Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Print `entropy: ready' only when we first have full...



details:   https://anonhg.NetBSD.org/src/rev/1207476512ce
branches:  trunk
changeset: 1009923:1207476512ce
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Thu May 07 19:07:29 2020 +0000

description:
Print `entropy: ready' only when we first have full entropy.

Now that we consolidate entropy in rndctl -L and equivalent, not just
when the operator chooses, epoch != -1 no longer necessarily means
full entropy -- it just means `time to (re)seed, whether justified by
entropy accounting or by explicit consolidation'.

There is a bug on x86 systems with RDRAND/RDSEED that prevents this
message from appearing at all: it happens so early that consinit has
not run yet, so it just goes into oblivion.  Need to fix that some
other way!

diffstat:

 sys/kern/kern_entropy.c |  19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diffs (57 lines):

diff -r f0ce5513bff7 -r 1207476512ce sys/kern/kern_entropy.c
--- a/sys/kern/kern_entropy.c   Thu May 07 19:05:51 2020 +0000
+++ b/sys/kern/kern_entropy.c   Thu May 07 19:07:29 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_entropy.c,v 1.13 2020/05/07 19:05:51 riastradh Exp $      */
+/*     $NetBSD: kern_entropy.c,v 1.14 2020/05/07 19:07:29 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -75,7 +75,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.13 2020/05/07 19:05:51 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.14 2020/05/07 19:07:29 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -172,7 +172,7 @@
 } entropy_global __cacheline_aligned = {
        /* Fields that must be initialized when the kernel is loaded.  */
        .needed = ENTROPY_CAPACITY*NBBY,
-       .epoch = (unsigned)-1,  /* -1 means not yet full entropy */
+       .epoch = (unsigned)-1,  /* -1 means entropy never consolidated */
        .sources = LIST_HEAD_INITIALIZER(entropy_global.sources),
        .stage = ENTROPY_COLD,
 };
@@ -596,10 +596,10 @@
  * entropy_epoch()
  *
  *     Returns the current entropy epoch.  If this changes, you should
- *     reseed.  If -1, means the system has not yet reached full
- *     entropy; never reverts back to -1 after full entropy has been
- *     reached.  Never zero, so you can always use zero as an
- *     uninitialized sentinel value meaning `reseed ASAP'.
+ *     reseed.  If -1, means system entropy has not yet reached full
+ *     entropy or been explicitly consolidated; never reverts back to
+ *     -1.  Never zero, so you can always use zero as an uninitialized
+ *     sentinel value meaning `reseed ASAP'.
  *
  *     Usage model:
  *
@@ -1118,11 +1118,12 @@
         * that we're ready so operators can compare it to the timing
         * of other events.
         */
-       if (E->epoch == (unsigned)-1)
+       if (__predict_false(!rnd_initial_entropy) && E->needed == 0) {
                printf("entropy: ready\n");
+               rnd_initial_entropy = 1;
+       }
 
        /* Set the epoch; roll over from UINTMAX-1 to 1.  */
-       rnd_initial_entropy = 1; /* XXX legacy */
        if (__predict_true(!atomic_load_relaxed(&entropy_depletion)) ||
            ratecheck(&lasttime, &interval)) {
                epoch = E->epoch + 1;



Home | Main Index | Thread Index | Old Index