git: c91dd7ea7cd7 - stable/12 - random(4): Don't complain noisily when an entropy source is slow

From: David E. O'Brien <obrien_at_FreeBSD.org>
Date: Mon, 21 Feb 2022 08:07:44 UTC
The branch stable/12 has been updated by obrien:

URL: https://cgit.FreeBSD.org/src/commit/?id=c91dd7ea7cd70b6b42693a3acb987173c63ec5bb

commit c91dd7ea7cd70b6b42693a3acb987173c63ec5bb
Author:     Conrad Meyer <cem@FreeBSD.org>
AuthorDate: 2019-05-08 14:54:32 +0000
Commit:     David E. O'Brien <obrien@FreeBSD.org>
CommitDate: 2022-02-21 05:56:42 +0000

    random(4): Don't complain noisily when an entropy source is slow
    
    Mjg@ reports that RDSEED (r347239) causes a lot of logspam from this printf,
    and I don't feel that it is especially useful (even ratelimited).  There are
    many other quality/quantity checks we're not performing on entropy sources;
    lack of high frequency availability does not disqualify a good entropy
    source.
    
    There is some discussion in the linked Differential about what logging might
    be appropriate and/or polling policy for slower TRNG sources.  Please feel
    free to chime in if you have opinions.
    
    (cherry picked from commit e01ada5c44c66db8e1f7ed2c1f5622a794a1c43b)
---
 sys/dev/random/random_harvestq.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c
index d98730d0054f..bb9ec5e4cea0 100644
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@@ -254,15 +254,19 @@ random_sources_feed(void)
 		for (i = 0; i < npools; i++) {
 			n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
 			KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned too much data (%u > %zu)", __func__, n, sizeof(entropy)));
-			/* It would appear that in some circumstances (e.g. virtualisation),
-			 * the underlying hardware entropy source might not always return
-			 * random numbers. Accept this but make a noise. If too much happens,
-			 * can that source be trusted?
+			/*
+			 * Sometimes the HW entropy source doesn't have anything
+			 * ready for us.  This isn't necessarily untrustworthy.
+			 * We don't perform any other verification of an entropy
+			 * source (i.e., length is allowed to be anywhere from 1
+			 * to sizeof(entropy), quality is unchecked, etc), so
+			 * don't balk verbosely at slow random sources either.
+			 * There are reports that RDSEED on x86 metal falls
+			 * behind the rate at which we query it, for example.
+			 * But it's still a better entropy source than RDRAND.
 			 */
-			if (n == 0) {
-				printf("%s: rs_read for hardware device '%s' returned no entropy.\n", __func__, rrs->rrs_source->rs_ident);
+			if (n == 0)
 				continue;
-			}
 			random_harvest_direct(entropy, n, rrs->rrs_source->rs_source);
 		}
 	}