From owner-svn-src-head@freebsd.org  Sat Apr 11 20:02:22 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E44932799A3;
 Sat, 11 Apr 2020 20:02:22 +0000 (UTC)
 (envelope-from cse.cem@gmail.com)
Received: from mail-ot1-f66.google.com (mail-ot1-f66.google.com
 [209.85.210.66])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4905Q65MWBz442r;
 Sat, 11 Apr 2020 20:02:22 +0000 (UTC)
 (envelope-from cse.cem@gmail.com)
Received: by mail-ot1-f66.google.com with SMTP id a49so5188773otc.11;
 Sat, 11 Apr 2020 13:02:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
 :from:date:message-id:subject:to:cc:content-transfer-encoding;
 bh=umHgy25HIDIH7JPjsCUgdpdTF0gGqHMI9wxKpEJFmMY=;
 b=ZNkhHEWwFbGkmxLOWgOsDdor/5PmkCyIbCPNDWd9A464E/Zfy+1ZcWKOwSnxvRbYL9
 /FamiLOhCLML9gaQGoNUpeUcK3f+UzyA1moaZ5xzhWc/ovys0fiTG9rBt1kLqEkJaEg2
 6FGAzWkCyt83SbbP5xmVLqLFyNv38mgfloUbwGumDmdRUhnp/02Rg8svOiWofhpcoWAv
 Y5TKjmsVqGfAqjarq86JVYwrrdyrNoKAacQNlPt6nsT4K2yIbN5/D3oY5rLypyCRqdmA
 CydBVndUYXsu1JH42fXGaCfTCdbSQgejYyamCKjNumDSs9D2Y4yO8lsT2FjX0YBeLvfG
 mh5g==
X-Gm-Message-State: AGi0PuaLZQFRr/KDmNiktgbQgJK+INWA2HABD5MYnz0Oek3jBaRu9BBr
 1qXIVPm2iCM05dAsu+BduGpTBJer
X-Google-Smtp-Source: APiQypI4VW3Zr9J+Kb+4gN4YvTyOcyc8CwKI82cCr9dNPqFZUPlWNNwFoCS8XFg9qrIWQbZXV2dtSA==
X-Received: by 2002:a05:6830:1e10:: with SMTP id
 s16mr8602883otr.222.1586635341274; 
 Sat, 11 Apr 2020 13:02:21 -0700 (PDT)
Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com.
 [209.85.210.41])
 by smtp.gmail.com with ESMTPSA id x82sm3403313oig.55.2020.04.11.13.02.21
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Sat, 11 Apr 2020 13:02:21 -0700 (PDT)
Received: by mail-ot1-f41.google.com with SMTP id m2so5252833otr.1;
 Sat, 11 Apr 2020 13:02:21 -0700 (PDT)
X-Received: by 2002:a4a:c3c9:: with SMTP id e9mr1797960ooq.51.1586635340731;
 Sat, 11 Apr 2020 13:02:20 -0700 (PDT)
MIME-Version: 1.0
References: <202004110737.03B7b8cS067986@repo.freebsd.org>
In-Reply-To: <202004110737.03B7b8cS067986@repo.freebsd.org>
Reply-To: cem@freebsd.org
From: Conrad Meyer <cem@freebsd.org>
Date: Sat, 11 Apr 2020 13:02:10 -0700
X-Gmail-Original-Message-ID: <CAG6CVpXrVDso1i1Sq3KYVXi5+HyW7kwTYbq6C7otAPbCDWdgkg@mail.gmail.com>
Message-ID: <CAG6CVpXrVDso1i1Sq3KYVXi5+HyW7kwTYbq6C7otAPbCDWdgkg@mail.gmail.com>
Subject: Re: svn commit: r359797 - in head/sys: net netinet netinet6
To: "Alexander V. Chernikov" <melifaro@freebsd.org>
Cc: svn-src-all <svn-src-all@freebsd.org>,
 svn-src-head <svn-src-head@freebsd.org>, 
 src-committers <src-committers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 4905Q65MWBz442r
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-6.00 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; REPLY(-4.00)[];
 TAGGED_FROM(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 20:02:23 -0000

Hi Alexander,

On Sat, Apr 11, 2020 at 12:37 AM Alexander V. Chernikov
<melifaro@freebsd.org> wrote:
>
> Author: melifaro
> Date: Sat Apr 11 07:37:08 2020
> New Revision: 359797
> URL: https://svnweb.freebsd.org/changeset/base/359797
>
> Log:
>   Remove per-AF radix_mpath initializtion functions.
>
>   Split their functionality by moving random seed allocation
>    to SYSINIT and calling (new) generic multipath function from
>    standard IPv4/IPv5 RIB init handlers.
> ...
> --- head/sys/net/radix_mpath.c  Sat Apr 11 07:31:16 2020        (r359796)
> +++ head/sys/net/radix_mpath.c  Sat Apr 11 07:37:08 2020        (r359797)
> @@ -290,38 +290,18 @@ rtalloc_mpath_fib(struct route *ro, uint32_t hash, =
u_i
> ...
> +static void
> +mpath_init(void)
>  {
> -       struct rib_head *rnh;
>
>         hashjitter =3D arc4random();
> -       if (in6_inithead(head, off, fibnum) =3D=3D 1) {
> -               rnh =3D (struct rib_head *)*head;
> -               rnh->rnh_multipath =3D 1;
> -               return 1;
> -       } else
> -               return 0;
>  }
> +SYSINIT(mpath_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, mpath_init, NULL)=
;

This is pretty early in boot to be asking for random numbers.  We
don't have interrupts yet, for example.  If the system doesn't have a
saved /boot/entropy loaded (PPC, or installer, or some other embedded
system perhaps), we will either deadlock boot or get not especially
random numbers here (depending on availability behavior of arc4random
=E2=80=94 currently we err on the side of low quality random numbers).

If this number is predictable to an attacker, is it easier to DoS the
system?  Do we need the random number before userspace starts?  (I
would imagine networking does not really start chatting with remote
hosts prior to userspace boot, but this is just a guess.)

Best,
Conrad