svn commit: r219672 - in head: share/man/man9 sys/i386/include

Maxim Dounin mdounin at mdounin.ru
Tue Mar 15 19:33:09 UTC 2011


Hello!

On Tue, Mar 15, 2011 at 05:14:26PM +0000, Jung-uk Kim wrote:

> Author: jkim
> Date: Tue Mar 15 17:14:26 2011
> New Revision: 219672
> URL: http://svn.freebsd.org/changeset/base/219672
> 
> Log:
>   Unconditionally use binuptime(9) for get_cyclecount(9) on i386.  Since this
>   function is almost exclusively used for random harvesting, there is no need
>   for micro-optimization.  Adjust the manual page accordingly.

Note that on early boot only dummy timecounter available, and 
binuptime() has no entropy.

As a result of this change random(9) won't have entropy on early 
boot on i386, and arc4random(9) as well.  While there are no known 
major security problems associated with it - it at least makes 
stack protector easily bypasseable as it now (again after r198295) 
uses well-known stack guard instead of random one.  And there may 
be other issues as well.

Hope you thought well before moving i386 to a set of platforms 
which have no early boot randomness at all.  And you have good 
reason for doing it.

Maxim Dounin

> 
> Modified:
>   head/share/man/man9/get_cyclecount.9
>   head/sys/i386/include/cpu.h
> 
> Modified: head/share/man/man9/get_cyclecount.9
> ==============================================================================
> --- head/share/man/man9/get_cyclecount.9	Tue Mar 15 16:50:17 2011	(r219671)
> +++ head/share/man/man9/get_cyclecount.9	Tue Mar 15 17:14:26 2011	(r219672)
> @@ -24,7 +24,7 @@
>  .\"
>  .\" $FreeBSD$
>  .\"
> -.Dd October 24, 2009
> +.Dd March 15, 2011
>  .Dt GET_CYCLECOUNT 9
>  .Os
>  .Sh NAME
> @@ -65,14 +65,14 @@ do not have such a register,
>  so
>  .Fn get_cyclecount
>  on these platforms
> -returns a (non-monotonic) combination of numbers
> +returns a (monotonic) combination of numbers
>  represented by the
>  structure returned by
>  .Xr binuptime 9 .
>  .Pp
>  The
> -.Tn Pentium
> -processors all use the
> +.Tn AMD64 and Intel 64
> +processors use the
>  .Li TSC
>  register.
>  .Pp
> 
> Modified: head/sys/i386/include/cpu.h
> ==============================================================================
> --- head/sys/i386/include/cpu.h	Tue Mar 15 16:50:17 2011	(r219671)
> +++ head/sys/i386/include/cpu.h	Tue Mar 15 17:14:26 2011	(r219672)
> @@ -70,15 +70,10 @@ void	swi_vm(void *);
>  static __inline uint64_t
>  get_cyclecount(void)
>  {
> -#if defined(I486_CPU) || defined(KLD_MODULE)
>  	struct bintime bt;
>  
> -	if (!tsc_present) {
> -		binuptime(&bt);
> -		return ((uint64_t)bt.sec << 56 | bt.frac >> 8);
> -	}
> -#endif
> -	return (rdtsc());
> +	binuptime(&bt);
> +	return ((uint64_t)bt.sec << 56 | bt.frac >> 8);
>  }
>  
>  #endif
> _______________________________________________
> svn-src-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"


More information about the svn-src-head mailing list