Still being discussed in tech-userlevel. If we wait any longer someone
is going to try the excuse that the discussion is entirely pointless, since
removing symbols is too hard.
If we don't trust a source, it's unreasonable to trust any entropy it
previously provided, and we don't have any way to undo only the
effects of that source, so just zero our estimate of the entropy in
the pool and start over.
(However, keep the samples already in the pool -- just treat them as
though they had zero entropy and start gathering more.)
No functional change intended, except that the symbol that was
previously `uvm_swap_encryption' is now `uvm_swap_encrypt', backing
the sysctl knob `vm.swap_encrypt'.
There was a low-probability race with the entropy consolidation
logic: calls to entropy_extract at the same time as consolidation is
happening might witness partial contributions from the CPUs when
needed=256, say 64 bits at a time.
To avoid this, feed everything from the per-CPU pools into a
temporary pool, and then feed the temporary pool into the global pool
under the lock at the same time as we update needed.
Enabled by sysctl -w vm.swap_encrypt=1. Key is generated lazily when
we first need to swap a page. Key is chosen independently for each
swap device. The ith swap page is encrypted with AES256-CBC using
AES256_k(le32enc(i) || 0^96) as the initialization vector. Can be
changed at any time; no need for compatibility with on-disk formats.
Costs one bit of memory per page in each swapdev, plus a few hundred
bytes per swapdev to store the expanded AES key.
Shoulda done this decades ago! Plan to enable this by default;
performance impact is unlikely to matter because it only happens when
you're already swapping anyway. Much easier to set up than cgd, so
we can rip out all the documentation about carefully setting up
random-keyed cgd at the right time.
- Hide DCA and PQM, they cannot be used in guests.
- On Intel, explicitly handle each basic leaf until 0x16.
- On AMD, explicitly handle each basic leaf until 0x0D.
filter it correctly, to avoid inconsistencies if the host has SMT.
This fixes HaikuOS which fetches SMT information from there and would
panic because of the inconsistencies.
- Make the early i8254-based calculation of frequency a bit more accurate.
- Keep track of how far the HPET & TSC advance between HPET attach and
secondary CPU boot, and use to compute an accurate value before attaching
the timecounter. Initial idea from joerg@.
- When determining skew and drift between CPUs, make each measurement 1000
times and pick the lowest observed value. Increase the error threshold to
1000 clock cycles.
- Use the frequency computed on the boot CPU for secondary CPUs too.
- Remove cpu_counter_serializing().
