From nobody Thu Feb 03 16:05:23 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E21DC198F66F; Thu, 3 Feb 2022 16:05:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JqNmg64Jxz4Z5g; Thu, 3 Feb 2022 16:05:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643904323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h83ZrFV0YoVkm354PFF/rdqq4XJPtjWaj8CZmUOhmMQ=; b=JgUTkc81ZpYXzz0/j8KL2Rur2u458k+bhnmJvT6RTIWFjeiqenqzSb/tF+VZvwduW7lTT7 ZblyVmWm+9oh+jyHr+Anu2XylatIskCnTUxx/HZeRfX3bGC8cN+XMXfoK488rDSzTDBMu4 +vScxxosvGOr3o4tJ5gwUEP1MglEKNUUTLaGF+WeEq0f2TtvvKvhvZUy/1kJ8kYJLjTbUq iy4TSwYviVqRdOoGt6WPoRsWuiyB2IjY09/a8LosF9r9R24hAKLanJHKZUJeFVeMXOvEa0 pLzFM5RX1diFDJtajLSSLH1JimAgGIF4iRiK4XQQELWWbN/llhTvucWYcKZTdg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ABF5E1AE48; Thu, 3 Feb 2022 16:05:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 213G5N9q058406; Thu, 3 Feb 2022 16:05:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 213G5N18058405; Thu, 3 Feb 2022 16:05:23 GMT (envelope-from git) Date: Thu, 3 Feb 2022 16:05:23 GMT Message-Id: <202202031605.213G5N18058405@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 642701abc835 - main - kern: harvest entropy from callouts List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 642701abc8357d2e6512b324956cfbcd6f25b482 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643904323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h83ZrFV0YoVkm354PFF/rdqq4XJPtjWaj8CZmUOhmMQ=; b=IR6m7OSiP0pb29CSfdiq3RvQLPHLHBSUuaifKrinSJdKIA6c6d+UMMkxuMou4BsRerCnjM 3fETzEOyLkA3c9pxfSUmEG1p+GbQKgih58T0eIqpwRoJWFiYTWAu8IWW5ZKDa5bQZk39yH GknyCbmklifMUHiaWoeA7DGqhbRMv12+EBoTDZuJkV8oM+Cdfg5ZBoD6SDI/BA6k23nAGE 04CXCavaHxpMtNqKp0v/4OiOpKhKqRBOmOslk6bhqonBlmeIRPxG2gE/4HlElMlOluMzeJ hm6CLQwRMUDiiRNpf/R24eQqLhMKS9ZJJE1h3CyRgkH/BtUTzEYWM7iGFbpfTQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643904323; a=rsa-sha256; cv=none; b=ap1ntjYl0pSC6cGs0M1Pc+L6wB6mkp3GMe9NqqX1q+ithDv5SBSiL3KoqOHFBmYtDP9iT2 JlA6rqIcV/40ceNKjikTnqiaGILOkb/6b9vBaLPjJelXbw63FLTWO6HLUH5EnS/5XlLVAt /H1hJsI19+GB0a1czt2yFGmySulbQmMMlnFlZwKQlJDM5aVlZ65eE42EI3LTyn6gURCpUp UDnUfeg3daiUK8L5pfao0NyigYga6K/lYHrWSRunFXrXFFwM21M/g8sJzLYJiNW2SnLuL6 uzCbhl3IcEmf+PmNc3NvBViVnRvFG5h6LwHpM8UqeWVdHePhoUijzbsawsVoqw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=642701abc8357d2e6512b324956cfbcd6f25b482 commit 642701abc8357d2e6512b324956cfbcd6f25b482 Author: Kyle Evans AuthorDate: 2022-02-03 16:05:06 +0000 Commit: Kyle Evans CommitDate: 2022-02-03 16:05:06 +0000 kern: harvest entropy from callouts 74cf7cae4d22 ("softclock: Use dedicated ithreads for running callouts.") switched callouts away from the swi infrastructure. It turns out that this was a major source of entropy in early boot, which we've now lost. As a result, first boot on hardware without a 'fast' entropy source would block waiting for fortuna to be seeded with little hope of progressing without manual intervention. Let's resolve it by explicitly harvesting entropy in callout_process() if we've handled any callouts. cc/curthread/now seem to be reasonable sources of entropy, so use those. Discussed with: jhb (also proposed initial patch) Reported by: many Reviewed by: cem, markm (both csprng) Differential Revision: https://reviews.freebsd.org/D34150 --- sys/dev/random/fenestrasX/fx_pool.c | 3 +++ sys/dev/random/random_harvestq.c | 3 ++- sys/kern/kern_timeout.c | 11 +++++++++++ sys/sys/random.h | 3 ++- 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/sys/dev/random/fenestrasX/fx_pool.c b/sys/dev/random/fenestrasX/fx_pool.c index b6cc0dad349d..f2fc15874b67 100644 --- a/sys/dev/random/fenestrasX/fx_pool.c +++ b/sys/dev/random/fenestrasX/fx_pool.c @@ -164,6 +164,9 @@ static const struct fxrng_ent_char { [RANDOM_UMA] = { .entc_cls = &fxrng_lo_push, }, + [RANDOM_CALLOUT] = { + .entc_cls = &fxrng_lo_push, + }, [RANDOM_PURE_OCTEON] = { .entc_cls = &fxrng_hi_push, /* Could be made pull. */ }, diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c index 46c069126949..aae8ec9172d7 100644 --- a/sys/dev/random/random_harvestq.c +++ b/sys/dev/random/random_harvestq.c @@ -349,7 +349,8 @@ static const char *random_source_descr[ENTROPYSOURCE] = { [RANDOM_INTERRUPT] = "INTERRUPT", [RANDOM_SWI] = "SWI", [RANDOM_FS_ATIME] = "FS_ATIME", - [RANDOM_UMA] = "UMA", /* ENVIRONMENTAL_END */ + [RANDOM_UMA] = "UMA", + [RANDOM_CALLOUT] = "CALLOUT", /* ENVIRONMENTAL_END */ [RANDOM_PURE_OCTEON] = "PURE_OCTEON", /* PURE_START */ [RANDOM_PURE_SAFE] = "PURE_SAFE", [RANDOM_PURE_GLXSB] = "PURE_GLXSB", diff --git a/sys/kern/kern_timeout.c b/sys/kern/kern_timeout.c index d0fb19661fa4..bc7b50e5ff8f 100644 --- a/sys/kern/kern_timeout.c +++ b/sys/kern/kern_timeout.c @@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -430,6 +431,11 @@ callout_get_bucket(sbintime_t sbt) void callout_process(sbintime_t now) { + struct callout_entropy { + struct callout_cpu *cc; + struct thread *td; + sbintime_t now; + } entropy; struct callout *tmp, *tmpn; struct callout_cpu *cc; struct callout_list *sc; @@ -545,6 +551,11 @@ next: avg_lockcalls_dir += (lockcalls_dir * 1000 - avg_lockcalls_dir) >> 8; #endif if (!TAILQ_EMPTY(&cc->cc_expireq)) { + entropy.cc = cc; + entropy.td = curthread; + entropy.now = now; + random_harvest_queue(&entropy, sizeof(entropy), RANDOM_CALLOUT); + td = cc->cc_thread; if (TD_AWAITING_INTR(td)) { thread_lock_block_wait(td); diff --git a/sys/sys/random.h b/sys/sys/random.h index cfcf4b30e698..6f4f90c9de98 100644 --- a/sys/sys/random.h +++ b/sys/sys/random.h @@ -86,7 +86,8 @@ enum random_entropy_source { RANDOM_SWI, RANDOM_FS_ATIME, RANDOM_UMA, /* Special!! UMA/SLAB Allocator */ - RANDOM_ENVIRONMENTAL_END = RANDOM_UMA, + RANDOM_CALLOUT, + RANDOM_ENVIRONMENTAL_END = RANDOM_CALLOUT, /* Fast hardware random-number sources from here on. */ RANDOM_PURE_START, RANDOM_PURE_OCTEON = RANDOM_PURE_START,