> On 22 Jul 2015, at 22:42, Jeff Roberson <jrober...@jroberson.net> wrote:
> 
> On Tue, 30 Jun 2015, Mark Murray wrote:
> 
>> - Add harvesting of slab allocator events. This needs to be checked for
>>   weighing down the allocator code.
> 
> Neither filesystem operations nor allocations are random events.  They are 
> trivially influenced by user code.  A malicious attacker could create 
> repeated patterns of allocations or filesystem activity through the syscall 
> path to degrade your random sample source.

I’m not sure I accept that - Fortuna is very careful about using non-reversible 
hashing in it’s accumulation, and countering such degradation is one of the 
algorithm’s strong points. There is perhaps risk of *no* entropy, but even the 
per-event timing jitter will be providing this, if nothing else.

> Perhaps more importantly to me, this is an unacceptable performance burden 
> for the allocator.  At a minimum it should compile out by default.  Great 
> care has been taken to reduce the fast path of the allocator to the minimum 
> number of cycles and even cache misses.

As currently set up in etc/rc.d/* by default, there is a simple check at each 
UMA harvesting opportunity, and no further action. I asked Robert Watson if 
this was burdensome, and he said it was not.

I’m willing to discuss optimising this, and have plans for some 
micro-benchmarks.

M
-- 
Mark R V Murray

PS: Please trim mail when responding - was it necessary to send me back the 
whole commit message and diff?

_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to