CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	cem <cem@FreeBSD.org>
	Thu, 18 Apr 2019 20:48:54 +0000 (20:48 +0000)
committer	cem <cem@FreeBSD.org>
	Thu, 18 Apr 2019 20:48:54 +0000 (20:48 +0000)
commit	4c79b5f69c39e90909ac864f6945ddc6bb985b34
tree	7e46162167ecb901ed19723832fccc946f4586b1	tree \| snapshot
parent	d9340a46aab3f2ea8bce23e3bcc67edf894cffa0	commit \| diff

random(4): Restore availability tradeoff prior to r346250

As discussed in that commit message, it is a dangerous default.  But the
safe default causes enough pain on a variety of platforms that for now,
restore the prior default.

Some of this is self-induced pain we should/could do better about; for
example, programmatic CI systems and VM managers should introduce entropy
from the host for individual VM instances.  This is considered a future work
item.

On modern x86 and Power9 systems, this may be wholly unnecessary after
D19928 lands (even in the non-ideal case where early /boot/entropy is
unavailable), because they have fast hardware random sources available early
in boot.  But D19928 is not yet landed and we have a host of architectures
which do not provide fast random sources.

This change adds several tunables and diagnostic sysctls, documented
thoroughly in UPDATING and sys/dev/random/random_infra.c.

PR: 230875 (reopens)
Reported by: adrian, jhb, imp, and probably others
Reviewed by: delphij, imp (earlier version), markm (earlier version)
Discussed with: adrian
Approved by: secteam(delphij)
Relnotes: yeah
Security: related
Differential Revision: https://reviews.freebsd.org/D19944

UPDATING		diff \| blob \| history
sys/dev/random/random_infra.c		diff \| blob \| history
sys/dev/random/randomdev.c		diff \| blob \| history
sys/dev/random/randomdev.h		diff \| blob \| history
sys/libkern/arc4random.c		diff \| blob \| history
sys/mips/conf/PB92		diff \| blob \| history
sys/sys/param.h		diff \| blob \| history