Commit Graph

205 Commits

Author SHA1 Message Date
Poul-Henning Kamp
f7e6cbd933 Fix off-by-one (too little!) array size problem.
Detected by:	Coverity (ID#661)
2005-03-18 07:13:35 +00:00
Hajimu UMEMOTO
68527b3aad stop including rijndael-api-fst.h from rijndael.h.
this is required to integrate opencrypto into crypto.
2005-03-11 15:42:51 +00:00
Joerg Wunsch
a5f50ef9e4 netchild's mega-patch to isolate compiler dependencies into a central
place.

This moves the dependency on GCC's and other compiler's features into
the central sys/cdefs.h file, while the individual source files can
then refer to #ifdef __COMPILER_FEATURE_FOO where they by now used to
refer to #if __GNUC__ > 3.1415 && __BARC__ <= 42.

By now, GCC and ICC (the Intel compiler) have been actively tested on
IA32 platforms by netchild.  Extension to other compilers is supposed
to be possible, of course.

Submitted by:	netchild
Reviewed by:	various developers on arch@, some time ago
2005-03-02 21:33:29 +00:00
Ian Dowse
1c7178ce25 Check that we have at least a 586-class CPU before calling do_cpuid().
This fixes booting on a number of 486 processors.

PR:		i386/75686
Reviewed by:	markm
MFC after:	1 week
2005-02-06 16:55:52 +00:00
Poul-Henning Kamp
4c4a94cefe Check O_NONBLOCK not IO_NDELAY.
Don't include vnode.h
2004-12-22 17:29:37 +00:00
John Baldwin
6ac27fe1e6 Don't change the priority to PUSER when sleeping, just keep the current
priority.
2004-11-05 20:15:06 +00:00
Robert Watson
b899bc84c5 (1) Move from O(n) list copies to O(1) list concatenation, which is
supported for STAILQ via STAILQ_CONCAT().

(2) Maintain a count of the number of entries in the thread-local entropy
    fifo so that we can keep the other fifo counts in synch.

MFC after:	3 weeks
MFC with:	randomdev_soft.c revisions 1.5 and 1.6
Suggested by:   jhb (1)
2004-11-03 10:02:50 +00:00
Robert Watson
8f30dde5fe Annotate that get_cyclecount() can be expensive on some platforms,
which juxtaposes nicely with the comment just above on how the
harvest function must be cheap.
2004-10-18 19:29:13 +00:00
Robert Watson
f5c3a74502 Assert that the entropy source category provided by a caller submitting
entropy is valid, as an invalid source will cause dereferencing of an
array of queues to an incorrect memory location.
2004-10-12 14:57:14 +00:00
Robert Watson
a28ce935d9 Modify entropy harvesting locking strategy:
- Trade off granularity to reduce overhead, since the current model
  doesn't appear to reduce contention substantially: move to a single
  harvest mutex protecting harvesting queues, rather than one mutex
  per source plus a mutex for the free list.

- Reduce mutex operations in a harvesting event to 2 from 4, and
  maintain lockless read to avoid mutex operations if the queue is
  full.

- When reaping harvested entries from the queue, move all entries from
  the queue at once, and when done with them, insert them all into a
  thread-local queue for processing; then insert them all into the
  empty fifo at once.  This reduces O(4n) mutex operations to O(2)
  mutex operations per wakeup.

In the future, we may want to look at re-introducing granularity,
although perhaps at the granularity of the source rather than the
source class; both the new and old strategies would cause contention
between different instances of the same source (i.e., multiple
network interfaces).

Reviewed by:	markm
2004-10-09 22:04:13 +00:00
Robert Watson
38c9c1708b Perform a lockless read to test whether an entropy havesting fifo is
full, avoiding the cost of mutex operations if it is.  We re-test
once the mutex is acquired to make sure it's still true before doing
the -modify-write part of the read-modify-write.  Note that due to
the maximum fifo depth being pretty deep, this is unlikely to improve
harvesting performance yet.

Approved by:	markm
2004-08-11 03:33:32 +00:00
Mark Murray
ce46e2059e Add module versions. 2004-08-02 20:42:28 +00:00
Mark Murray
587d5fc63b Start the entropy device insecure/unblocked. I'll be handing over
responsibility for critical randomness requirements (like sshd)
to rc.d/*

Requested by: many
2004-07-18 09:07:58 +00:00
Poul-Henning Kamp
3e019deaed Do a pass over all modules in the kernel and make them return EOPNOTSUPP
for unknown events.

A number of modules return EINVAL in this instance, and I have left
those alone for now and instead taught MOD_QUIESCE to accept this
as "didn't do anything".
2004-07-15 08:26:07 +00:00
John Baldwin
39981fed82 Trim a few things from the dmesg output and stick them under bootverbose to
cut down on the clutter including PCI interrupt routing, MTRR, pcibios,
etc.

Discussed with:	USENIX Cabal
2004-07-01 07:46:29 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Poul-Henning Kamp
41ee9f1c69 Add some missing <sys/module.h> includes which are masked by the
one on death-row in <sys/kernel.h>
2004-05-30 17:57:46 +00:00
Mark Murray
5564b4b984 Add a Davies-Meyer style hash to the output. This is still pure
Nehemiah chip, but the work is all done in hardware.

There are three opportunities to add other entropy; the Data
Buffer, the Cipher's IV and the Cipher's key. A future commit
will exploit these opportunities.
2004-04-17 19:26:53 +00:00
Mark Murray
fa2d865bad More removal of the abortive locking code; malloc buffers when
needed, rather than potentially reusing contents.
2004-04-17 19:23:15 +00:00
Mark Murray
55636152d5 Attempts to make this device Giant-free were ill-conceived as
uiomove(9) is not properly locked. So, return to NEEDGIANT
mode. Later, when uiomove is finely locked, I'll revisit.

While I'm here, provide some temporary debugging output to
help catch blocking startups.
2004-04-16 17:10:54 +00:00
Mark Murray
2a8b87d883 Default to harvesting everything. This is to help give a faster
startup. harvesting can be turned OFF in etc/rc.d/* if it is a
burden.
2004-04-16 17:07:11 +00:00
Mark Murray
f587c6bf9f Fix "sleeping without a mutex" panic. 2004-04-12 09:13:24 +00:00
Yoshihiro Takahashi
55fda92f91 Fix pc98 build. 2004-04-11 09:13:42 +00:00
Mark Murray
e7806b4c0e Reorganise the entropy device so that high-yield entropy sources
can more easily be used INSTEAD OF the hard-working Yarrow.
The only hardware source used at this point is the one inside
the VIA C3 Nehemiah (Stepping 3 and above) CPU. More sources will
be added in due course. Contributions welcome!
2004-04-09 15:47:10 +00:00
John Baldwin
6074439965 kthread_exit() no longer requires Giant, so don't force callers to acquire
Giant just to call kthread_exit().

Requested by:	many
2004-03-05 22:42:17 +00:00
Poul-Henning Kamp
dc08ffec87 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
Poul-Henning Kamp
74cf585544 Correct the cleanup of the alias dev_t for /dev/urandom: being an
alias it depends on the aliased dev_t and disappears automatically
when that is removed.

Submitted by:	"Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
2004-02-12 20:46:49 +00:00
Mark Murray
4e3a7a14d9 Fix a major faux pas of mine. I was causing 2 very bad things to
happen in interrupt context; 1) sleep locks, and 2) malloc/free
calls.

1) is fixed by using spin locks instead.

2) is fixed by preallocating a FIFO (implemented with a STAILQ)
   and using elements from this FIFO instead. This turns out
   to be rather fast.

OK'ed by:	re (scottl)
Thanks to:	peter, jhb, rwatson, jake
Apologies to:	*
2003-11-20 15:35:48 +00:00
Mark Murray
0887c8c110 Overhaul the entropy device:
o Each source gets its own queue, which is a FIFO, not a ring buffer.
  The FIFOs are implemented with the sys/queue.h macros. The separation
  is so that a low entropy/high rate source can't swamp the harvester
  with low-grade entropy and destroy the reseeds.

o Each FIFO is limited to 256 (set as a macro, so adjustable) events
  queueable. Full FIFOs are ignored by the harvester. This is to
  prevent memory wastage, and helps to keep the kernel thread CPU
  usage within reasonable limits.

o There is no need to break up the event harvesting into ${burst}
  sized chunks, so retire that feature.

o Break the device away from its roots with the memory device, and
  allow it to get its major number automagically.
2003-11-17 23:02:21 +00:00
Seigo Tanimura
512824f8f7 - Implement selwakeuppri() which allows raising the priority of a
thread being waken up.  The thread waken up can run at a priority as
  high as after tsleep().

- Replace selwakeup()s with selwakeuppri()s and pass appropriate
  priorities.

- Add cv_broadcastpri() which raises the priority of the broadcast
  threads.  Used by selwakeuppri() if collision occurs.

Not objected in:	-arch, -current
2003-11-09 09:17:26 +00:00
Mark Murray
f757589236 Make sure we get all user-written input. This simplifies the
code considerably.

Submitted by:	(forgotten)
[I'll happily acknowledge the submitter if he owns up!]
2003-11-02 10:55:16 +00:00
David E. O'Brien
aad970f1fe Use __FBSDID().
Also some minor style cleanups.
2003-08-24 17:55:58 +00:00
Poul-Henning Kamp
68c2a41e6c Change the sleep identifier to "-" where random normally sleeps. 2003-07-02 08:04:57 +00:00
Poul-Henning Kamp
7ac40f5f59 Gigacommit to improve device-driver source compatibility between
branches:

Initialize struct cdevsw using C99 sparse initializtion and remove
all initializations to default values.

This patch is automatically generated and has been tested by compiling
LINT with all the fields in struct cdevsw in reverse order on alpha,
sparc64 and i386.

Approved by:    re(scottl)
2003-03-03 12:15:54 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Andrey A. Chernov
952b6153de Remove srandom():
1) It is already called in init_main.c:proc0_post()
2) It is called each time read_random_phony() called, because "initialized"
variable is never set to 1.

Approved by:    markm
2003-02-05 15:56:04 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Mark Murray
340a8a91c3 Fix a buffer overrun in /dev/random which, due to the nature of the
kernel memory allocator, is harmless. This could be a problem for
other systems, though. I've modified Darren's patch a little.

Original patch by: Darren Schack, Isilon Systems, Inc <darrens@isilon.com>
Also analysed by:  SGI, and in particular Divy Le Ray of SGI
OK'ed by:          re(rwatson)
2002-12-12 17:38:45 +00:00
Scott Long
316ec49abd Some kernel threads try to do significant work, and the default KSTACK_PAGES
doesn't give them enough stack to do much before blowing away the pcb.
This adds MI and MD code to allow the allocation of an alternate kstack
who's size can be speficied when calling kthread_create.  Passing the
value 0 prevents the alternate kstack from being created.  Note that the
ia64 MD code is missing for now, and PowerPC was only partially written
due to the pmap.c being incomplete there.
Though this patch does not modify anything to make use of the alternate
kstack, acpi and usb are good candidates.

Reviewed by:	jake, peter, jhb
2002-10-02 07:44:29 +00:00
Mark Murray
a0a95acece Remove #ifdef'ed Giant mutex wrappers round debugging statements. 2002-09-21 21:44:19 +00:00
Mark Murray
b0186e2c5c No functional change. Fix comments and whitespace. 2002-09-21 21:40:02 +00:00
Mark Murray
bbf09ad887 Upgrade the random device to use a "real" hash instead of building
one out of a block cipher. This has 2 advantages:
1) The code is _much_ simpler
2) We aren't committing our security to one algorithm (much as we
   may think we trust AES).

While I'm here, make an explicit reseed do a slow reseed instead
of a fast; this is in line with what the original paper suggested.
2002-07-15 13:58:35 +00:00
Mark Murray
815eb79cb8 Fix really dumb braino of mine; cast a sizeof() to an int, which it is
being compared to, not size_t, which it already is.
2002-04-21 11:02:36 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Mark Murray
4a7cdfd7b9 Provide infrastructure for harvesting SWI entropy. 2002-03-03 20:09:42 +00:00
Mark Murray
e119960112 Massive lint-inspired cleanup.
Remove unneeded includes.
Deal with unused function arguments.
Resolve a boatload of signed/unsigned imcompatabilities.
Etc.
2002-03-03 19:44:22 +00:00
John Baldwin
a854ed9893 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
Mike Smith
5390e1bc8f Staticise the random_state array.
Reviewed by:	markm
2002-01-10 00:09:21 +00:00
Robert Watson
19f1565901 o Modify open() and close() for /dev/random to use securelevel_gt() instead
of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:15:42 +00:00
John Baldwin
ed01445d8f Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:46:54 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Peter Wemm
4b53602153 Fix a minor buglet/typo here that gcc3 complains about. 2001-09-10 01:27:23 +00:00
Mark Murray
87242f3724 Fix type warnings.
PR: 29101
2001-07-20 08:58:04 +00:00
Mark Murray
fb919e4d5a Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
other "system" header files.

Also help the deprecation of lockmgr.h by making it a sub-include of
sys/lock.h and removing sys/lockmgr.h form kernel .c files.

Sort sys/*.h includes where possible in affected files.

OK'ed by:	bde (with reservations)
2001-05-01 08:13:21 +00:00
John Baldwin
f34fa851e0 Catch up to header include changes:
- <sys/mutex.h> now requires <sys/systm.h>
- <sys/mutex.h> and <sys/sx.h> now require <sys/lock.h>
2001-03-28 09:17:56 +00:00
Mark Murray
d2de224265 Fix nasty corruption problem where a 64bit variable was being used
(overflowed) to catch a 256bit result.

Hard work done by:	jhb
2001-03-28 06:27:42 +00:00
Poul-Henning Kamp
f83880518b Send the remains (such as I have located) of "block major numbers" to
the bit-bucket.
2001-03-26 12:41:29 +00:00
Mark Murray
41bc9751be Allow bog-standard ioctls through. There are really handled in
higher layers, but there needs to be a "no-error" return here.
2001-03-25 06:55:19 +00:00
Mark Murray
02880f27f4 Silence (harmless) warnings. 2001-03-24 08:38:42 +00:00
Mark Murray
02c986ab54 Very large makeover of the /dev/random driver.
o Separate the kernel stuff from the Yarrow algorithm. Yarrow is now
  well contained in one source file and one header.

o Replace the Blowfish-based crypto routines with Rijndael-based ones.
  (Rijndael is the new AES algorithm). The huge improvement in
  Rijndael's key-agility over Blowfish means that this is an
  extremely dramatic improvement in speed, and makes a heck of
  a difference in its (lack of) CPU load.

o Clean up the sysctl's. At BDE's prompting, I have gone back to
  static sysctls.

o Bug fixes. The streamlining of the crypto stuff enabled me to
  find and fix some bugs. DES also found a bug in the reseed routine
  which is fixed.

o Change the way reseeds clear "used" entropy. Previously, only the
  source(s) that caused a reseed were cleared. Now all sources in the
  relevant pool(s) are cleared.

o Code tidy-up. Mostly to make it (nearly) 80-column compliant.
2001-03-10 12:51:55 +00:00
Mark Murray
61e934f038 Take down a comment that is no longer true.
/dev/random is ready for prime time!
2001-03-03 14:35:01 +00:00
Mark Murray
14636c3b51 Provide the infrastructure for sysadmins to select the broad class
of entropy harvesting they wish to perform: "ethernet" (LAN),
point-to-point and interrupt.
2001-02-18 17:40:47 +00:00
Mark Murray
d70736850e Make a big improvement to entropy-harvesting speed by not having any
locks (only atomic assigns) in the harvest ringbuffer.
2001-02-11 16:21:35 +00:00
Bosko Milekic
9ed346bab0 Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:

mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)

similarily, for releasing a lock, we now have:

mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.

The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.

Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:

MTX_QUIET and MTX_NOSWITCH

The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:

mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.

Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.

Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.

Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.

Finally, caught up to the interface changes in all sys code.

Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
Jeroen Ruigrok van der Werven
58d8a85e29 Fix typos: initalise -> initialise.
Initalise is not an english word.
2001-02-08 20:28:57 +00:00
Mark Murray
b79ad7e642 Remove NOBLOCKRANDOM as a compile-time option. Instead, provide
exactly the same functionality via a sysctl, making this feature
a run-time option.

The default is 1(ON), which means that /dev/random device will
NOT block at startup.

setting kern.random.sys.seeded to 0(OFF) will cause /dev/random
to block until the next reseed, at which stage the sysctl
will be changed back to 1(ON).

While I'm here, clean up the sysctls, and make them dynamic.
Reviewed by:		des
Tested on Alpha by:	obrien
2001-01-14 17:50:15 +00:00
Garrett Wollman
0a2c3d48c6 select() DKI is now in <sys/selinfo.h>. 2001-01-09 04:33:49 +00:00
Mark Murray
84d4f509f0 Major speedup to /dev/random and the kernel thread that reseeds it.
There is no more TAILQ fifo to harvest the entropy; instead, there
is a circular buffer of constant size (changeable by macro) that
pretty dramatically improves the speed and fixes potential slowdowns-
by-locking.

Also gone are a slew of malloc(9) and free(9) calls; all harvesting
buffers are static.

All-in-all, this is a good performance improvement.

Thanks-to:	msmith for the circular buffer concept-code.
2000-12-02 18:40:16 +00:00
Mark Murray
17c9715049 Fix safety-net code. While technically a bug, I'm delighted to see
that it has never (apparently) been invoked.

Submitted by:	ache
2000-11-26 09:58:18 +00:00
Mark Murray
5d4e386e64 D'uh. The explicit reseed was happening at the wrong security/privelige
levels.
2000-11-25 20:08:07 +00:00
Mark Murray
5063615923 Greatly improve the boot-up unblocking time of the entropy device. 2000-11-25 19:13:29 +00:00
Mark Murray
caccf5c400 More comment changing. Keep documentation in one place. 2000-11-25 18:00:54 +00:00
Mark Murray
24242537f8 Correct a comment. This represents a very minor policy change of my
intentions with this code.
2000-11-25 17:58:11 +00:00
Mark Murray
e73a42f8fb Stop explicitly using nanotime(9) and use the new get_cyclecounter(9)
call instead.

This makes a pretty dramatic difference to the amount of work that
the harvester needs to do - it is much friendlier on the system.
(80386 and 80486 class machines will notice little, as the new
get_cyclecounter() call is a wrapper round nanotime(9) for them).
2000-11-25 17:09:01 +00:00
Poul-Henning Kamp
cf9fa8e725 Move suser() and suser_xxx() prototypes and a related #define from
<sys/proc.h> to <sys/systm.h>.

Correctly document the #includes needed in the manpage.

Add one now needed #include of <sys/systm.h>.
Remove the consequent 48 unused #includes of <sys/proc.h>.
2000-10-29 16:06:56 +00:00
Poul-Henning Kamp
53ce36d17a Remove unneeded #include <sys/proc.h> lines. 2000-10-29 13:57:19 +00:00
Mark Murray
5f3431b5ad As the blocking model has seems to be troublesome for many, disable
it for now with an option.

This option is already deprecated, and will be removed when the
entropy-harvesting code is fast enough to warrant it.
2000-10-27 06:06:04 +00:00
John Baldwin
35e0e5b311 Catch up to moving headers:
- machine/ipl.h -> sys/ipl.h
- machine/mutex.h -> sys/mutex.h
2000-10-20 07:58:15 +00:00
Peter Wemm
93d88e0056 Attempt to fix the random read blocking. The old code slept at
priority "0" and without PCATCH, so it was uninterruptable.  And
even when it did wake up after entropy arrived, it exited after the
wakeup without actually reading the freshly arrived entropy.  I
sent this to Mark before but it seems he is in transit.
Mark: feel free to replace this if it gets in your way.
2000-10-18 10:39:18 +00:00
Mark Murray
a6278a2a42 After some complaints about the dir names, the random device is
now in dirs called sys/*/random/ instead of sys/*/randomdev/*.

Introduce blocking, but only at startup; the random device will
block until the first reseed happens to prevent clients from
using untrustworthy output.

Provide a read_random() call for the rest of the kernel so that
the entropy device does not need to be present. This means that
things like IPX no longer need to have "device random" hardcoded
into thir kernel config. The downside is that read_random() will
provide very poor output until the entropy device is loaded and
reseeded. It is recommended that developers do NOT use the
read_random() call; instead, they should use arc4random() which
internally uses read_random().

Clean up the mutex and locking code a bit; this makes it possible
to unload the module again.
2000-10-14 10:59:56 +00:00
Mark Murray
4a8612fd41 Remove unneeded includes.
Submitted by:	phk
2000-09-21 06:23:16 +00:00
Robert Watson
c4ff4a8467 Include <sys/proc.h> to silence suser() compiler warning.
Approved by:	markm
2000-09-18 20:42:04 +00:00
John Baldwin
606f8eb27a Remove the mtx_t, witness_t, and witness_blessed_t types. Instead, just
use struct mtx, struct witness, and struct witness_blessed.

Requested by:	bde
2000-09-14 20:15:16 +00:00
Mark Murray
d0d519348d The "struct proc" argument to read_random was ill-conceived, and a
hangover from previous experimentation. Remove it. This will clean
up gratuitous needs for forward references and other namespace
pollution.
Moaned about by:	bde
Brought to my attention by:	bp
2000-09-12 13:13:22 +00:00
John Baldwin
ecbcd538a4 Move the prototypes for random_set_wakeup* from yarrow.c to yarrow.h so that
both yarrow.c and harvest.c can use them.

Approved by:	markm
2000-09-11 19:31:28 +00:00
John Baldwin
2ed0f9191a - Use RFHIGHPID when creating the kthread to get a more sensible pid.
- Don't fake walking a tailq.  Instead, use a while loop that pulls items
  off the head of the queue while the queue is not empty.
2000-09-11 04:09:08 +00:00
Mark Murray
4d87a031c0 Large upgrade to the entropy device; mainly inspired by feedback
from many folk.

o The reseed process is now a kthread. With SMPng, kthreads are
  pre-emptive, so the annoying jerkiness of the mouse is gone.

o The data structures are protected by mutexes now, not splfoo()/splx().

o The cryptographic routines are broken out into their own subroutines.
  this facilitates review, and possible replacement if that is ever
  found necessary.

Thanks to:		kris, green, peter, jasone, grog, jhb
Forgotten to thank:	You know who you are; no offense intended.
2000-09-10 13:52:19 +00:00
Mark Murray
7aa4389a6c o Fix a horrible bug where small reads (< 8 bytes) would return the
wrong bytes.

o Improve the public interface; use void* instead of char* or u_int64_t
  to pass arbitrary data around.
Submitted by:	kris ("horrible bug")
2000-07-25 21:18:47 +00:00
Mark Murray
c90a8fc9a5 Clean this up with some BDE-inspired fixes.
o Make the comments KNF-compliant.
o Use nanotime instead of getnanotime; the manpage lies about the
  kern.timecounter.method - it has been removed.
o Fix the ENTROPYSOURCE const permanently.
o Make variable names more consistent.
o Make function prototypes more consistent.

Some more needs to be done; to follow.
2000-07-23 11:08:16 +00:00
Mark Murray
720a3741cf Add randomness write functionality. This does absolutely nothing for
entropy estimation, but causes an immediate reseed after the input
(read in sizeof(u_int64_t) chunks) is "harvested".

This will be used in the reboot "reseeder", coming in another
commit. This can be used very effectively at any time you think
your randomness is compromised; something like

# (ps -gauxwww; netstat -an; dmesg; vmstat -c10 1) > /dev/random

will give the attacker something to think about.
2000-07-17 12:23:04 +00:00
Mark Murray
4d0e6f79d6 Storing to a pointer is (effectively) atomic; no need to protect this
with splhigh(). However, the entropy-harvesting routine needs pretty
serious irq-protection, as it is called out of irq handlers etc.

Clues given by:	bde
2000-07-11 19:37:25 +00:00
Mark Murray
7978f67e28 I think I need to move the newly static variables to the random_state
structure; remind myself in the cooments. Also regroup all the Yarrow
variables at the top of the variable list; they are "special".
(no functional change).
2000-07-11 18:35:33 +00:00
Brian Feldman
87a478de7b One should never allocate 4-kilobyte structs and such on the interrupt
stack.  It's bad for your machine's health.

Make the two huge structs in reseed() static to prevent crashes.  This
is the bug that people have been running into and panic()ing on for the
past few days.

Reviewed by:	phk
2000-07-11 06:47:38 +00:00
Mark Murray
fb15ada363 Provide more splsofttq() protection for the reseed task (running out of
taskqueue_swi).
2000-07-10 06:40:23 +00:00
Mark Murray
43975bd56c Make sure that tasks (running out of taskqueue_swi at splsofttq)
are not interfered with by the harvester.
2000-07-09 16:00:31 +00:00
Mark Murray
585ebe2b41 Yarrow tweaks; separate the fast and slow reseed tasks so that they don't
stomp on each other; provide constant names (as enums) for the harvester
to use (makes it more self-documenting).
2000-07-09 11:52:12 +00:00
Mark Murray
769afb047c Fix bug with a vraiable that needs to be per-process, not static;
fix formatting of long macros.

Pointed out by:	bde
2000-07-09 11:49:07 +00:00
Mark Murray
c9ec235ca1 Add entropy gathering code. This will work whether the module is
compiled in or loaded.
2000-07-07 09:03:59 +00:00
Mark Murray
d44f401738 Staticize a variable.
This fixes the case where linking randomdev into the kernel statically
can cause panics at shutdown time.

Reported by:	sos
2000-06-28 18:51:15 +00:00
Mark Murray
1f67cd8737 I am guilty of an act of ommission. There is no longer a /dev/urandom
device with Yarrow, and although I coded for that in dev/MAKEDEV, I forgot
to _tell_ folks.

This commit adds back the /dev/urandom device (as a duplicate) of /dev/random,
until such time as it can be properly announced.

This will help the openssl users quite a lot.
2000-06-27 09:38:40 +00:00
Mark Murray
d4262fb0dd style(9) fixes from BDE.
We shouldn't use '#include ""', rather '#include<>'.
2000-06-26 12:14:20 +00:00
Mark Murray
d147096d0f Fix include for non-module case.
Thanks-to:	SOS
2000-06-25 20:03:44 +00:00
Mark Murray
39d9385710 Fix include for the non-module case.
Thanks-to:	SOS
2000-06-25 19:00:20 +00:00
Mark Murray
4db9ae91ff New machine-independant /dev/random driver.
This is work-in-progress, and the entropy-gathering routines are not
yet present. As such, this should be viewed as a pretty reasonable
PRNG with _ABSOLUTELY_NO_ security!!

Entropy gathering will be the subject of ongoing work.

This is written as a module, and as such is unloadable, but there is
no refcounting done. I would like to use something like device_busy(9)
to achieve this (eventually).

Lots of useful ideas from:	bde, phk, Jeroen van Gelderen

Reviewed by:	dfr
2000-06-25 08:38:58 +00:00