From owner-svn-src-all@freebsd.org Wed Feb 10 18:29:39 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BCA4AA47BB; Wed, 10 Feb 2016 18:29:39 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3FBF01ACC; Wed, 10 Feb 2016 18:29:39 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1AITcKs042513; Wed, 10 Feb 2016 18:29:38 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1AITbAC042505; Wed, 10 Feb 2016 18:29:37 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201602101829.u1AITbAC042505@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Wed, 10 Feb 2016 18:29:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r295480 - stable/10/sys/dev/random X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 18:29:39 -0000 Author: jhb Date: Wed Feb 10 18:29:37 2016 New Revision: 295480 URL: https://svnweb.freebsd.org/changeset/base/295480 Log: Adjust initialization of random(9) so it is usable earlier. A few existing SYSINITs expect the in-kernel PRNG (random(9)) to be useable at SI_SUB_RANDOM / SI_ORDER_ANY. However, the random(4) overhaul merged for 10.0 performs all of its initialization at SI_SUB_DRIVERS (since it is tied in with creating the /dev/random character device). This has changed in HEAD where the random initialization is split such that the in-kernel random(9) is initialized at SI_SUB_RANDOM and the supporting bits for userland random(4) (such as /dev/random) are initialized later. However, the changes in HEAD are large and invasive. Instead, this change is being directly committed to stable/10. This change moves most of the random(9)/random(4) initialization to SI_SUB_RANDOM with the exception that the creation of the harvesting kernel process and the /dev/random character device are deferred to new SYSINITs that run at SI_SUB_DRIVERS. This fixes the "random device not loaded; using insecure entropy" message output during boot on some systems. PR: 205800 Reviewed by: markm, so@ Approved by: so Approved by: re (gjb) Tested by: Mark Saad Modified: stable/10/sys/dev/random/live_entropy_sources.c stable/10/sys/dev/random/live_entropy_sources.h stable/10/sys/dev/random/random_adaptors.c stable/10/sys/dev/random/random_adaptors.h stable/10/sys/dev/random/random_harvestq.c stable/10/sys/dev/random/randomdev.c stable/10/sys/dev/random/randomdev_soft.c Modified: stable/10/sys/dev/random/live_entropy_sources.c ============================================================================== --- stable/10/sys/dev/random/live_entropy_sources.c Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/live_entropy_sources.c Wed Feb 10 18:29:37 2016 (r295480) @@ -189,7 +189,7 @@ live_entropy_sources_deinit(void *unused sx_destroy(&les_lock); } -SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST, +SYSINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST, live_entropy_sources_init, NULL); -SYSUNINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST, +SYSUNINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST, live_entropy_sources_deinit, NULL); Modified: stable/10/sys/dev/random/live_entropy_sources.h ============================================================================== --- stable/10/sys/dev/random/live_entropy_sources.h Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/live_entropy_sources.h Wed Feb 10 18:29:37 2016 (r295480) @@ -52,7 +52,7 @@ void live_entropy_sources_feed(int, even modevent, \ 0 \ }; \ - DECLARE_MODULE(name, name##_mod, SI_SUB_DRIVERS, \ + DECLARE_MODULE(name, name##_mod, SI_SUB_RANDOM, \ SI_ORDER_SECOND); \ MODULE_VERSION(name, ver); \ MODULE_DEPEND(name, random, 1, 1, 1); Modified: stable/10/sys/dev/random/random_adaptors.c ============================================================================== --- stable/10/sys/dev/random/random_adaptors.c Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/random_adaptors.c Wed Feb 10 18:29:37 2016 (r295480) @@ -233,9 +233,9 @@ random_adaptors_init(void *unused) SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Random Number Generator"); -SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST, random_adaptors_init, +SYSINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST, random_adaptors_init, NULL); -SYSUNINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST, +SYSUNINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST, random_adaptors_deinit, NULL); static void Modified: stable/10/sys/dev/random/random_adaptors.h ============================================================================== --- stable/10/sys/dev/random/random_adaptors.h Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/random_adaptors.h Wed Feb 10 18:29:37 2016 (r295480) @@ -47,7 +47,7 @@ extern struct random_adaptor *random_ada /* * random_adaptor's should be registered prior to - * random module (SI_SUB_DRIVERS/SI_ORDER_MIDDLE) + * random module (SI_SUB_RANDOM/SI_ORDER_MIDDLE) */ #define RANDOM_ADAPTOR_MODULE(name, modevent, ver) \ static moduledata_t name##_mod = { \ @@ -55,7 +55,7 @@ extern struct random_adaptor *random_ada modevent, \ 0 \ }; \ - DECLARE_MODULE(name, name##_mod, SI_SUB_DRIVERS, \ + DECLARE_MODULE(name, name##_mod, SI_SUB_RANDOM, \ SI_ORDER_SECOND); \ MODULE_VERSION(name, ver); \ MODULE_DEPEND(name, random, 1, 1, 1); Modified: stable/10/sys/dev/random/random_harvestq.c ============================================================================== --- stable/10/sys/dev/random/random_harvestq.c Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/random_harvestq.c Wed Feb 10 18:29:37 2016 (r295480) @@ -81,6 +81,8 @@ int random_kthread_control = 0; static struct proc *random_kthread_proc; +static event_proc_f random_cb; + #ifdef RANDOM_RWFILE static const char *entropy_files[] = { "/entropy", @@ -219,7 +221,7 @@ random_kthread(void *arg) void random_harvestq_init(event_proc_f cb) { - int error, i; + int i; struct harvest *np; /* Initialise the harvest fifos */ @@ -238,13 +240,26 @@ random_harvestq_init(event_proc_f cb) mtx_init(&harvest_mtx, "entropy harvest mutex", NULL, MTX_SPIN); + random_cb = cb; +} + +static void +random_harvestq_start_kproc(void *arg __unused) +{ + int error; + + if (random_cb == NULL) + return; + /* Start the hash/reseed thread */ - error = kproc_create(random_kthread, cb, + error = kproc_create(random_kthread, random_cb, &random_kthread_proc, RFHIGHPID, 0, "rand_harvestq"); /* RANDOM_CSPRNG_NAME */ if (error != 0) panic("Cannot create entropy maintenance thread."); } +SYSINIT(random_kthread, SI_SUB_DRIVERS, SI_ORDER_ANY, + random_harvestq_start_kproc, NULL); void random_harvestq_deinit(void) @@ -265,6 +280,17 @@ random_harvestq_deinit(void) } harvestfifo.count = 0; + /* + * Command the hash/reseed thread to end and wait for it to finish + */ + mtx_lock_spin(&harvest_mtx); + if (random_kthread_proc != NULL) { + random_kthread_control = -1; + msleep_spin((void *)&random_kthread_control, &harvest_mtx, + "term", 0); + } + mtx_unlock_spin(&harvest_mtx); + mtx_destroy(&harvest_mtx); } Modified: stable/10/sys/dev/random/randomdev.c ============================================================================== --- stable/10/sys/dev/random/randomdev.c Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/randomdev.c Wed Feb 10 18:29:37 2016 (r295480) @@ -175,15 +175,24 @@ random_initialize(void *p, struct random printf("random: <%s> initialized\n", s->ident); + /* mark random(4) as initialized, to avoid being called again */ + random_inited = 1; +} + +static void +random_makedev(void *arg __unused) +{ + + if (random_adaptor == NULL) + return; + /* Use an appropriately evil mode for those who are concerned * with daemons */ random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw, RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random"); make_dev_alias(random_dev, "urandom"); /* compatibility */ - - /* mark random(4) as initialized, to avoid being called again */ - random_inited = 1; } +SYSINIT(random_makedev, SI_SUB_DRIVERS, SI_ORDER_ANY, random_makedev, NULL); /* ARGSUSED */ static int @@ -229,5 +238,11 @@ random_modevent(module_t mod __unused, i return (error); } -DEV_MODULE(random, random_modevent, NULL); +static moduledata_t random_mod = { + "random", + random_modevent, + NULL +}; + +DECLARE_MODULE(random, random_mod, SI_SUB_RANDOM, SI_ORDER_MIDDLE); MODULE_VERSION(random, 1); Modified: stable/10/sys/dev/random/randomdev_soft.c ============================================================================== --- stable/10/sys/dev/random/randomdev_soft.c Wed Feb 10 18:23:47 2016 (r295479) +++ stable/10/sys/dev/random/randomdev_soft.c Wed Feb 10 18:29:37 2016 (r295480) @@ -182,12 +182,6 @@ randomdev_deinit(void) /* Deregister the randomness harvesting routine */ randomdev_deinit_harvester(); - /* - * Command the hash/reseed thread to end and wait for it to finish - */ - random_kthread_control = -1; - tsleep((void *)&random_kthread_control, 0, "term", 0); - #if defined(RANDOM_YARROW) random_yarrow_deinit_alg(); #endif