Page MenuHomeFreeBSD

random(4): Gather entropy from Pure sources
ClosedPublic

Authored by cem on Oct 6 2017, 5:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jan 16, 11:10 AM
Unknown Object (File)
Sat, Jan 11, 11:37 PM
Unknown Object (File)
Dec 5 2024, 4:41 AM
Unknown Object (File)
Sep 10 2024, 11:54 PM
Unknown Object (File)
Sep 7 2024, 5:55 PM
Unknown Object (File)
Sep 7 2024, 8:36 AM
Unknown Object (File)
Aug 18 2024, 12:24 AM
Unknown Object (File)
Aug 14 2024, 9:13 PM
Subscribers

Details

Summary

At initialization, hc_source_mask only includes non-Pure sources.

The patch changes source registration to enable the registered source in the
hc_source_mask bitmask. This mask governs which sources are harvested.

This patch also disallows userspace from disabling such sources.

PR: 222807
Submitted by: W. Dean Freeman <badfilemagic AT gmail.com>
Obtained from: HBSD 0054e3e170e083811acc9f3b637f8be8a86c03e7
Security: yes

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 11928
Build 12259: arc lint + arc unit

Event Timeline

delphij added inline comments.
sys/dev/random/random_harvestq.c
251

Why is value set here?

262

Looks like user can set harvest mask bit (rather than not being permitted to modify, therefore not match the comments) -- is this intentional?

Or should this be something like:

(value & orig_value) | (orig_value & RANDOM_HARVEST_PURE_MASK)?

284

Since this is growing, will it be sensible to move this to the header file with the enum itself? (also probably a good idea to define random_source_descr as random_source_descr[RANDOM_ENTROPYSOURCE].

Another suggestion is to use C99 style array initialization, e.g. [RANDOM_CACHED] = "CACHED".

sys/dev/random/random_harvestq.c
251

See the directly following line — this is how the old mask is reported to sysctl.

262

I don't understand the confusion. The user is allowed to freely modify the bits of the mask corresponding to environmental sources. They are only disallowed from modifying the bits corresponding to Pure sources.

Yes, it is intentional that they can set or clear bits not present in RANDOM_HARVEST_PURE_MASK.

284

The array is not growing in this revision.

I agree about the C99 style array initialization, but that is a totally orthogonal cleanup.

sys/dev/random/random_harvestq.c
251

Oh yes you are right, sorry for the noise.

262

So should the code be changed to:

harvest_context.hc_source_mask = (value & ~RANDOM_HARVEST_PURE_MASK) | (orig_value & RANDOM_HARVEST_PURE_MASK);

?

Otherwise the user would be able to set an unset bit within RANDOM_HARVEST_PURE_MASK (but not clearing it)?

284

There is no description for RANDOM_PURE_VIRTIO and RANDOM_PURE_BROADCOM, should they be added? (I think the array should still be extended to ENTROPYSOURCE, by the way).

I agree that the cleanup being orthogonal to this change.

cem marked an inline comment as done.Oct 6 2017, 6:35 PM
cem added inline comments.
sys/dev/random/random_harvestq.c
262

Yes, I think your proposed change makes sense. I'll go ahead and make the change.

284

I guess they should be added, but I am not very familiar with how this array is used. It can be done in a subsequent revision.

cem marked an inline comment as done.

Ignore Pure source bits set by user sysctl.

sys/dev/random/random_harvestq.c
284

Well, its usage is in line 327 (previously 299). Because you have changed the loop from ENVIRONMENTAL_END to ENTROPYSOURCE, potentially the loop would access undefined area, and at minimum the array should be extended to ENTROPYSOURCE.

sys/dev/random/random_harvestq.c
284

Good point, I've made that change: https://reviews.freebsd.org/D12618

This revision was automatically updated to reflect the committed changes.