vmgenid(4): Integrate as a random(4) source

The number is public and has no "entropy," but should be integrated quickly on VM rewind events to avoid duplicate sequences. Approved by: csprng(markm) Differential Revision: https://reviews.freebsd.org/D22946
2020-01-01 00:35:02 +00:00 · 2020-01-01 00:35:02 +00:00 · 767991d2be
commit 767991d2be
parent 80a1b8c5e3
4 changed files with 31 additions and 0 deletions
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@ -358,6 +358,13 @@ random_fortuna_process_event(struct harvest_event *event)
 	 * during accumulation/reseeding and reading/regating.
 	 */
 	pl = event->he_destination % RANDOM_FORTUNA_NPOOLS;
+	/*
+	 * If a VM generation ID changes (clone and play or VM rewind), we want
+	 * to incorporate that as soon as possible.  Override destingation pool
+	 * for immediate next use.
+	 */
+	if (event->he_source == RANDOM_PURE_VMGENID)
+		pl = 0;
 	/*
 	 * We ignore low entropy static/counter fields towards the end of the
 	 * he_event structure in order to increase measurable entropy when
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@ -354,6 +354,7 @@ static const char *random_source_descr[ENTROPYSOURCE] = {
 	[RANDOM_PURE_CCP] = "PURE_CCP",
 	[RANDOM_PURE_DARN] = "PURE_DARN",
 	[RANDOM_PURE_TPM] = "PURE_TPM",
+	[RANDOM_PURE_VMGENID] = "VMGENID",
 	/* "ENTROPYSOURCE" */
 };

--- a/sys/dev/vmgenc/vmgenc_acpi.c
+++ b/sys/dev/vmgenc/vmgenc_acpi.c
@ -52,12 +52,14 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/mutex.h>
+#include <sys/random.h>
 #include <sys/sysctl.h>
 #include <sys/systm.h>

 #include <contrib/dev/acpica/include/acpi.h>

 #include <dev/acpica/acpivar.h>
+#include <dev/random/random_harvestq.h>
 #include <dev/vmgenc/vmgenc_acpi.h>

 #ifndef	ACPI_NOTIFY_STATUS_CHANGED
@ -79,6 +81,20 @@ struct vmgenc_softc {
 	uint8_t		vmg_cache_guid[GUID_BYTES];
 };

+static void
+vmgenc_harvest_all(const void *p, size_t sz)
+{
+	size_t nbytes;
+
+	while (sz > 0) {
+		nbytes = MIN(sz,
+		    sizeof(((struct harvest_event *)0)->he_entropy));
+		random_harvest_direct(p, nbytes, RANDOM_PURE_VMGENID);
+		p = (const char *)p + nbytes;
+		sz -= nbytes;
+	}
+}
+
 static void
 vmgenc_status_changed(void *context)
 {
@ -97,6 +113,8 @@ vmgenc_status_changed(void *context)
 	/* Update cache. */
 	memcpy(sc->vmg_cache_guid, guid, GUID_BYTES);

+	vmgenc_harvest_all(sc->vmg_cache_guid, sizeof(sc->vmg_cache_guid));
+
 	EVENTHANDLER_INVOKE(acpi_vmgenc_event);
 	acpi_UserNotify("VMGenerationCounter", acpi_get_handle(dev), 0);
 }
@ -219,6 +237,9 @@ vmgenc_attach(device_t dev)
 	memcpy(sc->vmg_cache_guid, __DEVOLATILE(void *, sc->vmg_pguid),
 	    sizeof(sc->vmg_cache_guid));

+	random_harvest_register_source(RANDOM_PURE_VMGENID);
+	vmgenc_harvest_all(sc->vmg_cache_guid, sizeof(sc->vmg_cache_guid));
+
 	AcpiInstallNotifyHandler(h, ACPI_DEVICE_NOTIFY, vmgenc_notify, dev);
 	return (0);
 }
@ -238,3 +259,4 @@ static driver_t vmgenc_driver = {
 static devclass_t vmgenc_devclass;
 DRIVER_MODULE(vmgenc, acpi, vmgenc_driver, vmgenc_devclass, NULL, NULL);
 MODULE_DEPEND(vmgenc, acpi, 1, 1, 1);
+MODULE_DEPEND(vemgenc, random_harvestq, 1, 1, 1);
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@ -102,6 +102,7 @@ enum random_entropy_source {
 	RANDOM_PURE_CCP,
 	RANDOM_PURE_DARN,
 	RANDOM_PURE_TPM,
+	RANDOM_PURE_VMGENID,
 	ENTROPYSOURCE
 };
 _Static_assert(ENTROPYSOURCE <= 32,