4cefab8ea6
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are still not MPSAFE (or already are but aren’t properly marked). Use it in preparation for a general review of all nodes. This is non-functional change that adds annotations to SYSCTL_NODE and SYSCTL_PROC nodes using one of the soon-to-be-required flags. Mark all obvious cases as MPSAFE. All entries that haven't been marked as MPSAFE before are by default marked as NEEDGIANT Reviewed by: cem Approved by: csprng, kib (mentor, blanket) Differential Revision: https://reviews.freebsd.org/D23841
106 lines
4.5 KiB
C
106 lines
4.5 KiB
C
/*-
|
|
* Copyright (c) 2015 Mark R V Murray
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer
|
|
* in this position and unchanged.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/random.h>
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <dev/random/randomdev.h>
|
|
|
|
/* Set up the sysctl root node for the entropy device */
|
|
SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
|
|
"Cryptographically Secure Random Number Generator");
|
|
SYSCTL_NODE(_kern_random, OID_AUTO, initial_seeding,
|
|
CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
|
|
"Initial seeding control and information");
|
|
|
|
/*
|
|
* N.B., this is a dangerous default, but it matches the behavior prior to
|
|
* r346250 (and, say, OpenBSD -- although they get some guaranteed saved
|
|
* entropy from the prior boot because of their KARL system, on RW media).
|
|
*/
|
|
bool random_bypass_before_seeding = true;
|
|
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
|
|
bypass_before_seeding, CTLFLAG_RDTUN, &random_bypass_before_seeding,
|
|
0, "If set non-zero, bypass the random device in requests for random "
|
|
"data when the random device is not yet seeded. This is considered "
|
|
"dangerous. Ordinarily, the random device will block requests until "
|
|
"it is seeded by sufficient entropy.");
|
|
|
|
/*
|
|
* This is a read-only diagnostic that reports the combination of the former
|
|
* tunable and actual bypass. It is intended for programmatic inspection by
|
|
* userspace administrative utilities after boot.
|
|
*/
|
|
bool read_random_bypassed_before_seeding = false;
|
|
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
|
|
read_random_bypassed_before_seeding, CTLFLAG_RD,
|
|
&read_random_bypassed_before_seeding, 0, "If non-zero, the random device "
|
|
"was bypassed because the 'bypass_before_seeding' knob was enabled and a "
|
|
"request was submitted prior to initial seeding.");
|
|
|
|
/*
|
|
* This is a read-only diagnostic that reports the combination of the former
|
|
* tunable and actual bypass for arc4random initial seeding. It is intended
|
|
* for programmatic inspection by userspace administrative utilities after
|
|
* boot.
|
|
*/
|
|
bool arc4random_bypassed_before_seeding = false;
|
|
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
|
|
arc4random_bypassed_before_seeding, CTLFLAG_RD,
|
|
&arc4random_bypassed_before_seeding, 0, "If non-zero, the random device "
|
|
"was bypassed when initially seeding the kernel arc4random(9), because "
|
|
"the 'bypass_before_seeding' knob was enabled and a request was submitted "
|
|
"prior to initial seeding.");
|
|
|
|
/*
|
|
* This knob is for users who do not want additional warnings in their logs
|
|
* because they intend to handle bypass by inspecting the status of the
|
|
* diagnostic sysctls.
|
|
*/
|
|
bool random_bypass_disable_warnings = false;
|
|
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
|
|
disable_bypass_warnings, CTLFLAG_RDTUN,
|
|
&random_bypass_disable_warnings, 0, "If non-zero, do not log a warning "
|
|
"if the 'bypass_before_seeding' knob is enabled and a request is "
|
|
"submitted prior to initial seeding.");
|
|
|
|
MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures");
|
|
|
|
#if defined(RANDOM_LOADABLE)
|
|
const struct random_algorithm *p_random_alg_context;
|
|
void (*_read_random)(void *, u_int);
|
|
int (*_read_random_uio)(struct uio *, bool);
|
|
bool (*_is_random_seeded)(void);
|
|
#endif /* defined(RANDOM_LOADABLE) */
|