So, I'm not sure what to say here. I'm very surprised, quite confused, more than a little perturbed, and even somewhat angry. It's taken me quite some time to write this. Now temper this with knowing that I do know I'm running -current, not a release, and that I accept the challenges this might cause (thus see the patch below). Updating a system, even on -current, shouldn't cause what I can only describe as _intentional_ breakage, even for matters so important as system security and integrity, and especially not without clear mention UPDATING, and perhaps also with documented and referenced tools to assist in undoing said breakage. Updating a system, even on -current, shouldn't create a long-lived situation where the system documentation and the behaviour and actions of system commands is completely out of sync with the behaviour of the kernel, and in fact lies to the administrator about the abilities of the system. In any case, the following patch (and in particular the last hunk) fixes all my problems and complaints in this domain. It is fully tested, and it works A-OK with Xen in both domU and dom0 kernels. My systems once again have consistent documentation, and tools that don't lie, and are able to function as before w.r.t. matters related to /dev/random and getrandom(2). Now I'm not proposing this as the final solution -- I think there's some middle ground to be found, but at least this gets things back to working. --- sys/kern/kern_entropy.c.~1.30.~ 2021-03-07 17:23:05.000000000 -0800 +++ sys/kern/kern_entropy.c 2021-04-03 11:25:31.667067667 -0700 @@ -1306,7 +1306,7 @@ /* Wait for some entropy to come in and try again. */ KASSERT(E->stage >= ENTROPY_WARM); - printf("entropy: pid %d (%s) blocking due to lack of entropy\n", + printf("entropy: pid %d (%s) blocking due to lack of entropy\n", /* xxx uprintf() instead/also? */ curproc->p_pid, curproc->p_comm); if (ISSET(flags, ENTROPY_SIG)) { @@ -1577,6 +1577,16 @@ KASSERT(i == __arraycount(extra)); entropy_enter(extra, sizeof extra, 0); explicit_memset(extra, 0, sizeof extra); + + aprint_verbose("entropy: %s attached as an entropy source (", rs->name); + if (!(flags & RND_FLAG_NO_COLLECT)) { + printf("collecting"); + if (flags & RND_FLAG_NO_ESTIMATE) + printf(" without estimation"); + } + else + printf("off"); + printf(")\n"); } /* @@ -1610,6 +1620,8 @@ /* Free the per-CPU data. */ percpu_free(rs->state, sizeof(struct rndsource_cpu)); + + aprint_verbose("entropy: %s detached as an entropy source\n", rs->name); } /* @@ -1754,21 +1766,21 @@ rnd_add_uint32(struct krndsource *rs, uint32_t value) { - rnd_add_data(rs, &value, sizeof value, 0); + rnd_add_data(rs, &value, sizeof value, sizeof value * NBBY); } void _rnd_add_uint32(struct krndsource *rs, uint32_t value) { - rnd_add_data(rs, &value, sizeof value, 0); + rnd_add_data(rs, &value, sizeof value, sizeof value * NBBY); } void _rnd_add_uint64(struct krndsource *rs, uint64_t value) { - rnd_add_data(rs, &value, sizeof value, 0); + rnd_add_data(rs, &value, sizeof value, sizeof value * NBBY); } /* -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpOc0B2RZKnl.pgp
Description: OpenPGP Digital Signature