svn commit: r238118 - head/lib/libc/gen
Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Jul 5 21:41:20 UTC 2012
On Thu, Jul 05, 2012 at 07:49:42AM -0400, John Baldwin wrote:
> On Wednesday, July 04, 2012 4:45:54 pm Attilio Rao wrote:
> > 2012/7/4 David Chisnall <theraven at freebsd.org>:
> > > On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> > >
> > >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old
> way
> > >> initialization) always exists.
> > >
> > > From the perspective of Capsicum sandboxes, a device node is better than a
> sysctl. The kernel must hard-code policy about which sysctls are permitted,
> but access to file descriptors is decided on a per-sandbox basis and is
> configurable by the user. The same applies to jails, although it's slightly
> more effort to make device nodes appear inside a jail.
> >
> > Also don't understimate the locking factor here.
> > I recall that at some point /dev/random was introducing some
> > scalability penalty on php (maybe related to the suhosin patch) until
> > kib made shared lookups available on devfs. IIRC, sysctls are still
> > Giant locked.
>
> sysctls are not all Giant locked. KERN_ARND is marked MPSAFE, so it does not
> use Giant:
It doesn't really matter. Our in-kernel random generator has its own
giant lock, so is basically single threaded. Compare results of those
two on some SMP machine:
# dd if=/dev/random of=/dev/null bs=1m count=1024
# sh -c 'for i in `jot $(sysctl -n hw.ncpu)`; do dd if=/dev/random of=/dev/null bs=1m count=128 & done'
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20120705/e1806ea5/attachment.pgp
More information about the svn-src-head
mailing list