Commit Graph

60 Commits

Author SHA1 Message Date
elad 08389c092e No need to break after return. 2007-01-05 16:38:13 +00:00
elad bcfa7b3cfb Use a single kauth(9) call. 2007-01-05 16:23:04 +00:00
elad d5ebb97b46 Consistent usage of KAUTH_GENERIC_ISSUSER. 2007-01-04 18:44:45 +00:00
christos 168cd830d2 __unused removal on arguments; approved by core. 2006-11-16 01:32:37 +00:00
christos 4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
jmcneill 96568ac6d5 Adjust comment for rnd_add_uint32() to reflect changes in rev 1.50. Fixes
PR# 34250 by Jorge Acereda Macia.
2006-09-23 01:13:08 +00:00
cube 295a511be4 Constification. 2006-09-20 05:21:37 +00:00
christos 93582079db add missing initializer 2006-09-03 05:02:21 +00:00
ad 3029ac48c7 - Use the LWP cached credentials where sane.
- Minor cosmetic changes.
2006-07-21 16:48:45 +00:00
elad 2867b68bc3 integrate kauth. 2006-05-14 21:42:26 +00:00
rpaulo 951a531e19 In rnd_add_uint32(), there's no need to check for rs == NULL since
that was already done by the caller, rnd_add_data().
2006-02-17 19:22:30 +00:00
christos 95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
christos 2c91ca8bd0 - add const
- avoid variable shadowing.
2005-05-29 22:18:25 +00:00
drochner 3759e5b9d8 Don't ENXIO on open("/dev/random") if there is not enough
entropy collected. It's undocumented, noone else does it and
it leads to "named" errors during boot for me.
Generally, consumers of "/dev/random" should be prepared to wait.
(The other uses of "rnd_have_entropy" look bogus to me too,
but this needs more consideration.)
2005-04-15 20:21:23 +00:00
perry f31bd063e9 nuke trailing whitespace 2005-02-27 00:26:58 +00:00
perry 18db93c7f6 de-__P 2005-02-04 02:10:35 +00:00
yamt 7acc501dd3 splvm should be enough to protect rnd sample queue and rnd_mempool
as you can't use rnd_add_uint32 safely with >IPL_VM anyway.
2004-11-29 13:33:37 +00:00
simonb b5d0e6bf06 Initialise (most) pools from a link set instead of explicit calls
to pool_init.  Untouched pools are ones that either in arch-specific
code, or aren't initialiased during initial system startup.

 Convert struct session, ucred and lockf to pools.
2004-04-25 16:42:40 +00:00
fvdl d5aece61d6 Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
2003-06-29 22:28:00 +00:00
darrenr 960df3c8d1 Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records.  The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
2003-06-28 14:20:43 +00:00
itojun ce084afabe use strlcpy 2003-05-16 15:34:25 +00:00
nakayama e3e4805068 Replace machine/rnd.h with more appropriate name to share it
with cycle counter based microtime in kern/kern_microtime.c.
2003-02-05 13:57:50 +00:00
christos 514f7047e4 si_ -> sel_ 2002-11-26 18:49:40 +00:00
thorpej dccc71f1fe Fix signed/unsigned comparison warnings. 2002-11-10 03:28:59 +00:00
jdolecek e0cc03a09b merge kqueue branch into -current
kqueue provides a stateful and efficient event notification framework
currently supported events include socket, file, directory, fifo,
pipe, tty and device changes, and monitoring of processes and signals

kqueue is supported by all writable filesystems in NetBSD tree
(with exception of Coda) and all device drivers supporting poll(2)

based on work done by Jonathan Lemon for FreeBSD
initial NetBSD port done by Luke Mewburn and Jason Thorpe
2002-10-23 09:10:23 +00:00
dan 86d2054739 Account for 1 bit of entropy for each timestamp added during
initialisation. This is just as silly as the other entropy
estimations, but it at least allows us to see how many values have
been added.

spl protect rnd_get_entropy_counter call properly

Make rndpool start out doing rotations on the first pass - make the
LSFR's be less sensitive to stuck bits in poor initial inputs.

Add considerable comments regarding the mixing function.
2002-10-09 14:48:58 +00:00
dan 8c19166361 Comment initialisation conditions for rnd better, and don't uselessly
call rnd_init - instead assert that it has already been called
earlier.

change assert() -> KASSERT()
2002-10-08 12:12:56 +00:00
dan 7c2a3f9044 mix in another counter when the psuedo-device attachment is called,
this actually happens *after* most of the sources have attached, so microtime
is as safe now as it was when they attached.
2002-10-08 09:59:27 +00:00
dan b03866d6f0 mix in another counter when called if not yet satisfied 2002-10-07 11:02:20 +00:00
dan 8c81fa7fa7 Add counter info at source attach time too, since there might be some
reasonable timing variance in the probing process.

Improve the usefulness and presentation of RND_VERBOSE output.
2002-10-07 09:41:51 +00:00
dan 55c11a958e cleaner and safer version of the previous, for arch's that may define
__HAVE_CPU_COUNTER but where not all machines actually have one.
2002-10-07 04:51:00 +00:00
dan 168dbd282b stir in something at initialisation 2002-10-07 02:38:41 +00:00
gehenna 77a6b82b27 Merge the gehenna-devsw branch into the trunk.
This merge changes the device switch tables from static array to
dynamically generated by config(8).

- All device switches is defined as a constant structure in device drivers.

- The new grammer ``device-major'' is introduced to ``files''.

	device-major <prefix> char <num> [block <num>] [<rules>]

- All device major numbers must be listed up in port dependent majors.<arch>
  by using this grammer.

- Added the new naming convention.
  The name of the device switch must be <prefix>_[bc]devsw for auto-generation
  of device switch tables.

- The backward compatibility of loading block/character device
  switch by LKM framework is broken. This is necessary to convert
  from block/character device major to device name in runtime and vice versa.

- The restriction to assign device major by LKM is completely removed.
  We don't need to reserve LKM entries for dynamic loading of device switch.

- In compile time, device major numbers list is packed into the kernel and
  the LKM framework will refer it to assign device major number dynamically.
2002-09-06 13:18:43 +00:00
lukem 06de426449 SIMPLEQ rototill:
- implement SIMPLEQ_REMOVE(head, elm, type, field).  whilst it's O(n),
  this mirrors the functionality of SLIST_REMOVE() (the other
  singly-linked list type) and FreeBSD's STAILQ_REMOVE()
- remove the unnecessary elm arg from SIMPLEQ_REMOVE_HEAD().
  this mirrors the functionality of SLIST_REMOVE_HEAD() (the other
  singly-linked list type) and FreeBSD's STAILQ_REMOVE_HEAD()
- remove notes about SIMPLEQ not supporting arbitrary element removal
- use SIMPLEQ_FOREACH() instead of home-grown for loops
- use SIMPLEQ_EMPTY() appropriately
- use SIMPLEQ_*() instead of accessing sqh_first,sqh_last,sqe_next directly
- reorder manual page; be consistent about how the types are listed
- other minor cleanups
2002-06-01 23:50:52 +00:00
thorpej a180cee23b Pool deals fairly well with physical memory shortage, but it doesn't
deal with shortages of the VM maps where the backing pages are mapped
(usually kmem_map).  Try to deal with this:

* Group all information about the backend allocator for a pool in a
  separate structure.  The pool references this structure, rather than
  the individual fields.
* Change the pool_init() API accordingly, and adjust all callers.
* Link all pools using the same backend allocator on a list.
* The backend allocator is responsible for waiting for physical memory
  to become available, but will still fail if it cannot callocate KVA
  space for the pages.  If this happens, carefully drain all pools using
  the same backend allocator, so that some KVA space can be freed.
* Change pool_reclaim() to indicate if it actually succeeded in freeing
  some pages, and use that information to make draining easier and more
  efficient.
* Get rid of PR_URGENT.  There was only one use of it, and it could be
  dealt with by the caller.

From art@openbsd.org.
2002-03-08 20:48:27 +00:00
lukem 2bbe2de647 add RCSIDs 2001-11-13 05:32:49 +00:00
enami bab65a8da3 Mix random data directly into the pool and increase entropy instead of
estimating entropy with polling based timing.
2001-09-09 00:48:54 +00:00
enami a1eef7d6a4 Cosmetic changes. 2001-09-09 00:32:52 +00:00
thorpej c8b4ac1b17 bcopy -> memcpy
bzero -> memset
2001-07-07 17:04:01 +00:00
sommerfeld 06f1d399e2 Take just the low-order 32 bits of cpu_counter() here. 2000-07-02 21:04:33 +00:00
sommerfeld bbca3924cd Replace "timestamp" with "counter" in previous change, to avoid any
possible confusion that it has anything to do with accurate
measurement of time.

New names:
	__HAVE_CPU_COUNTER
	cpu_counter()
	cpu_hascounter()
2000-06-06 01:33:15 +00:00
sommerfeld 7497ddcce5 /dev/random code cleanups:
- Add comments about which spls apply to which data structures.
 - Consistently protect the rnd_samples queue (the queue of
unprocessed samples) at splhigh().
 - allow MD code to supply cpu_timestamp() and cpu_havetimestamp() for
an optional higher-resolution clock/roulette wheel source.
 - Collect more statistics on the pool state (keeping track of where
collected bits are going, in addition to where they came from).
 - Add RNDGETPOOLSTAT ioctl to get the additional stats.
 - Flush a few unused rndpool calls.
 - XXX XXX Cryptographic changes:
  - 32-bit rotate is:
	((val << rp->rotate) | (val >> (32 - rp->rotate))),
    not
	(val << rp->rotate) | (val >> rp->rotate)
    or
	((val << rp->rotate) | (val >> (31 - rp->rotate)))
  - Avoid overloading of rp->rotate and double-rotation of data
(which limited pool mixing somewhat; "rotate" never got above 7).
  - Be more paranoid (but probably not paranoid enough) about mixing
output back into the pool.  This is an improvement, but it needs
revisiting soon.

We should follow the spirit of some of the recommendations in
the Schneier PRNG papers:

http://www.counterpane.com/yarrow-notes.html
http://www.counterpane.com/pseudorandom_number.html

including:
 - two (or more) stage operation for better isolation between inputs
and outputs.
 - use of keyed one-way functions (probably better even than
invertible keyed functions like 3DES) at key points in the data flow,
so that breaking the PRNG is clearly as hard as breaking the function.
2000-06-05 23:42:34 +00:00
thorpej 1cff94b896 Add missing field in static initialization. 2000-05-19 04:03:33 +00:00
thorpej fc96443d15 New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
  resource allocation.
- Insertion and removal of callouts is constant time, important as
  this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.
2000-03-23 07:01:25 +00:00
pk 3fffa45b75 Guard global `rnd_mempool' against interrupts.
Use appropriate flags in pool_get().
1999-06-12 10:58:47 +00:00
explorer 3f80ba486e don't allow /dev/random to be opened (return ENXIO) until there is at least
one active entropy source
1999-04-01 19:07:40 +00:00
explorer c1ab1c57fb don't collect or estimate on network devices by default 1999-02-28 19:01:30 +00:00
explorer 6b24c4b0fd Cleanup (in preparation for using gzip to estimate entropy)
(1) remove unused and probably bad (from an API POV) ioctls,
(2) split tyfl into type and flags,
(3) collect an array of samples, and add them all at once.  Soon, this
    will be using gzip to estimate the entropy, but for now the original
    estimation methods are still used.
(4) kill rnd_add_data() -- it compliated the API for little benefit
1999-02-28 17:18:42 +00:00
mrg 59a6c3d4e7 KNF anality. 1999-01-27 10:41:00 +00:00
explorer 6036d56ba6 Move RND_ENTROPY_THRESHOLD to sys/rnd.h. Use sha1 rather than md5, and
release the first 96 bits of the hash directly rather than by folding.
The full 160 bit hash is mixed back into the entropy pool.  This keeps
64 bits secret to stir the pool with.
1998-05-27 00:59:14 +00:00