Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Jul 2012 23:39:02 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        John Baldwin <jhb@freebsd.org>
Cc:        src-committers@freebsd.org, Andrey Chernov <ache@freebsd.org>, svn-src-all@freebsd.org, David Chisnall <theraven@freebsd.org>, Attilio Rao <attilio@freebsd.org>, Konstantin Belousov <kostikbel@gmail.com>, svn-src-head@freebsd.org, markm@freebsd.org
Subject:   Re: svn commit: r238118 - head/lib/libc/gen
Message-ID:  <20120705213901.GA1442@garage.freebsd.pl>
In-Reply-To: <201207050749.43210.jhb@freebsd.org>
References:  <201207041951.q64JpPXu029310@svn.freebsd.org> <8344944B-1CEE-4CAD-96FB-EC5A743F6909@FreeBSD.org> <CAJ-FndAGgkgi5W3LqgMkeK9AquQ=1RhhYcj4jnLmuRg2EwVuqA@mail.gmail.com> <201207050749.43210.jhb@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 05, 2012 at 07:49:42AM -0400, John Baldwin wrote:
> On Wednesday, July 04, 2012 4:45:54 pm Attilio Rao wrote:
> > 2012/7/4 David Chisnall <theraven@freebsd.org>:
> > > On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> > >
> > >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or o=
ld=20
> way
> > >> initialization) always exists.
> > >
> > > From the perspective of Capsicum sandboxes, a device node is better t=
han a=20
> sysctl.  The kernel must hard-code policy about which sysctls are permitt=
ed,=20
> but access to file descriptors is decided on a per-sandbox basis and is=
=20
> configurable by the user.  The same applies to jails, although it's sligh=
tly=20
> more effort to make device nodes appear inside a jail.
> >=20
> > Also don't understimate the locking factor here.
> > I recall that at some point /dev/random was introducing some
> > scalability penalty on php (maybe related to the suhosin patch) until
> > kib made shared lookups available on devfs. IIRC, sysctls are still
> > Giant locked.
>=20
> sysctls are not all Giant locked.   KERN_ARND is marked MPSAFE, so it doe=
s not=20
> use Giant:

It doesn't really matter. Our in-kernel random generator has its own
giant lock, so is basically single threaded. Compare results of those
two on some SMP machine:

	# dd if=3D/dev/random of=3D/dev/null bs=3D1m count=3D1024

	# sh -c 'for i in `jot $(sysctl -n hw.ncpu)`; do dd if=3D/dev/random of=3D=
/dev/null bs=3D1m count=3D128 & done'

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://tupytaj.pl

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAk/2CXUACgkQForvXbEpPzS8/QCgr19zdVzPwBJXfplzypty7+zY
FMUAniLFmLcedbL7iJo8BusoT/boo3Jh
=YNK1
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120705213901.GA1442>