Operation zfs_znode.c::zfs_zget_cleaner() depends on this
zil_commit() as a barrier to guarantee the znode cannot
get freed before its log entries are resolved.
1. When consolidating entropy from per-CPU pools, drop the amount
pending to zero; otherwise the entropy consolidation thread might
keep consolidating every second.
This uncovered a feedback loop with kern.entropy.depletion=1 and
on-demand entropy sources, which is that depleting the pool and then
requesting more from it causes the on-demand entropy sources to
trigger reseed, which causes cprng_fast/strong to request more which
depletes the pool again which causes on-demand entropy sources to
trigger reseed, and so on.
To work around this:
2. Set a rate limit on reseeding (advancing the entropy epoch) when
kern.entropy.depletion=1; otherwise reseeding gets into a feedback
loop when there are on-demand entropy sources like RDRAND/RDSEED.
(By default, kern.entropy.depletion=0, so this mainly only affects
systems where you're simulating what happens when /dev/random blocks
for testing.)
xpmap_ptom_unmap() doens't need to be called at splvm; we own the pa.
Use atomic ops to change pmap_pa_end
Make sure the ptom/mtop are up to date before giving the pages back to the
pool.
- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
We try to avoid counting the seed file's entropy twice, e.g. once
from the boot loader and once from rndctl via /etc/rc.d/random_seed.
But previously, if you had a /var/db/entropy-file that was deemed to
have zero entropy, that would prevent rndctl -L from _ever_ setting a
nonzero entropy estimate, even if you (say) copy a seed file over
from another machine (over a non-eavesdroppable medium) and try to
load it in with rndctl -L, e.g. via `/etc/rc.d/random_seed start'.
Now we accept the first _nonzero_ entropy estimate from a seed file.
The operator can still always trick the kernel into believing there's
entropy in the system by writing data to /dev/random, if the operator
knows something the kernel doesn't; this only affects the _automated_
seed file loading.
would lead to a desynchronization of the protocol and further files or
directories to be ignored or corrupted.
Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
Posted to tech-userlevel@ a week ago and reviewed by riastradh@.
GETENTROPY(3) Library Functions Manual GETENTROPY(3)
NAME
getentropy - fill a buffer with high quality random data
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
getentropy(void *buf, size_t buflen);
DESCRIPTION
The getentropy() function fills a buffer with high quality random data,
suitable for seeding cryptographically secure psuedorandom number
generators.
getentropy() is only intended for seeding random number generators and is
not intended for use by regular code which simply needs secure random
data. For this purpose, please use arc4random(3).
The maximum value for buflen is 256 bytes.
IMPLEMENTATION NOTES
getentropy() reads from the sysctl(7) variable kern.arandom.
RETURN VALUES
The getentropy() function returns 0 on success, and -1 if an error
occurred.
ERRORS
getentropy() will succeed unless:
[EFAULT] The buf argument points to an invalid memory address.
[EIO] Too many bytes were requested.
SEE ALSO
arc4random(3), rnd(4)
STANDARDS
The getentropy() function is non-standard.
HISTORY
The getentropy() function first appeared in OpenBSD 5.6, then in
FreeBSD 12.0, and NetBSD 10.
struct passwd where pw_name is the numeric uid in parentheses. This was
already implemented for lastlog entries in revision 1.13.
If -n is specified more than once, also print the user numerically
(ie, uid instead of username) for lastlog entries. This was already
implemented for lastlogx entries in revision 1.13.
Reorder the lastlogx host name numeric condition so it better matches
the user name numeric condition.
On the hacky benchmarks I have, held over from the transition to 1:1
threading, this restores pthread_cond_signal() perf to radixtree/sleepq
levels, and semes much better than either with pthread_cond_broadcast() and
10 threads. It would be interesting to see what might be achieved with a
lockless lookup, which is within grasp now thanks to pid_table being used
for lookup.
cpu_intr_p() is broken on amiga, fix it.
From code inspection it looks like amiga and other m68k ports check for ASTs
with interrupts enabled in some cases, which is racy. Not fixed.
when relocating, to make sure the section we're accessing is mappable.
Currently this check fails, because of the Xen section, which has RELAs but
is an unmappable unallocated note.
Also improve the prekern ASSERTs while here.
wiz