d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
86def3dcd6
freebsd-dev/sys/kern
History
Conrad Meyer 86def3dcd6 getrandom(2): Add Linux GRND_INSECURE API flag 
Treat it as a synonym for GRND_NONBLOCK.  The reasoning is this:

We have two choices for handling Linux's GRND_INSECURE API flag.

1. We could ignore it completely (like GRND_RANDOM).  However, this might
produce the surprising result of GRND_INSECURE requests blocking, when the
Linux API does not block.

2. Alternatively, we could treat GRND_INSECURE requests as requests for
GRND_NONBLOCk.  Here, the surprising result for Linux programs is that
invocations with unseeded random(4) will produce EAGAIN, rather than
garbage.

Honoring the flag in the way Linux does seems fraught.  If we actually use
the output of a random(4) implementation prior to seeding, we leak some
entropy (in an information theory and also practical sense) from what will
be the initial seed to attackers (or allow attackers to arbitrary DoS
initial seeding, if we don't leak).  This seems unacceptable -- it defeats
the purpose of blocking on initial seeding.

Secondary to that concern, before seeding we may have arbitrarily little
entropy collected; producing output from zero or a handful of entropy bits
does not seem particularly useful to userspace.

If userspace can accept garbage, insecure, non-random bytes, they can create
their own insecure garbage with srandom(time(NULL)) or similar.  Any program
which would be satisfied with a 3-bit key CTR stream has no need for CSPRNG
bytes.  So asking the kernel to produce such an output from the secure
getrandom(2) API seems inane.

For now, we've elected to emulate GRND_INSECURE as an alternative spelling
of GRND_NONBLOCK (2).  Consider this API not-quite stable for now.  We
guarantee it will never block.  But we will attempt to monitor actual port
uptake of this bizarre API and may revise our plans for the unseeded
behavior (prior stable/13 branching).

Approved by:	csprng(markm), manpages(bcr)
See also:	https://lwn.net/ml/linux-kernel/cover.1577088521.git.luto@kernel.org/
See also:	https://lwn.net/ml/linux-kernel/20200107204400.GH3619@mit.edu/
Differential Revision:	https://reviews.freebsd.org/D23130
2020-01-12 20:47:38 +00:00
..
bus_if.m Add necessary bits for Linux KPI to work correctly on powerpc 2019-08-04 19:28:10 +00:00
capabilities.conf Add a shm_open2 syscall to support upcoming memfd_create 2019-09-25 17:59:15 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh
genoffset.c Merge td_epochnest with td_no_sleeping. 2019-10-29 17:28:25 +00:00
genoffset.sh
imgact_aout.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
imgact_binmisc.c
imgact_elf32.c
imgact_elf64.c
imgact_elf.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
imgact_shell.c
init_main.c random(9): Deprecate random(9), remove meaningless srandom(9) 2019-12-26 19:41:09 +00:00
init_sysent.c Jail and capability mode for shm_rename; add audit support for shm_rename 2019-11-18 13:31:16 +00:00
kern_acct.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_alq.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_clock.c sleep(9), sleepqueue(9): const'ify wchan pointers 2019-12-24 16:19:33 +00:00
kern_clocksource.c
kern_condvar.c
kern_conf.c devfs: introduce a per-dev lock to protect ->si_devsw 2019-11-30 16:46:19 +00:00
kern_cons.c kern_cons: add a stub kbdinit for configs with no keyboard/console drivers 2019-12-26 15:47:19 +00:00
kern_context.c
kern_cpu.c
kern_cpuset.c bitset: rename confusing macro NAND to ANDNOT 2019-12-13 09:32:16 +00:00
kern_ctf.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_descrip.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_dtrace.c
kern_dump.c [PPC64] Initial kernel minidump implementation 2019-10-14 13:04:04 +00:00
kern_environment.c Follow up r352244: kenv: tighten up assertions 2019-09-12 14:34:46 +00:00
kern_et.c
kern_event.c Avoid relying on header pollution from sys/refcount.h. 2019-07-29 20:26:01 +00:00
kern_exec.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_exit.c procdesc: allow to collect status through wait(1) if process is traced 2019-11-25 18:33:21 +00:00
kern_fail.c Use callout(9) instead of deprecated timeout(9) for fail points. 2019-12-13 19:26:04 +00:00
kern_ffclock.c
kern_fork.c schedlock 1/4 2019-12-15 21:11:15 +00:00
kern_hhook.c
kern_idle.c
kern_intr.c schedlock 4/4 2019-12-15 21:26:50 +00:00
kern_jail.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_kcov.c Change synchonization rules for vm_page reference counting. 2019-09-09 21:32:42 +00:00
kern_khelp.c
kern_kthread.c schedlock 1/4 2019-12-15 21:11:15 +00:00
kern_ktr.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
kern_ktrace.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_linker.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_lock.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
kern_lockf.c vfs: introduce v_irflag and make v_type smaller 2019-12-08 21:30:04 +00:00
kern_lockstat.c Add lockmgr(9) probes to the lockstat DTrace provider. 2019-08-21 23:43:58 +00:00
kern_loginclass.c Replace hand-rolled unrefs if > 1 with refcount_release_if_not_last 2018-12-07 16:11:45 +00:00
kern_malloc.c Change malloc_domain() to return the allocation size to the caller. 2020-01-09 15:02:48 +00:00
kern_mbuf.c Use a separate lock for the zone and keg. This provides concurrency 2020-01-04 03:15:34 +00:00
kern_mib.c Create a new sysctl subtree, machdep.mitigations. Its purpose is to organize 2019-11-15 23:27:17 +00:00
kern_module.c
kern_mtxpool.c Mark mtxpool_sleep as read mostly, not frequently. 2020-01-05 12:46:35 +00:00
kern_mutex.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
kern_ntptime.c
kern_osd.c
kern_physio.c Allocate pager bufs from UMA instead of 80-ish mutex protected linked list. 2019-01-15 01:02:16 +00:00
kern_pmc.c
kern_poll.c schedlock 4/4 2019-12-15 21:26:50 +00:00
kern_priv.c Check for probes enabled in priv_check_cred before evaluting the error. 2018-12-19 23:28:29 +00:00
kern_proc.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_procctl.c Add procctl(PROC_STACKGAP_CTL) 2019-09-03 18:56:25 +00:00
kern_prot.c Remove the useless return value from proc_set_cred 2019-12-14 00:43:17 +00:00
kern_racct.c proc: eliminate the zombproc list 2019-08-28 16:18:23 +00:00
kern_rangelock.c rangelock: add rangelock_cookie_assert 2019-09-15 02:59:53 +00:00
kern_rctl.c
kern_resource.c dd kern_getpriority(), make Linuxulator use it. 2020-01-12 14:25:44 +00:00
kern_rmlock.c Plug a warning in read-mostly spinlocks reported by gcc. 2019-12-27 13:37:19 +00:00
kern_rwlock.c locks: add default delay struct 2020-01-05 12:48:19 +00:00
kern_sdt.c
kern_sema.c
kern_sendfile.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_sharedpage.c Fix the last few cases that grab without busy or valid. The grab functions must 2019-12-02 22:38:25 +00:00
kern_shutdown.c Add "panicked" boolean which can be tested instead of panicstr 2020-01-12 06:09:10 +00:00
kern_sig.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
kern_switch.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
kern_sx.c locks: add default delay struct 2020-01-05 12:48:19 +00:00
kern_synch.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
kern_syscalls.c add a sanity check to the system call registration code 2019-12-11 15:52:29 +00:00
kern_sysctl.c kern_sysctl: make sysctl.debug work as intended 2020-01-06 19:47:59 +00:00
kern_tc.c Initialize timehands linkage much earlier. 2019-09-09 12:42:48 +00:00
kern_thr.c schedlock 1/4 2019-12-15 21:11:15 +00:00
kern_thread.c vfs: prealloc vnodes in getnewvnode_reserve 2020-01-11 22:58:14 +00:00
kern_time.c Disallow excessively small times of day in clock_settime(2). 2019-05-03 21:26:44 +00:00
kern_timeout.c Remove the deprecated timeout(9) interface. 2019-12-13 21:03:12 +00:00
kern_tslog.c
kern_ubsan.c Teach the kernel KUBSAN runtime about alignment_assumption 2019-05-28 09:12:15 +00:00
kern_umtx.c Rename umtxq_check_susp() to thread_check_susp() 2020-01-02 22:13:59 +00:00
kern_uuid.c Use sbuf_cat() in GEOM confxml generation. 2019-06-19 15:36:02 +00:00
kern_xxx.c
ksched.c
link_elf_obj.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
link_elf.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
linker_if.m
Make.tags.inc Remove a couple of harmless stray references to nandfs. 2019-06-25 16:39:25 +00:00
Makefile Set .ORDER for makesyscalls generated files 2020-01-10 18:24:17 +00:00
makesyscalls.sh Restore the ability to set capenabled directly in syscalls.conf. 2019-09-30 20:58:29 +00:00
md4c.c
md5c.c
msi_if.m
p1003_1b.c
pic_if.m
posix4_mib.c
sched_4bsd.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
sched_ule.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
serdev_if.m
stack_protector.c Revert r346292 (permit_nonrandom_stackcookies) 2019-05-13 23:37:44 +00:00
subr_acl_nfs4.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
subr_acl_posix1e.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
subr_atomic64.c emulated atomic64: disable interrupts as the lock mechanism on !SMP 2020-01-03 18:29:20 +00:00
subr_autoconf.c
subr_blist.c Simplify the processing a leaf mask to find big-enough ranges of set 2019-12-14 19:44:42 +00:00
subr_boot.c When parsing command line stuff, treat tabs and spaces the same. 2019-04-18 22:52:12 +00:00
subr_bufring.c
subr_bus_dma.c Add an external mbuf buffer type that holds multiple unmapped pages. 2019-06-29 00:48:33 +00:00
subr_bus.c gone_in(9): Trivial string grammar and style cleanups 2019-12-26 18:25:07 +00:00
subr_busdma_bufalloc.c
subr_capability.c
subr_clock.c Kill tz_minuteswest and tz_dsttime. 2019-03-12 04:49:47 +00:00
subr_compressor.c GZIO: Update to use zlib 1.2.11. 2019-08-25 07:50:44 +00:00
subr_counter.c
subr_coverage.c Extract the coverage sanitizer KPI to a new file. 2019-01-29 11:04:17 +00:00
subr_csan.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
subr_devmap.c Print upper 32 bits in devmap table entries 2019-12-20 03:40:53 +00:00
subr_devstat.c Use atomic for start_count in devstat_start_transaction(). 2019-12-30 03:13:38 +00:00
subr_disk.c Fix botched merge with 355066 2019-03-12 05:10:41 +00:00
subr_dummy_vdso_tc.c
subr_early.c
subr_epoch.c Restore important comment in RCU/EPOCH support in FreeBSD after r355784. 2019-12-18 09:30:32 +00:00
subr_eventhandler.c Include ktr.h in more compilation units 2019-05-21 20:38:48 +00:00
subr_fattime.c
subr_filter.c This commit adds BBR (Bottleneck Bandwidth and RTT) congestion control. This 2019-09-24 18:18:11 +00:00
subr_firmware.c Factor out check for mounted root file system. 2019-11-28 08:47:36 +00:00
subr_gtaskqueue.c schedlock 1/4 2019-12-15 21:11:15 +00:00
subr_hash.c
subr_hints.c
subr_intr.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
subr_kdb.c bitset: rename confusing macro NAND to ANDNOT 2019-12-13 09:32:16 +00:00
subr_kobj.c Prevent some kobj memory allocation failures from panicking the system. 2019-01-31 22:27:39 +00:00
subr_lock.c locks: add default delay struct 2020-01-05 12:48:19 +00:00
subr_log.c
subr_mchain.c
subr_module.c
subr_msgbuf.c
subr_param.c riscv: restore default HZ=1000, keep QEMU at HZ=100 2019-09-07 05:13:31 +00:00
subr_pcpu.c schedlock 1/4 2019-12-15 21:11:15 +00:00
subr_pctrie.c kern/subr_pctrie: Fix mismatched signedness in assertion comparison 2019-04-06 21:56:24 +00:00
subr_pidctrl.c
subr_power.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
subr_prf.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
subr_prof.c
subr_rangeset.c Implement rangesets. 2019-02-20 09:38:19 +00:00
subr_rman.c add support for marking interrupt handlers as suspended 2018-12-17 17:11:00 +00:00
subr_rtc.c
subr_sbuf.c sbuf(9): Add sbuf_nl_terminate() API 2019-08-07 19:27:14 +00:00
subr_scanf.c Add support for 'j', 't' and 'z' flags to kernel sscanf(). 2019-08-16 19:46:22 +00:00
subr_sfbuf.c
subr_sglist.c Add an external mbuf buffer type that holds multiple unmapped pages. 2019-06-29 00:48:33 +00:00
subr_sleepqueue.c sleep(9), sleepqueue(9): const'ify wchan pointers 2019-12-24 16:19:33 +00:00
subr_smp.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
subr_stack.c Add debugging facility EPOCH_TRACE that checks that epochs entered are 2019-09-25 18:26:31 +00:00
subr_stats.c random(9): Deprecate random(9), remove meaningless srandom(9) 2019-12-26 19:41:09 +00:00
subr_syscall.c Don't pass error from syscallenter() to syscallret(). 2019-07-15 21:25:16 +00:00
subr_taskqueue.c schedlock 1/4 2019-12-15 21:11:15 +00:00
subr_terminal.c kernel terminal should initialize fg and bg variables before calling TUNABLE_INT_FETCH 2019-09-26 07:19:26 +00:00
subr_trap.c vfs: prealloc vnodes in getnewvnode_reserve 2020-01-11 22:58:14 +00:00
subr_turnstile.c schedlock 4/4 2019-12-15 21:26:50 +00:00
subr_uio.c
subr_unit.c kern/subr_unit: Rip srandomdev, random(3) out of dead code 2019-12-13 04:48:20 +00:00
subr_vmem.c Use a precise bit count for the slab free items in UMA. This significantly 2019-12-02 22:44:34 +00:00
subr_witness.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
sys_capability.c Let kern.trap_enotcap be set as a tunable. 2018-12-06 17:29:37 +00:00
sys_generic.c posix_fallocate: push vnop implementation into the fileop layer 2020-01-08 19:05:32 +00:00
sys_getrandom.c getrandom(2): Add Linux GRND_INSECURE API flag 2020-01-12 20:47:38 +00:00
sys_pipe.c Fix handling of PIPE_EOF in the direct write path. 2019-11-11 20:44:30 +00:00
sys_procdesc.c procdesc: allow to collect status through wait(1) if process is traced 2019-11-25 18:33:21 +00:00
sys_process.c Define macro VM_MAP_ENTRY_FOREACH for enumerating the entries in a vm_map. 2019-10-08 07:14:21 +00:00
sys_socket.c
syscalls.c sysent: regenerate after r352747. 2019-09-26 15:41:10 +00:00
syscalls.master Jail and capability mode for shm_rename; add audit support for shm_rename 2019-11-18 13:31:16 +00:00
systrace_args.c sysent: regenerate after r354835 2019-11-18 23:31:12 +00:00
sysv_ipc.c sysv: get rid of fork/exit hooks if the code is compiled in 2019-05-04 19:05:30 +00:00
sysv_msg.c
sysv_sem.c
sysv_shm.c Simplify anonymous memory handling with an OBJ_ANON flag. This eliminates 2019-11-19 23:19:43 +00:00
tty_compat.c
tty_info.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
tty_inq.c
tty_outq.c
tty_pts.c tty_pts: don't rely on tty header pollution for sys/mutex.h 2019-11-29 03:56:01 +00:00
tty_tty.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
tty_ttydisc.c
tty.c vfs: introduce v_irflag and make v_type smaller 2019-12-08 21:30:04 +00:00
uipc_accf.c
uipc_debug.c
uipc_domain.c Remove pfctlinput2(). It came from KAME and had never ever been in use. 2019-10-15 15:40:03 +00:00
uipc_ktls.c ktls_session zone: don't need to specify uma trash 2019-11-29 06:25:03 +00:00
uipc_mbuf2.c m_pulldown(): Change an if () panic() into a KASSERT(). 2019-11-06 22:40:19 +00:00
uipc_mbuf.c kTLS: Fix a bug where we would not encrypt anon data inplace. 2019-09-27 20:08:19 +00:00
uipc_mbufhash.c
uipc_mqueue.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
uipc_sem.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
uipc_shm.c shmfd: posix_fallocate(2): only take rangelock for section we need 2020-01-09 04:03:17 +00:00
uipc_sockbuf.c sysctl: hide 2.x era compat node 2020-01-02 01:23:43 +00:00
uipc_socket.c Cleanup unneeded includes that crept in with r353292. 2019-10-09 16:59:42 +00:00
uipc_syscalls.c Only enable COMPAT_43 changes for syscalls ABI for a.out processes. 2019-08-11 19:16:07 +00:00
uipc_usrreq.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_acl.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_aio.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_bio.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
vfs_cache.c vfs: incomplete pass at converting more ints to u_long 2020-01-11 22:56:20 +00:00
vfs_cluster.c Do not use waitable allocation of pbuf when creating cluster for write. 2019-12-23 20:15:19 +00:00
vfs_default.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_export.c
vfs_extattr.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_hash.c vfs: incomplete pass at converting more ints to u_long 2020-01-11 22:56:20 +00:00
vfs_init.c vfs: add optional root vnode caching 2019-10-06 22:14:32 +00:00
vfs_lookup.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_mount.c vfs: reimplement deferred inactive to use a dedicated flag (VI_DEFINACT) 2020-01-07 15:56:24 +00:00
vfs_mountroot.c vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00
vfs_subr.c Add KERNEL_PANICKED macro for use in place of direct panicstr tests 2020-01-12 06:07:54 +00:00
vfs_syscalls.c posix_fallocate: push vnop implementation into the fileop layer 2020-01-08 19:05:32 +00:00
vfs_vnops.c posix_fallocate: push vnop implementation into the fileop layer 2020-01-08 19:05:32 +00:00
vnode_if.src vfs: drop the mostly unused flags argument from VOP_UNLOCK 2020-01-03 22:29:58 +00:00