Snapshot.

Looking pretty good; this mostly works now. New code includes: * Read cached entropy at startup, both from files and from loader(8) preloaded entropy. Failures are soft, but announced. Untested. * Use EVENTHANDLER to do above just before we go multiuser. Untested.
2013-10-06 22:45:02 +00:00 · 2013-10-06 22:45:02 +00:00 · 1a3c1f06dd
commit 1a3c1f06dd
parent d94d943e0b
14 changed files with 244 additions and 15 deletions
--- a/sys/boot/forth/loader.conf
+++ b/sys/boot/forth/loader.conf
@ -38,6 +38,17 @@ bitmap_name="splash.bmp"	# Set this to the name of the file
 bitmap_type="splash_image_data" # and place it on the module_path
 ##############################################################
 ###  Random number generator configuration ###################
 ##############################################################
 entropy_cache_load="NO"			# Set this to YES to load entropy at boot time
 entropy_cache_name="/boot/entropy"	# Set this to the name of the file
 entropy_cache_type="/boot/entropy"	
 #kern.random.sys.seeded="0"		# Set this to 1 to start /dev/random
 					# without waiting for a (re)seed.
 ##############################################################
 ###  Loader settings  ########################################
 ##############################################################
--- a/sys/conf/files
+++ b/sys/conf/files
@ -2051,6 +2051,7 @@ dev/random/randomdev.c		optional random
 dev/random/randomdev_soft.c	optional random
 dev/random/yarrow.c		optional random
 dev/random/hash.c		optional random
 dev/random/rwfile.c		optional random
 dev/rc/rc.c			optional rc
 dev/re/if_re.c			optional re
 dev/rndtest/rndtest.c		optional rndtest
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64
@ -259,6 +259,8 @@ dev/nvme/nvme_sysctl.c		optional	nvme
 dev/nvme/nvme_test.c		optional	nvme
 dev/nvme/nvme_util.c		optional	nvme
 dev/nvram/nvram.c		optional	nvram isa
 dev/random/ivy.c		optional	rdrand_rng
 dev/random/nehemiah.c		optional	padlock_rng
 dev/qlxge/qls_dbg.c		optional	qlxge pci
 dev/qlxge/qls_dump.c		optional	qlxge pci
 dev/qlxge/qls_hw.c		optional	qlxge pci
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386
@ -257,6 +257,8 @@ dev/nvme/nvme_test.c		optional nvme
 dev/nvme/nvme_util.c		optional nvme
 dev/nvram/nvram.c		optional nvram isa
 dev/pcf/pcf_isa.c		optional pcf
 dev/random/ivy.c		optional rdrand_rng
 dev/random/nehemiah.c		optional padlock_rng
 dev/sbni/if_sbni.c		optional sbni
 dev/sbni/if_sbni_isa.c		optional sbni isa
 dev/sbni/if_sbni_pci.c		optional sbni pci
--- a/sys/dev/random/ivy.c
+++ b/sys/dev/random/ivy.c
@ -57,6 +57,15 @@ struct random_hardware_source random_ivy = {
 	.read = random_ivy_read
 };
 #if 1
 static inline int
 ivy_rng_store(uint64_t *tmp)
 {
 	*tmp = 0xF001FACE;
 	return (sizeof(uint64_t));
 }
 #else
 static inline int
 ivy_rng_store(uint64_t *tmp)
 {
@ -82,6 +91,7 @@ ivy_rng_store(uint64_t *tmp)
 	return (0);
 #endif
 }
 #endif
 static int
 random_ivy_read(void *buf, int c)
@ -114,6 +124,10 @@ rdrand_modevent(module_t mod, int type, void *unused)
 	switch (type) {
 	case MOD_LOAD:
 #if 1
 		live_entropy_source_register(&random_ivy);
 		printf("%s: CRAP RDRAND is present\n", random_ivy.ident);
 #else
 		if (cpu_feature2 & CPUID2_RDRAND)
 			live_entropy_source_register(&random_ivy);
 		else
@ -122,6 +136,7 @@ rdrand_modevent(module_t mod, int type, void *unused)
 #endif
 				printf("%s: RDRAND is not present\n",
 				    random_ivy.ident);
 #endif
 		break;
 	case MOD_UNLOAD:
--- a/sys/dev/random/live_entropy_sources.c
+++ b/sys/dev/random/live_entropy_sources.c
@ -52,7 +52,11 @@ __FBSDID("$FreeBSD$");
 LIST_HEAD(les_head, live_entropy_sources);
 static struct les_head sources = LIST_HEAD_INITIALIZER(sources);
-#define LES_THRESHOLD 10
+/*
 * The harvest mutex protects the consistency of the entropy fifos and
 * empty fifo and other associated structures.
 */
 struct mtx	live_mtx;
 void
 live_entropy_source_register(struct random_hardware_source *rsource)
@ -64,27 +68,27 @@ live_entropy_source_register(struct random_hardware_source *rsource)
 	les = malloc(sizeof(struct live_entropy_sources), M_ENTROPY, M_WAITOK);
 	les->rsource = rsource;
-	mtx_lock_spin(&harvest_mtx);
+	mtx_lock(&live_mtx);
 	LIST_INSERT_HEAD(&sources, les, entries);
-	mtx_unlock_spin(&harvest_mtx);
+	mtx_unlock(&live_mtx);
 }
 void
 live_entropy_source_deregister(struct random_hardware_source *rsource)
 {
-	struct live_entropy_sources *les;
+	struct live_entropy_sources *les = NULL;
 	KASSERT(rsource != NULL, ("invalid input to %s", __func__));
-	mtx_lock_spin(&harvest_mtx);
+	mtx_lock(&live_mtx);
-	LIST_FOREACH(les, &sources, entries) {
+	LIST_FOREACH(les, &sources, entries)
 		if (les->rsource == rsource) {
 			LIST_REMOVE(les, entries);
 			free(les, M_ENTROPY);
 			break;
 		}
-	}
+	mtx_unlock(&live_mtx);
-	mtx_unlock_spin(&harvest_mtx);
+	if (les != NULL)
 		free(les, M_ENTROPY);
 }
 static int
@ -95,7 +99,7 @@ live_entropy_source_handler(SYSCTL_HANDLER_ARGS)
 	count = error = 0;
-	mtx_lock_spin(&harvest_mtx);
+	mtx_lock(&live_mtx);
 	if (LIST_EMPTY(&sources))
 		error = SYSCTL_OUT(req, "", 0);
@ -112,7 +116,7 @@ live_entropy_source_handler(SYSCTL_HANDLER_ARGS)
 		}
 	}
-	mtx_unlock_spin(&harvest_mtx);
+	mtx_unlock(&live_mtx);
 	return (error);
 }
@ -125,6 +129,8 @@ live_entropy_sources_init(void *unused)
 	    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
 	    NULL, 0, live_entropy_source_handler, "",
 	    "List of Active Live Entropy Sources");
 	mtx_init(&live_mtx, "live entropy source mutex", NULL, MTX_DEF);
 }
 /*
@ -135,7 +141,7 @@ live_entropy_sources_init(void *unused)
 *
 * BEWARE!!!
 * This function runs inside the RNG thread! Don't do anything silly!
- * The harvest_mtx mutex is held; you may count on that.
+ * Remember that we are NOT holding harvest_mtx on entry!
 */
 void
 live_entropy_sources_feed(int rounds, event_proc_f entropy_processor)
@ -145,6 +151,8 @@ live_entropy_sources_feed(int rounds, event_proc_f entropy_processor)
 	struct live_entropy_sources *les;
 	int i, n;
 	mtx_lock(&live_mtx);
 	/*
 	 * Walk over all of live entropy sources, and feed their output
 	 * to the system-wide RNG.
@ -168,15 +176,18 @@ live_entropy_sources_feed(int rounds, event_proc_f entropy_processor)
 			/* Do the actual entropy insertion */
 			entropy_processor(&event);
 		}
 	}
 	mtx_unlock(&live_mtx);
 }
 static void
 live_entropy_sources_deinit(void *unused)
 {
 	mtx_destroy(&live_mtx);
 }
 SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
--- a/sys/dev/random/live_entropy_sources.h
+++ b/sys/dev/random/live_entropy_sources.h
@ -40,6 +40,8 @@ struct live_entropy_sources {
 	struct random_hardware_source	*rsource;	/* associated random adaptor */
 };
 extern struct mtx live_mtx;
 void live_entropy_source_register(struct random_hardware_source *);
 void live_entropy_source_deregister(struct random_hardware_source *);
 void live_entropy_sources_feed(int, event_proc_f);
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@ -33,8 +33,10 @@ __FBSDID("$FreeBSD$");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 #include <sys/linker.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
@ -43,10 +45,13 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>
 #include <sys/unistd.h>
 #include <machine/cpu.h>
 #include <dev/random/randomdev.h>
 #include <dev/random/randomdev_soft.h>
 #include <dev/random/random_harvestq.h>
 #include <dev/random/live_entropy_sources.h>
 #include <dev/random/rwfile.h>
 #define RANDOM_FIFO_MAX	1024	/* How many events to queue up */
@ -73,6 +78,56 @@ int random_kthread_control = 0;
 static struct proc *random_kthread_proc;
 static const char *entropy_files[] = {
 	"/entropy",
 	"/var/db/entropy",
 	"/boot/entropy",	/* Yeah, Yeah. I know this is loaded by
 				 * loader(8), but not always, and it doesn't
 				 * hurt to do this again.
 				 */
 	NULL
 };
 /* Deal with entropy cached externally if this is present.
 */
 static void
 random_harvestq_cache(void *arg __unused)
 {
 	const char **entropy_file;
 	uint8_t *keyfile, *data;
 	size_t size, i;
 	int error;
 	/* Get stuff that may have been preloaded by loader(8) */
 	keyfile = preload_search_by_type("/boot/entropy");
 	if (keyfile != NULL) {
 		data = preload_fetch_addr(keyfile);
 		size = preload_fetch_size(keyfile);
 		if (data != NULL && size != 0) {
 			for (i = 0U; i < size; i += 16)
 				random_harvestq_internal(get_cyclecount(), data + i, 16, (16*8)/4, RANDOM_CACHED);
 			printf("random: read %zu bytes from preloaded cache\n", size);
 			bzero(data, size);
 		}
 		else
 			printf("random: no preloaded entropy cache available\n");
 	}
 	data = malloc(PAGE_SIZE, M_ENTROPY, M_WAITOK);
 	for (entropy_file = entropy_files; *entropy_file; entropy_file++) {
 		error = randomdev_read_file(*entropy_file, data);
 		if (error == 0) {
 			for (i = 0U; i < PAGE_SIZE; i += 16)
 				random_harvestq_internal(get_cyclecount(), data + i, 16, (16*8)/4, RANDOM_CACHED);
 			printf("random: read %d bytes from '%s'\n", PAGE_SIZE, *entropy_file);
 		}
 		else
 			printf("random: entropy cache '%s' not present or unreadable; error = %d\n", *entropy_file, error);
 	}
 	bzero(data, PAGE_SIZE);
 	free(data, M_ENTROPY);
 }
 EVENTHANDLER_DEFINE(multiuser, random_harvestq_cache, NULL, 0);
 static void
 random_kthread(void *arg)
 {
@ -118,7 +173,9 @@ random_kthread(void *arg)
 		 * Do only one round of the hardware sources for now.
 		 * Later we'll need to make it rate-adaptive.
 		 */
 		mtx_unlock_spin(&harvest_mtx);
 		live_entropy_sources_feed(1, entropy_processor);
 		mtx_lock_spin(&harvest_mtx);
 		/*
 		 * If a queue flush was commanded, it has now happened,
--- a/sys/dev/random/randomdev_soft.c
+++ b/sys/dev/random/randomdev_soft.c
@ -99,6 +99,8 @@ static struct random_adaptor random_context = {
 #define RANDOM_CSPRNG_NAME	"fortuna"
 #endif
 TUNABLE_INT("kern.random.sys.seeded", &random_context.seeded);
 /* List for the dynamic sysctls */
 static struct sysctl_ctx_list random_clist;
--- a/sys/dev/random/rwfile.c
+++ b/sys/dev/random/rwfile.c
@ -0,0 +1,91 @@
 /*-
 * Copyright (c) 2013 Mark R V Murray
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer
 *    in this position and unchanged.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/proc.h>
 #include <sys/namei.h>
 #include <sys/fcntl.h>
 #include <sys/vnode.h>
 #include <dev/random/rwfile.h>
 int
 randomdev_read_file(const char *filename, void *buf)
 {
 	struct nameidata nd;
 	struct thread* td = curthread;
 	int error;
 	ssize_t resid;
 	int flags;
 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, filename, td);
 	flags = FREAD;
 	error = vn_open(&nd, &flags, 0, NULL);
 	if (error == 0) {
 		NDFREE(&nd, NDF_ONLY_PNBUF);
 		if (nd.ni_vp->v_type != VREG)
 			error = ENOEXEC;
 		else
 			error = vn_rdwr(UIO_READ, nd.ni_vp, buf, PAGE_SIZE, 0, UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED, &resid, td);
 		VOP_UNLOCK(nd.ni_vp, 0);
 		vn_close(nd.ni_vp, FREAD, td->td_ucred, td);
 	}
 	return (error);
 }
 int
 randomdev_write_file(const char *filename, void *buf)
 {
 	struct nameidata nd;
 	struct thread* td = curthread;
 	int error;
 	ssize_t resid;
 	int flags;
 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, filename, td);
 	flags = FWRITE | O_CREAT | O_TRUNC;
 	error = vn_open(&nd, &flags, 0, NULL);
 	if (error == 0) {
 		NDFREE(&nd, NDF_ONLY_PNBUF);
 		if (nd.ni_vp->v_type != VREG)
 			error = ENOEXEC;
 		else
 			error = vn_rdwr(UIO_WRITE, nd.ni_vp, buf, PAGE_SIZE, 0, UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED, &resid, td);
 		VOP_UNLOCK(nd.ni_vp, 0);
 		vn_close(nd.ni_vp, FREAD, td->td_ucred, td);
 	}
 	return (error);
 }
--- a/sys/dev/random/rwfile.h
+++ b/sys/dev/random/rwfile.h
@ -0,0 +1,30 @@
 /*-
 * Copyright (c) 2013 Mark R V Murray
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer
 *    in this position and unchanged.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * $FreeBSD$
 */
 int randomdev_read_file(const char *filename, void *buf);
 int randomdev_write_file(const char *filename, void *buf);
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@ -847,6 +847,8 @@ kick_init(const void *udata __unused)
 {
 	struct thread *td;
 	EVENTHANDLER_INVOKE(multiuser);
 	td = FIRST_THREAD_IN_PROC(initproc);
 	thread_lock(td);
 	TD_SET_CAN_RUN(td);
--- a/sys/sys/eventhandler.h
+++ b/sys/sys/eventhandler.h
@ -192,6 +192,10 @@ EVENTHANDLER_DECLARE(vm_lowmem, vm_lowmem_handler_t);
 typedef void (*mountroot_handler_t)(void *);
 EVENTHANDLER_DECLARE(mountroot, mountroot_handler_t);
 /* Going multiuser (starting pid 1) event */
 typedef void (*multiuser_handler_t)(void *);
 EVENTHANDLER_DECLARE(multiuser, multiuser_handler_t);
 /* File system mount events */
 struct mount;
 struct vnode;
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@ -39,7 +39,7 @@ int read_random(void *, int);
 */
 enum esource {
 	RANDOM_START = 0,
-	RANDOM_WRITE = 0,
+	RANDOM_CACHED = 0,
 	RANDOM_KEYBOARD,
 	RANDOM_MOUSE,
 	RANDOM_NET_TUN,
@ -54,7 +54,6 @@ enum esource {
 	RANDOM_PURE_HIFN,
 	RANDOM_PURE_RDRAND,
 	RANDOM_PURE_NEHEMIAH,
 	RANDOM_PURE,
 	ENTROPYSOURCE
 };
 void random_harvest(void *, u_int, u_int, enum esource);