From owner-svn-src-head@freebsd.org  Sat Apr 11 22:30:36 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1E00D27D7D2;
 Sat, 11 Apr 2020 22:30:36 +0000 (UTC)
 (envelope-from melifaro@ipfw.ru)
Received: from forward501j.mail.yandex.net (forward501j.mail.yandex.net
 [IPv6:2a02:6b8:0:801:2::111])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4908j60wwqz4CdG;
 Sat, 11 Apr 2020 22:30:33 +0000 (UTC)
 (envelope-from melifaro@ipfw.ru)
Received: from mxback5q.mail.yandex.net (mxback5q.mail.yandex.net
 [IPv6:2a02:6b8:c0e:1ba:0:640:b716:ad89])
 by forward501j.mail.yandex.net (Yandex) with ESMTP id 9DD6C33800ED;
 Sun, 12 Apr 2020 01:30:30 +0300 (MSK)
Received: from localhost (localhost [::1])
 by mxback5q.mail.yandex.net (mxback/Yandex) with ESMTP id TYX1sZ6P25-UUletFlr; 
 Sun, 12 Apr 2020 01:30:30 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail;
 t=1586644230; bh=ob+9CUifHQHIvMvZT4roGzysvJF9eZPscEvu+LRZkDw=;
 h=Message-Id:Cc:Subject:In-Reply-To:Date:References:To:From;
 b=ZiUgXp/UqqzKHGtaYle9gjWAThGrSLYD65WKBJ53k5W1WaQBHcit5xCK+W1VhVK9j
 cfiq+Muv8ez+xh1zc1DxDGxfts034ffTblK31juMF8wmdL++UxDAe7u+bN8p8aNBOQ
 +NzdoKX56iqrr2ltYdA9ulhAltWOv+Zm2GEM5sig=
Received: by vla1-89a1c81c8982.qloud-c.yandex.net with HTTP;
 Sun, 12 Apr 2020 01:30:29 +0300
From: Alexander V. Chernikov <melifaro@freebsd.org>
Envelope-From: melifaro@ipfw.ru
To: Ian Lepore <ian@freebsd.org>,
	"cem@freebsd.org" <cem@freebsd.org>
Cc: svn-src-all <svn-src-all@freebsd.org>,
 svn-src-head <svn-src-head@freebsd.org>,
 src-committers <src-committers@freebsd.org>
In-Reply-To: <5667a66b22e18893a4d7de58f0e0fd3084a6e0f7.camel@freebsd.org>
References: <202004110737.03B7b8cS067986@repo.freebsd.org>
 <CAG6CVpXrVDso1i1Sq3KYVXi5+HyW7kwTYbq6C7otAPbCDWdgkg@mail.gmail.com>
 <5667a66b22e18893a4d7de58f0e0fd3084a6e0f7.camel@freebsd.org>
Subject: Re: svn commit: r359797 - in head/sys: net netinet netinet6
MIME-Version: 1.0
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Sat, 11 Apr 2020 23:30:29 +0100
Message-Id: <4458041586643841@myt4-42d4a9f8d9f5.qloud-c.yandex.net>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
X-Rspamd-Queue-Id: 4908j60wwqz4CdG
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=ipfw.ru header.s=mail header.b=ZiUgXp/U;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of melifaro@ipfw.ru designates
 2a02:6b8:0:801:2::111 as permitted sender) smtp.mailfrom=melifaro@ipfw.ru
X-Spamd-Result: default: False [-5.85 / 15.00]; ARC_NA(0.00)[];
 TO_DN_EQ_ADDR_SOME(0.00)[];
 R_DKIM_ALLOW(-0.20)[ipfw.ru:s=mail];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3];
 IP_SCORE(-3.65)[ip: (-9.64), ipnet: 2a02:6b8::/32(-4.77), asn: 13238(-3.85),
 country: RU(0.01)]; DKIM_TRACE(0.00)[ipfw.ru:+];
 RCVD_IN_DNSWL_NONE(0.00)[1.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org
 : 127.0.5.0]; 
 FORGED_SENDER(0.30)[melifaro@freebsd.org,melifaro@ipfw.ru];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU];
 FROM_NEQ_ENVFROM(0.00)[melifaro@freebsd.org,melifaro@ipfw.ru]
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 22:30:36 -0000

11.04.2020, 21:58, "Ian Lepore" <ian@freebsd.org>:
> On Sat, 2020-04-11 at 13:02 -0700, Conrad Meyer wrote:
>>  Hi Alexander,
>>
>>  On Sat, Apr 11, 2020 at 12:37 AM Alexander V. Chernikov
>>  <melifaro@freebsd.org> wrote:
>>  >
>>  > Author: melifaro
>>  > Date: Sat Apr 11 07:37:08 2020
>>  > New Revision: 359797
>>  > URL: https://svnweb.freebsd.org/changeset/base/359797
>>  >
>>  > Log:
>>  > Remove per-AF radix_mpath initializtion functions.
>>  >
>>  > Split their functionality by moving random seed allocation
>>  > to SYSINIT and calling (new) generic multipath function from
>>  > standard IPv4/IPv5 RIB init handlers.
>>  > ...
>>  > --- head/sys/net/radix_mpath.c Sat Apr 11 07:31:16
>>  > 2020 (r359796)
>>  > +++ head/sys/net/radix_mpath.c Sat Apr 11 07:37:08
>>  > 2020 (r359797)
>>  > @@ -290,38 +290,18 @@ rtalloc_mpath_fib(struct route *ro, uint32_t
>>  > hash, u_i
>>  > ...
>>  > +static void
>>  > +mpath_init(void)
>>  > {
>>  > - struct rib_head *rnh;
>>  >
>>  > hashjitter = arc4random();
>>  > - if (in6_inithead(head, off, fibnum) == 1) {
>>  > - rnh = (struct rib_head *)*head;
>>  > - rnh->rnh_multipath = 1;
>>  > - return 1;
>>  > - } else
>>  > - return 0;
>>  > }
>>  > +SYSINIT(mpath_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, mpath_init,
>>  > NULL);
>>
>>  This is pretty early in boot to be asking for random numbers. We
>>  don't have interrupts yet, for example. If the system doesn't have a
>>  saved /boot/entropy loaded (PPC, or installer, or some other embedded
>>  system perhaps), we will either deadlock boot or get not especially
>>  random numbers here (depending on availability behavior of arc4random
>>  — currently we err on the side of low quality random numbers).
>>
>>  If this number is predictable to an attacker, is it easier to DoS the
>>  system? Do we need the random number before userspace starts? (I
>>  would imagine networking does not really start chatting with remote
>>  hosts prior to userspace boot, but this is just a guess.)
>>
>>  Best,
>>  Conrad
>
> I believe the earliest use of networking during boot is for mounting
> the rootfs using nfs. So SI_SUB_ROOT_CONF-1 might be good.
Yep, that's a good one. Generally you're right.
In this particular case, this random value is only used when we have multiple paths to a particular destination. Such configuraition implies having either routing daemon up, or static route(8) configuration applied, which will happen at least after SI_SUB_KTHREAD_INIT. With all this in mind I'm thinking of moving it to the SI_SUB_LAST to increase the chance of getting good entropy. Does this sound good to you?
>
> -- Ian