From owner-svn-src-head@FreeBSD.ORG Thu Jul 5 21:41:20 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 20BAD106564A; Thu, 5 Jul 2012 21:41:20 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 667278FC08; Thu, 5 Jul 2012 21:41:19 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id BC327FB8; Thu, 5 Jul 2012 23:41:14 +0200 (CEST) Date: Thu, 5 Jul 2012 23:39:02 +0200 From: Pawel Jakub Dawidek To: John Baldwin Message-ID: <20120705213901.GA1442@garage.freebsd.pl> References: <201207041951.q64JpPXu029310@svn.freebsd.org> <8344944B-1CEE-4CAD-96FB-EC5A743F6909@FreeBSD.org> <201207050749.43210.jhb@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <201207050749.43210.jhb@freebsd.org> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: src-committers@freebsd.org, Andrey Chernov , svn-src-all@freebsd.org, David Chisnall , Attilio Rao , Konstantin Belousov , svn-src-head@freebsd.org, markm@freebsd.org Subject: Re: svn commit: r238118 - head/lib/libc/gen X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 21:41:20 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 05, 2012 at 07:49:42AM -0400, John Baldwin wrote: > On Wednesday, July 04, 2012 4:45:54 pm Attilio Rao wrote: > > 2012/7/4 David Chisnall : > > > On 4 Jul 2012, at 21:32, Andrey Chernov wrote: > > > > > >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or o= ld=20 > way > > >> initialization) always exists. > > > > > > From the perspective of Capsicum sandboxes, a device node is better t= han a=20 > sysctl. The kernel must hard-code policy about which sysctls are permitt= ed,=20 > but access to file descriptors is decided on a per-sandbox basis and is= =20 > configurable by the user. The same applies to jails, although it's sligh= tly=20 > more effort to make device nodes appear inside a jail. > >=20 > > Also don't understimate the locking factor here. > > I recall that at some point /dev/random was introducing some > > scalability penalty on php (maybe related to the suhosin patch) until > > kib made shared lookups available on devfs. IIRC, sysctls are still > > Giant locked. >=20 > sysctls are not all Giant locked. KERN_ARND is marked MPSAFE, so it doe= s not=20 > use Giant: It doesn't really matter. Our in-kernel random generator has its own giant lock, so is basically single threaded. Compare results of those two on some SMP machine: # dd if=3D/dev/random of=3D/dev/null bs=3D1m count=3D1024 # sh -c 'for i in `jot $(sysctl -n hw.ncpu)`; do dd if=3D/dev/random of=3D= /dev/null bs=3D1m count=3D128 & done' --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/2CXUACgkQForvXbEpPzS8/QCgr19zdVzPwBJXfplzypty7+zY FMUAniLFmLcedbL7iJo8BusoT/boo3Jh =YNK1 -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--