>> My kernel config files have included the following 2 lines for >>> ages: >>>=20 >>> makeoptions NO_MODULES >>> device random >>>=20 >>> If I try to build a new kernel under your scheme, will the >>> build die with an error about a missing option? If the answer >>> is 'no', then the yarrow adaptor should be opt-out. >>=20 >> That's the main point here. >>=20 >> If I'm running on a working system, I have a reasonable expectation >> that the kernel config I was using yesterday will work sufficiently >> tomorrow that I won't get hosed by doing a 'svn update && make >> buildkernel && make installkernel'. >>=20 >> If that's not the case and there is a required change in order to not >> hose your system then POLA dictates that not making the required >> changes causes a build failure. >>=20 >> There's more leeway on head than a stable branch, but remember that >> when people upgrade from 9.x to 10.x they tend to take their 9.x >> kernel configs and make whatever changes are needed to get it to >> build. The 9-stable -> 10-release config path needs to catch fatal >> errors like this at build time. >>=20 >> Patching GENERIC isn't a complete solution. It doesn't solve the >> 'yesterday it worked, today it's a brick' problem. >=20 > The counter to this is that in the recent past, any suggestion to add = anything > to DEFAULTS was met with "that's the wrong way". In actual fact, = changes > to GENERIC happen quite often, and we often break older kernel configs = from > older branches (ATA_CAM is no longer in 10 for example). I'm not sure = I buy=20 > the argument that we can never break kernel configs from older = branches. >=20 > I also think that NO_FOO options aren't the way to go and that we = should=20 > always create "positive" options, but add them to GENERIC when making = a=20 > previously standard thing optional. I think adding things to DEFAULTS = should=20 > be rarely done, if ever. For the embedded kernels, where std.* take the place of the = sledge-hammer DEFAULTS, they are often the right place to put options = that will be the same for all kernels due to hardware constraints or = dictations. In this case, the port maintainers would know if there's a = hardware RNG or not on the chip, and if not put it into the appropriate = std.foo file. Of course, the fail stupid part of this patch is an even more = fundamental flaw in this patch, but I digress... Warner Warner