d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3782136ff1
freebsd-dev/sys
History
Conrad Meyer 3782136ff1 random(4): Restore availability tradeoff prior to r346250 
As discussed in that commit message, it is a dangerous default.  But the
safe default causes enough pain on a variety of platforms that for now,
restore the prior default.

Some of this is self-induced pain we should/could do better about; for
example, programmatic CI systems and VM managers should introduce entropy
from the host for individual VM instances.  This is considered a future work
item.

On modern x86 and Power9 systems, this may be wholly unnecessary after
D19928 lands (even in the non-ideal case where early /boot/entropy is
unavailable), because they have fast hardware random sources available early
in boot.  But D19928 is not yet landed and we have a host of architectures
which do not provide fast random sources.

This change adds several tunables and diagnostic sysctls, documented
thoroughly in UPDATING and sys/dev/random/random_infra.c.

PR:		230875 (reopens)
Reported by:	adrian, jhb, imp, and probably others
Reviewed by:	delphij, imp (earlier version), markm (earlier version)
Discussed with:	adrian
Approved by:	secteam(delphij)
Relnotes:	yeah
Security:	related
Differential Revision:	https://reviews.freebsd.org/D19944
2019-04-18 20:48:54 +00:00
..
amd64 Fix initial x87 state after r345562. 2019-04-16 19:46:02 +00:00
arm arm: allwinner: Fix audio for Allwinner H3/H5 2019-04-17 21:45:19 +00:00
arm64 Merge ACPICA 20190329. 2019-03-29 20:21:28 +00:00
bsm Create new EINTEGRITY error with message "Integrity check failed". 2019-01-17 06:35:45 +00:00
cam Add new fields to mmc_data in preparation to SDIO CMD53 block mode support 2019-04-10 19:49:35 +00:00
cddl powerpc/dtrace: Fix dtrace powerpc asm, and simplify stack walking 2019-04-13 03:32:21 +00:00
compat correct readlinkat(2) return type 2019-04-16 13:26:31 +00:00
conf ofw_graph: Add functions for graph bindings 2019-04-17 20:09:01 +00:00
contrib The nvlist_report_missing is also used by the cnvlist. 2019-04-11 04:24:41 +00:00
crypto Embedded chacha: Add 0-bit iv + 128-bit counter mode 2019-03-01 23:30:23 +00:00
ddb ddb: Print the thread's pcb in 'show thread' 2019-02-09 21:08:19 +00:00
dev random(4): Restore availability tradeoff prior to r346250 2019-04-18 20:48:54 +00:00
dts arm: dts: Remove some old DTS 2019-04-10 19:18:05 +00:00
fs Implement flag for telling cuse(3) clients if the peer is running in 32-bit 2019-04-18 19:04:07 +00:00
gdb
geom Implement automatic online expansion of GELI providers - if the underlying 2019-04-03 23:57:37 +00:00
gnu Import DTS files from Linux 5.0 2019-04-10 18:15:36 +00:00
i386 Fix initial x87 state after r345562. 2019-04-16 19:46:02 +00:00
isa
kern stack_protector: Add tunable to bypass random cookies 2019-04-16 18:47:20 +00:00
kgssapi * Handle SIGPIPE in gssd 2019-02-21 01:30:37 +00:00
libkern random(4): Restore availability tradeoff prior to r346250 2019-04-18 20:48:54 +00:00
mips random(4): Restore availability tradeoff prior to r346250 2019-04-18 20:48:54 +00:00
modules Add support for INET6 addresses to the kernel code that dumps open/lock state. 2019-04-13 22:00:09 +00:00
net iflib: Use new ether_gen_addr, restricting addresses to that subset 2019-04-17 17:19:54 +00:00
net80211 net80211: correct check for SMPS node flags updates 2019-03-18 02:40:22 +00:00
netgraph Remove 'dir' argument in ng_ipfw_input, since ip_fw_args now has this info. 2019-03-14 22:30:05 +00:00
netinet When sending IPv4 packets on a SOCK_RAW socket using the IP_HDRINCL option, 2019-04-13 10:47:47 +00:00
netinet6 Reinitialize multicast source filter structures after invalidation. 2019-04-11 08:00:59 +00:00
netipsec Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
netpfil pf: No need to M_NOWAIT in DIOCRSETTFLAGS 2019-04-18 11:37:44 +00:00
netsmb Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
nfs
nfsclient
nfsserver
nlm
ofed Mechanical cleanup of epoch(9) usage in network stack. 2019-01-09 01:11:19 +00:00
opencrypto Fix another bug introduced during the review process of r344140: 2019-02-25 19:14:16 +00:00
powerpc Move mpr/mps drivers from per-arch NOTES files into the MI notes 2019-04-13 06:30:45 +00:00
riscv RISC-V: initialize pcpu slightly earlier 2019-04-07 20:12:24 +00:00
rpc Fix malloc stats for the RPCSEC_GSS server code when DEBUG is enabled. 2019-04-04 01:23:06 +00:00
security Create kernel module to parse Veriexec manifest based on envs 2019-04-03 03:57:37 +00:00
sparc64 Move mpr/mps drivers from per-arch NOTES files into the MI notes 2019-04-13 06:30:45 +00:00
sys random(4): Restore availability tradeoff prior to r346250 2019-04-18 20:48:54 +00:00
teken Attempt to complete fixing programmable function keys for syscons. 2019-02-20 02:14:41 +00:00
tests Regularize the Netflix copyright 2019-02-04 21:28:25 +00:00
tools make_dtb.sh: Use $CPP instead of assuming that cpp is in $PATH 2018-12-14 23:53:28 +00:00
ufs Handle races when remounting UFS volume from ro to rw. 2019-04-08 15:20:05 +00:00
vm for a cache-only zone the destructor tries to destroy a non-existent keg 2019-04-12 12:46:25 +00:00
x86 Use correct type name. 2019-04-18 15:31:03 +00:00
xdr
xen xen: introduce a new way to setup event channel upcall 2019-01-30 11:34:52 +00:00
Makefile