tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Patch: rework kernel random number subsystem (*nearly final*)
On Fri, Oct 21, 2011 at 05:15:55PM -0400, Thor Lancelot Simon wrote:
>
> I have placed a patch at http://www.panix.com/~tls/rnd1.diff which
> implements many changes to the generation and use of randomness
> in the kernel (I previously sent it to these lists directly but
> it seems to be too large).
>
> It is (most of) the first step in a three step process I envision for major
> overhaul of this subsystem:
>
> 1) Provide infrastructure needed to separate entropy
> harvesting from random stream generation. Clean up
> interfaces between existing kernel components that
> deal with random number generation and consumption.
There's a new patch at http://www.panix.com/~tls/rnd4.diff which
I intend to commit as soon as I find and fix one remaining bug. This
version of the patch adds some infrastructure the new random/urandom
pseudodevices will need and addresses several nasty race conditions
around rekeying by changing the rndpool mutex from IPL_SOFTCLOCK to
IPL_VM.
It also fixes several miscellaneous bugs (including a severe one in
rnd_add_data that has been around for a long time) and addresses KNF
issues in my previous patches. There are also a few performance tweaks.
The mutex change to IPL_VM should not have much performance impact as
it's never held during copy in/out and my next set of changes will
eliminate any direct access to the entropy pool (thus any taking of
the mutex) by the pseudodevices -- that is, from userspace consumers.
The bug which remains is this:
* With a LOCKDEBUG, RND_VERBOSE kernel, run the "arandom"
test program, which reads as much data with
sysctl kern.arandom as it can, in a tight loop.
* If you don't have a hardware RNG, you will see many rekeyings
of the arc4random generator. The entropy pool will drain, and
soon you will see "forced" rekeyings.
* While you run the test program, the system will be fine. If
you kill the test program and wait a minute or two, the system
will lock up hard.
Sources to the test programs are at http://www.panix.com/~tls/[au]random.c .
Heck if I know where it is; if anyone else sees it, I'd love to know.
Rekeying of the 'kern.urandom' generator (with a source change to force
that much more often) causes no such symptom so I assume it must be in
the libkern arc4random code somewhere.
Thor
Home |
Main Index |
Thread Index |
Old Index