Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Print `entropy: ready' only when we first have full...
details: https://anonhg.NetBSD.org/src/rev/1207476512ce
branches: trunk
changeset: 1009923:1207476512ce
user: riastradh <riastradh%NetBSD.org@localhost>
date: Thu May 07 19:07:29 2020 +0000
description:
Print `entropy: ready' only when we first have full entropy.
Now that we consolidate entropy in rndctl -L and equivalent, not just
when the operator chooses, epoch != -1 no longer necessarily means
full entropy -- it just means `time to (re)seed, whether justified by
entropy accounting or by explicit consolidation'.
There is a bug on x86 systems with RDRAND/RDSEED that prevents this
message from appearing at all: it happens so early that consinit has
not run yet, so it just goes into oblivion. Need to fix that some
other way!
diffstat:
sys/kern/kern_entropy.c | 19 ++++++++++---------
1 files changed, 10 insertions(+), 9 deletions(-)
diffs (57 lines):
diff -r f0ce5513bff7 -r 1207476512ce sys/kern/kern_entropy.c
--- a/sys/kern/kern_entropy.c Thu May 07 19:05:51 2020 +0000
+++ b/sys/kern/kern_entropy.c Thu May 07 19:07:29 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_entropy.c,v 1.13 2020/05/07 19:05:51 riastradh Exp $ */
+/* $NetBSD: kern_entropy.c,v 1.14 2020/05/07 19:07:29 riastradh Exp $ */
/*-
* Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -75,7 +75,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.13 2020/05/07 19:05:51 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.14 2020/05/07 19:07:29 riastradh Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -172,7 +172,7 @@
} entropy_global __cacheline_aligned = {
/* Fields that must be initialized when the kernel is loaded. */
.needed = ENTROPY_CAPACITY*NBBY,
- .epoch = (unsigned)-1, /* -1 means not yet full entropy */
+ .epoch = (unsigned)-1, /* -1 means entropy never consolidated */
.sources = LIST_HEAD_INITIALIZER(entropy_global.sources),
.stage = ENTROPY_COLD,
};
@@ -596,10 +596,10 @@
* entropy_epoch()
*
* Returns the current entropy epoch. If this changes, you should
- * reseed. If -1, means the system has not yet reached full
- * entropy; never reverts back to -1 after full entropy has been
- * reached. Never zero, so you can always use zero as an
- * uninitialized sentinel value meaning `reseed ASAP'.
+ * reseed. If -1, means system entropy has not yet reached full
+ * entropy or been explicitly consolidated; never reverts back to
+ * -1. Never zero, so you can always use zero as an uninitialized
+ * sentinel value meaning `reseed ASAP'.
*
* Usage model:
*
@@ -1118,11 +1118,12 @@
* that we're ready so operators can compare it to the timing
* of other events.
*/
- if (E->epoch == (unsigned)-1)
+ if (__predict_false(!rnd_initial_entropy) && E->needed == 0) {
printf("entropy: ready\n");
+ rnd_initial_entropy = 1;
+ }
/* Set the epoch; roll over from UINTMAX-1 to 1. */
- rnd_initial_entropy = 1; /* XXX legacy */
if (__predict_true(!atomic_load_relaxed(&entropy_depletion)) ||
ratecheck(&lasttime, &interval)) {
epoch = E->epoch + 1;
Home |
Main Index |
Thread Index |
Old Index