Author: jhb
Date: Wed Feb 10 18:29:37 2016
New Revision: 295480
URL: https://svnweb.freebsd.org/changeset/base/295480
Log:
Adjust initialization of random(9) so it is usable earlier.
A few existing SYSINITs expect the in-kernel PRNG (random(9)) to be
useable at SI_SUB_RANDOM / SI_ORDER_ANY. However, the random(4) overhaul
merged for 10.0 performs all of its initialization at SI_SUB_DRIVERS
(since it is tied in with creating the /dev/random character device).
This has changed in HEAD where the random initialization is split such
that the in-kernel random(9) is initialized at SI_SUB_RANDOM and the
supporting bits for userland random(4) (such as /dev/random) are initialized
later.
However, the changes in HEAD are large and invasive. Instead, this change
is being directly committed to stable/10.
This change moves most of the random(9)/random(4) initialization to
SI_SUB_RANDOM with the exception that the creation of the harvesting kernel
process and the /dev/random character device are deferred to new
SYSINITs that run at SI_SUB_DRIVERS.
This fixes the "random device not loaded; using insecure entropy" message
output during boot on some systems.
PR: 205800
Reviewed by: markm, so@
Approved by: so
Approved by: re (gjb)
Tested by: Mark Saad <nones...@longcount.org>
Modified:
stable/10/sys/dev/random/live_entropy_sources.c
stable/10/sys/dev/random/live_entropy_sources.h
stable/10/sys/dev/random/random_adaptors.c
stable/10/sys/dev/random/random_adaptors.h
stable/10/sys/dev/random/random_harvestq.c
stable/10/sys/dev/random/randomdev.c
stable/10/sys/dev/random/randomdev_soft.c
Modified: stable/10/sys/dev/random/live_entropy_sources.c
==============================================================================
--- stable/10/sys/dev/random/live_entropy_sources.c Wed Feb 10 18:23:47
2016 (r295479)
+++ stable/10/sys/dev/random/live_entropy_sources.c Wed Feb 10 18:29:37
2016 (r295480)
@@ -189,7 +189,7 @@ live_entropy_sources_deinit(void *unused
sx_destroy(&les_lock);
}
-SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
+SYSINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST,
live_entropy_sources_init, NULL);
-SYSUNINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
+SYSUNINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST,
live_entropy_sources_deinit, NULL);
Modified: stable/10/sys/dev/random/live_entropy_sources.h
==============================================================================
--- stable/10/sys/dev/random/live_entropy_sources.h Wed Feb 10 18:23:47
2016 (r295479)
+++ stable/10/sys/dev/random/live_entropy_sources.h Wed Feb 10 18:29:37
2016 (r295480)
@@ -52,7 +52,7 @@ void live_entropy_sources_feed(int, even
modevent, \
0 \
}; \
- DECLARE_MODULE(name, name##_mod, SI_SUB_DRIVERS, \
+ DECLARE_MODULE(name, name##_mod, SI_SUB_RANDOM, \
SI_ORDER_SECOND); \
MODULE_VERSION(name, ver); \
MODULE_DEPEND(name, random, 1, 1, 1);
Modified: stable/10/sys/dev/random/random_adaptors.c
==============================================================================
--- stable/10/sys/dev/random/random_adaptors.c Wed Feb 10 18:23:47 2016
(r295479)
+++ stable/10/sys/dev/random/random_adaptors.c Wed Feb 10 18:29:37 2016
(r295480)
@@ -233,9 +233,9 @@ random_adaptors_init(void *unused)
SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Random Number Generator");
-SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST, random_adaptors_init,
+SYSINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST, random_adaptors_init,
NULL);
-SYSUNINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
+SYSUNINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST,
random_adaptors_deinit, NULL);
static void
Modified: stable/10/sys/dev/random/random_adaptors.h
==============================================================================
--- stable/10/sys/dev/random/random_adaptors.h Wed Feb 10 18:23:47 2016
(r295479)
+++ stable/10/sys/dev/random/random_adaptors.h Wed Feb 10 18:29:37 2016
(r295480)
@@ -47,7 +47,7 @@ extern struct random_adaptor *random_ada
/*
* random_adaptor's should be registered prior to
- * random module (SI_SUB_DRIVERS/SI_ORDER_MIDDLE)
+ * random module (SI_SUB_RANDOM/SI_ORDER_MIDDLE)
*/
#define RANDOM_ADAPTOR_MODULE(name, modevent, ver) \
static moduledata_t name##_mod = { \
@@ -55,7 +55,7 @@ extern struct random_adaptor *random_ada
modevent, \
0 \
}; \
- DECLARE_MODULE(name, name##_mod, SI_SUB_DRIVERS, \
+ DECLARE_MODULE(name, name##_mod, SI_SUB_RANDOM, \
SI_ORDER_SECOND); \
MODULE_VERSION(name, ver); \
MODULE_DEPEND(name, random, 1, 1, 1);
Modified: stable/10/sys/dev/random/random_harvestq.c
==============================================================================
--- stable/10/sys/dev/random/random_harvestq.c Wed Feb 10 18:23:47 2016
(r295479)
+++ stable/10/sys/dev/random/random_harvestq.c Wed Feb 10 18:29:37 2016
(r295480)
@@ -81,6 +81,8 @@ int random_kthread_control = 0;
static struct proc *random_kthread_proc;
+static event_proc_f random_cb;
+
#ifdef RANDOM_RWFILE
static const char *entropy_files[] = {
"/entropy",
@@ -219,7 +221,7 @@ random_kthread(void *arg)
void
random_harvestq_init(event_proc_f cb)
{
- int error, i;
+ int i;
struct harvest *np;
/* Initialise the harvest fifos */
@@ -238,13 +240,26 @@ random_harvestq_init(event_proc_f cb)
mtx_init(&harvest_mtx, "entropy harvest mutex", NULL, MTX_SPIN);
+ random_cb = cb;
+}
+
+static void
+random_harvestq_start_kproc(void *arg __unused)
+{
+ int error;
+
+ if (random_cb == NULL)
+ return;
+
/* Start the hash/reseed thread */
- error = kproc_create(random_kthread, cb,
+ error = kproc_create(random_kthread, random_cb,
&random_kthread_proc, RFHIGHPID, 0, "rand_harvestq"); /*
RANDOM_CSPRNG_NAME */
if (error != 0)
panic("Cannot create entropy maintenance thread.");
}
+SYSINIT(random_kthread, SI_SUB_DRIVERS, SI_ORDER_ANY,
+ random_harvestq_start_kproc, NULL);
void
random_harvestq_deinit(void)
@@ -265,6 +280,17 @@ random_harvestq_deinit(void)
}
harvestfifo.count = 0;
+ /*
+ * Command the hash/reseed thread to end and wait for it to finish
+ */
+ mtx_lock_spin(&harvest_mtx);
+ if (random_kthread_proc != NULL) {
+ random_kthread_control = -1;
+ msleep_spin((void *)&random_kthread_control, &harvest_mtx,
+ "term", 0);
+ }
+ mtx_unlock_spin(&harvest_mtx);
+
mtx_destroy(&harvest_mtx);
}
Modified: stable/10/sys/dev/random/randomdev.c
==============================================================================
--- stable/10/sys/dev/random/randomdev.c Wed Feb 10 18:23:47 2016
(r295479)
+++ stable/10/sys/dev/random/randomdev.c Wed Feb 10 18:29:37 2016
(r295480)
@@ -175,15 +175,24 @@ random_initialize(void *p, struct random
printf("random: <%s> initialized\n", s->ident);
+ /* mark random(4) as initialized, to avoid being called again */
+ random_inited = 1;
+}
+
+static void
+random_makedev(void *arg __unused)
+{
+
+ if (random_adaptor == NULL)
+ return;
+
/* Use an appropriately evil mode for those who are concerned
* with daemons */
random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw,
RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random");
make_dev_alias(random_dev, "urandom"); /* compatibility */
-
- /* mark random(4) as initialized, to avoid being called again */
- random_inited = 1;
}
+SYSINIT(random_makedev, SI_SUB_DRIVERS, SI_ORDER_ANY, random_makedev, NULL);
/* ARGSUSED */
static int
@@ -229,5 +238,11 @@ random_modevent(module_t mod __unused, i
return (error);
}
-DEV_MODULE(random, random_modevent, NULL);
+static moduledata_t random_mod = {
+ "random",
+ random_modevent,
+ NULL
+};
+
+DECLARE_MODULE(random, random_mod, SI_SUB_RANDOM, SI_ORDER_MIDDLE);
MODULE_VERSION(random, 1);
Modified: stable/10/sys/dev/random/randomdev_soft.c
==============================================================================
--- stable/10/sys/dev/random/randomdev_soft.c Wed Feb 10 18:23:47 2016
(r295479)
+++ stable/10/sys/dev/random/randomdev_soft.c Wed Feb 10 18:29:37 2016
(r295480)
@@ -182,12 +182,6 @@ randomdev_deinit(void)
/* Deregister the randomness harvesting routine */
randomdev_deinit_harvester();
- /*
- * Command the hash/reseed thread to end and wait for it to finish
- */
- random_kthread_control = -1;
- tsleep((void *)&random_kthread_control, 0, "term", 0);
-
#if defined(RANDOM_YARROW)
random_yarrow_deinit_alg();
#endif
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
