Date: Tue, 03 Sep 2019 14:06:47 -0000 From: Mark Murray <markm@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r345981 - stable/11/sys/dev/random Message-ID: <201904060900.x36906LW022393@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markm Date: Sat Apr 6 09:00:06 2019 New Revision: 345981 URL: https://svnweb.freebsd.org/changeset/base/345981 Log: Backport fixes from FreeBSD-12 to help the random(4) device thread not overwhelm the OS: a) Use the correct symbolic constant when calculating 10'ths of a second. This means that expensive reseeds happen at ony 1/10 Hz, not some kHz. b) Rate limit internal high-rate harveting efforts. This stops the harvesting thread from total overkilling the high-grade entropy- gathering work, while still being very conservatively safe. PR: 230808 Reported by: danilo,eugen Tested by: eugen Approved by: so (blanket permission granted as I am the authour of this code) Relnotes: Yes Modified: stable/11/sys/dev/random/fortuna.c stable/11/sys/dev/random/random_harvestq.c Modified: stable/11/sys/dev/random/fortuna.c ============================================================================== --- stable/11/sys/dev/random/fortuna.c Sat Apr 6 06:02:42 2019 (r345980) +++ stable/11/sys/dev/random/fortuna.c Sat Apr 6 09:00:06 2019 (r345981) @@ -358,7 +358,7 @@ random_fortuna_pre_read(void) if (fortuna_state.fs_pool[0].fsp_length >= fortuna_state.fs_minpoolsize #ifdef _KERNEL /* FS&K - Use 'getsbinuptime()' to prevent reseed-spamming. */ - && (now - fortuna_state.fs_lasttime > hz/10) + && (now - fortuna_state.fs_lasttime > SBT_1S/10) #endif ) { #ifdef _KERNEL Modified: stable/11/sys/dev/random/random_harvestq.c ============================================================================== --- stable/11/sys/dev/random/random_harvestq.c Sat Apr 6 06:02:42 2019 (r345980) +++ stable/11/sys/dev/random/random_harvestq.c Sat Apr 6 09:00:06 2019 (r345981) @@ -55,6 +55,10 @@ __FBSDID("$FreeBSD$"); #include <machine/atomic.h> #include <machine/cpu.h> +#include <crypto/rijndael/rijndael-api-fst.h> +#include <crypto/sha2/sha256.h> + +#include <dev/random/hash.h> #include <dev/random/randomdev.h> #include <dev/random/random_harvestq.h> @@ -209,8 +213,12 @@ random_sources_feed(void) /* It's an indenting error. Yeah, Yeah. */ #endif local_read_rate = atomic_readandclear_32(&read_rate); + /* Perform at least one read per round */ + local_read_rate = MAX(local_read_rate, 1); + /* But not exceeding RANDOM_KEYSIZE_WORDS */ + local_read_rate = MIN(local_read_rate, RANDOM_KEYSIZE_WORDS); LIST_FOREACH(rrs, &source_list, rrs_entries) { - for (i = 0; i < p_random_alg_context->ra_poolcount*(local_read_rate + 1); i++) { + for (i = 0; i < p_random_alg_context->ra_poolcount*local_read_rate; i++) { n = rrs->rrs_source->rs_read(entropy, sizeof(entropy)); KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned too much data (%u > %zu)", __func__, n, sizeof(entropy))); /* It would appear that in some circumstances (e.g. virtualisation),
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904060900.x36906LW022393>