random(4): Match enabled sources mask to build options

r287023 and r334450 added build option mechanisms to permanently disable spammy and/or low quality entropy sources. Follow-up those changes by updating the 'enabled' sources mask to match. When sources are compile-time disabled, represent them as disabled in the source mask, and prevent users from modifying that, like pure sources. (Modifying the mask bit would have no effect, but users might think it did if it was not prevented.) Mostly a cosmetic change. Reviewed by: markm Approved by: secteam (gordon) X-MFC-With: 334450 Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D17252
2018-10-27 15:09:35 +00:00 · 2018-10-27 15:09:35 +00:00 · 1d48df1cfe
commit 1d48df1cfe
parent f91c2df9e3
2 changed files with 22 additions and 6 deletions
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@ -64,6 +64,17 @@ __FBSDID("$FreeBSD$");
 #include <dev/random/randomdev.h>
 #include <dev/random/random_harvestq.h>

+#if defined(RANDOM_ENABLE_ETHER)
+#define _RANDOM_HARVEST_ETHER_OFF 0
+#else
+#define _RANDOM_HARVEST_ETHER_OFF (1u << RANDOM_NET_ETHER)
+#endif
+#if defined(RANDOM_ENABLE_UMA)
+#define _RANDOM_HARVEST_UMA_OFF 0
+#else
+#define _RANDOM_HARVEST_UMA_OFF (1u << RANDOM_UMA)
+#endif
+
 static void random_kthread(void);
 static void random_sources_feed(void);

@ -254,6 +265,10 @@ read_rate_increment(u_int chunk)
 static int
 random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
 {
+	static const u_int user_immutable_mask =
+	    (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START)) |
+	    _RANDOM_HARVEST_ETHER_OFF | _RANDOM_HARVEST_UMA_OFF;
+
 	int error;
 	u_int value, orig_value;

@ -268,8 +283,8 @@ random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
 	/*
 	 * Disallow userspace modification of pure entropy sources.
 	 */
-	hc_source_mask = (value & ~RANDOM_HARVEST_PURE_MASK) |
-	    (orig_value & RANDOM_HARVEST_PURE_MASK);
+	hc_source_mask = (value & ~user_immutable_mask) |
+	    (orig_value & user_immutable_mask);
 	return (0);
 }

@ -351,13 +366,17 @@ random_print_harvestmask_symbolic(SYSCTL_HANDLER_ARGS)
 static void
 random_harvestq_init(void *unused __unused)
 {
+	static const u_int almost_everything_mask =
+	    (((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1) &
+	    ~_RANDOM_HARVEST_ETHER_OFF & ~_RANDOM_HARVEST_UMA_OFF);
+
 	struct sysctl_oid *random_sys_o;

 	random_sys_o = SYSCTL_ADD_NODE(&random_clist,
 	    SYSCTL_STATIC_CHILDREN(_kern_random),
 	    OID_AUTO, "harvest", CTLFLAG_RW, 0,
 	    "Entropy Device Parameters");
-	hc_source_mask = RANDOM_HARVEST_EVERYTHING_MASK;
+	hc_source_mask = almost_everything_mask;
 	SYSCTL_ADD_PROC(&random_clist,
 	    SYSCTL_CHILDREN(random_sys_o),
 	    OID_AUTO, "mask", CTLTYPE_UINT | CTLFLAG_RW,
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@ -92,9 +92,6 @@ enum random_entropy_source {
 _Static_assert(ENTROPYSOURCE <= 32,
    "hardcoded assumption that values fit in a typical word-sized bitset");

-#define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1)
-#define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START))
-
 #define RANDOM_LEGACY_BOOT_ENTROPY_MODULE	"/boot/entropy"
 #define RANDOM_CACHED_BOOT_ENTROPY_MODULE	"boot_entropy_cache"
 #define	RANDOM_CACHED_SKIP_START	256