From owner-svn-src-head@freebsd.org Wed Mar 18 21:45:32 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D2E526E30E for ; Wed, 18 Mar 2020 21:45:32 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound3d.ore.mailhop.org (outbound3d.ore.mailhop.org [54.186.57.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jNrB6qn9z3KJR for ; Wed, 18 Mar 2020 21:45:30 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1584567929; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=LvzaSaVo3Jddh77lPH3FH+V9SDHwLOnKXGcc7aJNvybHvfm1ihy8IWasrrt9n4hMatNID67AZTUiw mIFFkzisBakDMeY3tILDvi58+2MCTiIhrbUCb8/fVLNPIYpoysAWmEIjHOwzdvZSMbv424ZQKhKu5G lW5Kbj/sXN7tuPLThbdbsM8eZJfN60nkkKLqfRsElpcXIkQ5f3Pej06/ARxwPTIRduC5SmYIrH5nLa MFwQX34wDOt07UAwNpU8iq9mDXT2A7VjggfKjRJ+GWgtlFEXuJux40zV44UXaxojLv9PF++NbHNKhX 62M+C+sRB3Ie0yN/qR8vL22ZWMd9pjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:dkim-signature:from; bh=EDToWQRsiDzOhac4QXOnICLPeu1zzh/pLeB87aeBkfM=; b=pjsxYv4KLHh2BCB0v/VsWZCtVKDT3lwUOAtidhxNqqeHR0oajAXwZ4QK4de5cH9/c4XtqJsSkZQrp 2kkzcUxN/94SKOJikXCPfhlPQLY/bnNBZw/T/Ba/Ow/NS2K+9t/w3meZcGI8udZqqIMSchiyn2nc20 TlVxr46AXlNIV6Yxh0X5ZuQp28L5xaMOKh9bNI/MN2VTDePAAg6+aqZOlgSNhFcOal2Qsa0Ykci3Qz jBKZxFgrUQQ/hHJVPi1o+riXZF6mMfZ77MXdXphTTO23/7xHWO7W9T77ZPDxIXLTEKyRL4RQDgiO64 TEl0J4T+DlEDZcZ2CqUs9twTrZMn6vw== ARC-Authentication-Results: i=1; outbound3.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:from; bh=EDToWQRsiDzOhac4QXOnICLPeu1zzh/pLeB87aeBkfM=; b=ioyNuEjuOPekfUs1a7ccyMf9jMm0fZsd7V814qQd6xIh4LTjx+AD63E8szLga4o+BYmw7AbSUmaPZ N7sjjBgB4CqgpUTvwFIAQNy5qm7DxL6V+6X79HJyjdXFj7ZaYTDV3KvnHwL1pd1HJ7eexgTva7nsmq H2pHKkntXqmaMpBAID7VKFfHRVXc9fEpCtXlrJi5dnEERSEtmdHyEww+yFl4oLigXYPWuPJWiU7Lfz ufd1keGR/GxWGKVtY5byPo6jcai07raW0QVEPvsXJJehnkYtjMVabd5DZ70j+PtGULXsHotLTNBTJg 7mEEm4Lqq6+q3CrUMG9nmDda7FLMMNQ== X-MHO-RoutePath: aGlwcGll X-MHO-User: c756c7e5-6961-11ea-b80e-052b4a66b6b2 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound3.ore.mailhop.org (Halon) with ESMTPSA id c756c7e5-6961-11ea-b80e-052b4a66b6b2; Wed, 18 Mar 2020 21:45:27 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id 02ILjQRA077548; Wed, 18 Mar 2020 15:45:26 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <0e4e4388479618a739f1268f2d6eebfd37393517.camel@freebsd.org> Subject: Re: svn commit: r359053 - head/sys/kern From: Ian Lepore To: Konstantin Belousov Cc: John Baldwin , Conrad Meyer , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Date: Wed, 18 Mar 2020 15:45:26 -0600 In-Reply-To: <20200318203618.GF1992@kib.kiev.ua> References: <202003172227.02HMRHLM086023@repo.freebsd.org> <047c4edb4ff9fa6c40be6492c2f082e374f7a941.camel@freebsd.org> <96b14f0cff17b3367e3428dbcdc1bf12d7ab7356.camel@freebsd.org> <20200318203618.GF1992@kib.kiev.ua> Content-Type: text/plain; charset="ASCII" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48jNrB6qn9z3KJR X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [1.97 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_SPAM_LONG(1.00)[0.995,0]; NEURAL_SPAM_MEDIUM(0.98)[0.976,0]; ASN(0.00)[asn:16509, ipnet:54.186.0.0/15, country:US] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 21:45:32 -0000 On Wed, 2020-03-18 at 22:36 +0200, Konstantin Belousov wrote: > On Tue, Mar 17, 2020 at 07:25:01PM -0600, Ian Lepore wrote: > > On Tue, 2020-03-17 at 17:05 -0700, John Baldwin wrote: > > > On 3/17/20 3:36 PM, Ian Lepore wrote: > > > > On Tue, 2020-03-17 at 22:27 +0000, Conrad Meyer wrote: > > > > > Author: cem > > > > > Date: Tue Mar 17 22:27:16 2020 > > > > > New Revision: 359053 > > > > > URL: https://svnweb.freebsd.org/changeset/base/359053 > > > > > > > > > > Log: > > > > > Implement sysctl kern.boot_id > > > > > > > > > > Boot IDs are random, opaque 128-bit identifiers that > > > > > distinguish distinct > > > > > system boots. A new ID is generated each time the system > > > > > boots. Unlike > > > > > kern.boottime, the value is not modified by NTP > > > > > adjustments. It remains fixed > > > > > until the machine is restarted. > > > > > > > > > > PR: 244867 > > > > > Reported by: Ricardo Fraile > > > > > MFC after: I do not intend to, but feel free > > > > > > > > > > Modified: > > > > > head/sys/kern/kern_mib.c > > > > > > > > > > Modified: head/sys/kern/kern_mib.c > > > > > ============================================================= > > > > > ==== > > > > > ============= > > > > > --- head/sys/kern/kern_mib.c Tue Mar 17 21:29:03 2020 ( > > > > > r359052) > > > > > +++ head/sys/kern/kern_mib.c Tue Mar 17 22:27:16 2020 ( > > > > > r359053) > > > > > @@ -448,6 +448,32 @@ SYSCTL_PROC(_kern, KERN_HOSTID, hostid, > > > > > CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_PRISON | > > > > > CTLFLAG_MPSAFE > > > > > > CTLFLAG_CAPRD, > > > > > > > > > > NULL, 0, sysctl_hostid, "LU", "Host ID"); > > > > > > > > > > +static struct mtx bootid_lk; > > > > > +MTX_SYSINIT(bootid_lock, &bootid_lk, "bootid generator > > > > > lock", > > > > > MTX_DEF); > > > > > + > > > > > +static int > > > > > +sysctl_bootid(SYSCTL_HANDLER_ARGS) > > > > > +{ > > > > > + static uint8_t boot_id[16]; > > > > > + static bool initialized = false; > > > > > + > > > > > + mtx_lock(&bootid_lk); > > > > > + if (!initialized) { > > > > > + if (!is_random_seeded()) { > > > > > + mtx_unlock(&bootid_lk); > > > > > + return (ENXIO); > > > > > + } > > > > > + arc4random_buf(boot_id, sizeof(boot_id)); > > > > > + initialized = true; > > > > > + } > > > > > + mtx_unlock(&bootid_lk); > > > > > + > > > > > + return (SYSCTL_OUT(req, boot_id, sizeof(boot_id))); > > > > > +} > > > > > +SYSCTL_PROC(_kern, OID_AUTO, boot_id, > > > > > + CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_MPSAFE | > > > > > CTLFLAG_CAPRD, > > > > > + NULL, 0, sysctl_bootid, "", "Random boot ID"); > > > > > + > > > > > /* > > > > > * The osrelease string is copied from the global (osrelease > > > > > in > > > > > vers.c) into > > > > > * prison0 by a sysinit and is inherited by child jails if > > > > > notG > > > > > changed at jail > > > > > > > > This seems a bit complex. Why run a sysinit to init a mutex so > > > > that > > > > you can safely do a lazy init of boot_id? Seems like it would > > > > be > > > > much > > > > easier to just use a sysinit at SI_SUB_LAST to init boot_id > > > > before > > > > sysctl can reference it. > > > > > > Presumably you may not have enough entropy by SI_SUB_LAST to > > > generate > > > it? > > > > > > > I thought arc4random in the kernel could provide random numbers > > immediately (and definitely after jitter in device attachment times > > at > > the end of kernel init)? This doesn't seem like the kind of thing > > that > > needs crypto-strength randomness. > > I think that a large simplification can come from the random driver > initializing the boot_id variable immediately before setting things > so that is_random_seeded() start returning true. > > But even this might be too complex, Why not copy the value from the > boottime on boot, and not ever touch it after. On some systems (virtually all mips, arm, and some arm64 systems), there is no RTC and boottime doesn't get set initially until ntpd or something else in userland runs to set time. -- Ian