From nobody Wed Jul 20 07:00:04 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LnmmP0Ynsz4XFgP; Wed, 20 Jul 2022 07:00:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LnmmN749Hz3wWQ; Wed, 20 Jul 2022 07:00:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658300405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qDULuysuf7EPGhxAKgM0cuFh+j9tOLe8dRERMoiDOxE=; b=Kc2vsrspQg9uBbO3JdBZFygQq5Ot39C+kFxxxlzNHmYV9JIdsdpQha9A6XV9Y05FX5epEQ XHUYp/vNoTV44Px3dLPNV5yqTak+wPf0cBV6D1rZBLyxDN3NB1F6mfiZA0ZakGBy42FEQm YU0MzYam/gNi38ggnckO+7pWxNQEvNh38tBu3Sps4mHi/troxF5zo6hB2qgmQa9oQhiT2O 8kJsm10y9zTLK1QCmf4FUy895NCVBqvanFTIiYDAOIhEImctlykblXOQI6a5g2lv/4knLp JL+FHoP+8vci+ga37qoKyUSwqV/CI4eO7zj9/aBbxlbUEU082eHuQT4DIdXiCw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LnmmN66Brzpnx; Wed, 20 Jul 2022 07:00:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26K704nE029446; Wed, 20 Jul 2022 07:00:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26K704Pt029443; Wed, 20 Jul 2022 07:00:04 GMT (envelope-from git) Date: Wed, 20 Jul 2022 07:00:04 GMT Message-Id: <202207200700.26K704Pt029443@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Colin Percival Subject: git: 0811ce572394 - main - random: Ingest extra fast entropy when !seeded List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0811ce572394707affe3ad6c17493585940d8ab3 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658300405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qDULuysuf7EPGhxAKgM0cuFh+j9tOLe8dRERMoiDOxE=; b=aYzzjnvHeQu7k3fo+C4geEOlv1VTvsNE3gzUl5XA9thODO8JE2Z7Uw3b2cty5tGz3aH+PJ 8yGlmw4+W9KPAq4teIhQZk/WiIRVKlpVNfRa04MDpiAWRcVqKSQlczJSzTUKZ+AwBgKMtH UX8kp2WMrIxpIXIS0VlgkOBZOGgZ4Sglczb4Hz19Dk3fb5xwuBv2k7l/yMbQOKoRtI/hhD TVCjHeHAQ27RdscWlrhCsZ4VCKkA76JZWv1eIDRMI5feTsZV3cEU2Y3W8pl+P/35cHV9kn 01xVHG49+X/E0lbX9rfCK3s5w4LqAqbkaz3peGoUIKAqUYdmMBA9fsub7mTfWQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658300405; a=rsa-sha256; cv=none; b=RfiVi23/k/xyl7I6hqbc9U7+zX7HFeUVOhojn3QxNRT4tu2oamCOdDkhULqByuh0QT0xBo suMzESaNCES0LbNCRThqTMjPDR8vKTMhuDpizTmXLPvfG1UzsvQtcQMnBaunS23mtbEskK 1p2q/xaYsbo286lBKQjLpqbU9l8Hu8bZ5CVsBMI/sP3Hi7itF4dGp6CAMnxKATNdVcYEVb t9h/jlWkQECMCdVHALL/6SGT8OyyzyMX7LgreIz65TTckxXcwqnXskOJr/pGxU4w/4Dfk5 L3+PtNc2qduKtighyFFoLNRSVYjY7hcnnoES43woVkpy++4Hk+g+X6lPcklfOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=0811ce572394707affe3ad6c17493585940d8ab3 commit 0811ce572394707affe3ad6c17493585940d8ab3 Author: Colin Percival AuthorDate: 2022-07-13 00:48:06 +0000 Commit: Colin Percival CommitDate: 2022-07-20 06:59:40 +0000 random: Ingest extra fast entropy when !seeded We periodically ingest entropy from pollable entropy sources, but only 8 bytes at a time and only occasionally enough to feed all of Fortuna's pools once per second. This can result in Fortuna remaining unseeded for a nontrivial amount of time when there is no entropy passed in from the boot loader, even if RDRAND is available to quickly provide a large amount of entropy. Detect in random_sources_feed if we are not yet seeded, and increase the amount of immediate entropy harvesting we perform, in order to "fill" Fortuna's entropy pools and avoid having random: randomdev_wait_until_seeded unblock wait stall the boot process when entropy is available. This speeds up the FreeBSD boot in the Firecracker VM by 2.3 seconds. Approved by: csprng (delphij) Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D35802 --- sys/dev/random/random_harvestq.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c index 1eeb46a22073..cea3f51893a8 100644 --- a/sys/dev/random/random_harvestq.c +++ b/sys/dev/random/random_harvestq.c @@ -254,6 +254,28 @@ random_sources_feed(void) */ npools = howmany(p_random_alg_context->ra_poolcount, RANDOM_KTHREAD_HZ); + /*- + * If we're not seeded yet, attempt to perform a "full seed", filling + * all of the PRNG's pools with entropy; if there is enough entropy + * available from "fast" entropy sources this will allow us to finish + * seeding and unblock the boot process immediately rather than being + * stuck for a few seconds with random_kthread gradually collecting a + * small chunk of entropy every 1 / RANDOM_KTHREAD_HZ seconds. + * + * The value 64 below is RANDOM_FORTUNA_DEFPOOLSIZE, i.e. chosen to + * fill Fortuna's pools in the default configuration. With another + * PRNG or smaller pools for Fortuna, we might collect more entropy + * than needed to fill the pools, but this is harmless; alternatively, + * a different PRNG, larger pools, or fast entropy sources which are + * not able to provide as much entropy as we request may result in the + * not being fully seeded (and thus remaining blocked) but in that + * case we will return here after 1 / RANDOM_KTHREAD_HZ seconds and + * try again for a large amount of entropy. + */ + if (!p_random_alg_context->ra_seeded()) + npools = howmany(p_random_alg_context->ra_poolcount * 64, + sizeof(entropy)); + /* * Step over all of live entropy sources, and feed their output * to the system-wide RNG.