Date: Sat, 11 Apr 2020 23:30:29 +0100 From: Alexander V. Chernikov <melifaro@freebsd.org> To: Ian Lepore <ian@freebsd.org>, "cem@freebsd.org" <cem@freebsd.org> Cc: svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org>, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r359797 - in head/sys: net netinet netinet6 Message-ID: <4458041586643841@myt4-42d4a9f8d9f5.qloud-c.yandex.net> In-Reply-To: <5667a66b22e18893a4d7de58f0e0fd3084a6e0f7.camel@freebsd.org> References: <202004110737.03B7b8cS067986@repo.freebsd.org> <CAG6CVpXrVDso1i1Sq3KYVXi5%2BHyW7kwTYbq6C7otAPbCDWdgkg@mail.gmail.com> <5667a66b22e18893a4d7de58f0e0fd3084a6e0f7.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
11.04.2020, 21:58, "Ian Lepore" <ian@freebsd.org>: > On Sat, 2020-04-11 at 13:02 -0700, Conrad Meyer wrote: >> Hi Alexander, >> >> On Sat, Apr 11, 2020 at 12:37 AM Alexander V. Chernikov >> <melifaro@freebsd.org> wrote: >> > >> > Author: melifaro >> > Date: Sat Apr 11 07:37:08 2020 >> > New Revision: 359797 >> > URL: https://svnweb.freebsd.org/changeset/base/359797 >> > >> > Log: >> > Remove per-AF radix_mpath initializtion functions. >> > >> > Split their functionality by moving random seed allocation >> > to SYSINIT and calling (new) generic multipath function from >> > standard IPv4/IPv5 RIB init handlers. >> > ... >> > --- head/sys/net/radix_mpath.c Sat Apr 11 07:31:16 >> > 2020 (r359796) >> > +++ head/sys/net/radix_mpath.c Sat Apr 11 07:37:08 >> > 2020 (r359797) >> > @@ -290,38 +290,18 @@ rtalloc_mpath_fib(struct route *ro, uint32_t >> > hash, u_i >> > ... >> > +static void >> > +mpath_init(void) >> > { >> > - struct rib_head *rnh; >> > >> > hashjitter = arc4random(); >> > - if (in6_inithead(head, off, fibnum) == 1) { >> > - rnh = (struct rib_head *)*head; >> > - rnh->rnh_multipath = 1; >> > - return 1; >> > - } else >> > - return 0; >> > } >> > +SYSINIT(mpath_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, mpath_init, >> > NULL); >> >> This is pretty early in boot to be asking for random numbers. We >> don't have interrupts yet, for example. If the system doesn't have a >> saved /boot/entropy loaded (PPC, or installer, or some other embedded >> system perhaps), we will either deadlock boot or get not especially >> random numbers here (depending on availability behavior of arc4random >> — currently we err on the side of low quality random numbers). >> >> If this number is predictable to an attacker, is it easier to DoS the >> system? Do we need the random number before userspace starts? (I >> would imagine networking does not really start chatting with remote >> hosts prior to userspace boot, but this is just a guess.) >> >> Best, >> Conrad > > I believe the earliest use of networking during boot is for mounting > the rootfs using nfs. So SI_SUB_ROOT_CONF-1 might be good. Yep, that's a good one. Generally you're right. In this particular case, this random value is only used when we have multiple paths to a particular destination. Such configuraition implies having either routing daemon up, or static route(8) configuration applied, which will happen at least after SI_SUB_KTHREAD_INIT. With all this in mind I'm thinking of moving it to the SI_SUB_LAST to increase the chance of getting good entropy. Does this sound good to you? > > -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4458041586643841>