[Bug 262192] Crashes at boot with kern.random.initial_seeding.bypass_before_seeding=0 in randomdev_wait_until_seeded()

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 09 Mar 2022 21:35:21 UTC

--- Comment #10 from Olivier Certner <olivier.freebsd@free.fr> ---
(In reply to Conrad Meyer from comment #9)

Forgot to mention the example of domain init causing a call to arc4rand() I
stumbled upon: ip_init => ip_reass, which initializes some hash seed that
serves to hash fragments. I suspect the goal here is to make it hard for an
attacker to predict which frags end up in which bucket, so that it cannot
degrade the hash table's access performance without a more involved attack.
Probably this could be avoided by using another, more complex, data structure.
Maybe simply delaying this seed's init is possible.

> If you want to pursue it, identifying the stack(s) blocking on random and
> moving them after KICK_SCHEDULER would be a valuable contribution to FreeBSD.

I'll try to pursue that indeed, by recompiling a kernel with a deterministic
frag seed, and see what other calls to random exist. In the end, it might not
be possible to easily push calls to random after KICK_SCHEDULER without more
involved changes. We'll see.

Don't have much time now, but expect to have a lot in approx two months. Then,
the ability to boot without an entropy seed file should be one of my main
priorities. In the meantime, I'll report about experiments here.


You are receiving this mail because:
You are the assignee for the bug.