Collecting entropy from device_attach() times.
Dag-Erling Smørgrav
des at des.no
Wed Sep 26 16:54:16 UTC 2012
Dag-Erling Smørgrav <des at des.no> writes:
> If you give me a couple of days, I'll try to come up with a patch that
> collects and stores attach times during boot so we can gather and
> analyse real data.
Here's the patch, as a superset of Pawel's. The output looks like this:
des at crashbox ~% sysctl -b hw.attachtimes| hexdump -C
00000000 72 61 6d 30 00 00 00 00 00 00 00 00 00 00 00 00 |ram0............|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 01 24 53 |..............$S|
00000020 63 70 75 30 00 00 00 00 00 00 00 00 00 00 00 00 |cpu0............|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 01 4d 6c cb |.............Ml.|
00000040 63 70 75 31 00 00 00 00 00 00 00 00 00 00 00 00 |cpu1............|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 01 4d da b6 |.............M..|
00000060 61 74 74 69 6d 65 72 30 00 00 00 00 00 00 00 00 |attimer0........|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 04 59 70 8f |.............Yp.|
[...]
where the first 24 bytes of each record contain the device name
(dev->nameunit) and the last eight bytes contain d(cyclecount) for
device_attach() as a big-endian uint64_t.
DES
--
Dag-Erling Smørgrav - des at des.no
Index: sys/dev/random/randomdev_soft.c
===================================================================
--- sys/dev/random/randomdev_soft.c (revision 240914)
+++ sys/dev/random/randomdev_soft.c (working copy)
@@ -303,7 +303,7 @@
KASSERT(origin == RANDOM_START || origin == RANDOM_WRITE ||
origin == RANDOM_KEYBOARD || origin == RANDOM_MOUSE ||
origin == RANDOM_NET || origin == RANDOM_INTERRUPT ||
- origin == RANDOM_PURE,
+ origin == RANDOM_PURE || origin == RANDOM_DEVICE,
("random_harvest_internal: origin %d invalid\n", origin));
/* Lockless read to avoid lock operations if fifo is full. */
Index: sys/sys/random.h
===================================================================
--- sys/sys/random.h (revision 240914)
+++ sys/sys/random.h (working copy)
@@ -45,6 +45,7 @@
RANDOM_NET,
RANDOM_INTERRUPT,
RANDOM_PURE,
+ RANDOM_DEVICE,
ENTROPYSOURCE
};
void random_harvest(void *, u_int, u_int, u_int, enum esource);
Index: sys/kern/subr_bus.c
===================================================================
--- sys/kern/subr_bus.c (revision 240914)
+++ sys/kern/subr_bus.c (working copy)
@@ -31,6 +31,7 @@
#include <sys/param.h>
#include <sys/conf.h>
+#include <sys/endian.h>
#include <sys/filio.h>
#include <sys/lock.h>
#include <sys/kernel.h>
@@ -44,6 +45,7 @@
#include <sys/condvar.h>
#include <sys/queue.h>
#include <machine/bus.h>
+#include <sys/random.h>
#include <sys/rman.h>
#include <sys/selinfo.h>
#include <sys/signalvar.h>
@@ -53,6 +55,7 @@
#include <sys/bus.h>
#include <sys/interrupt.h>
+#include <machine/cpu.h>
#include <machine/stdarg.h>
#include <vm/uma.h>
@@ -60,6 +63,16 @@
SYSCTL_NODE(_hw, OID_AUTO, bus, CTLFLAG_RW, NULL, NULL);
SYSCTL_NODE(, OID_AUTO, dev, CTLFLAG_RW, NULL, NULL);
+#define MAXNATTACHTIMES 128
+static struct attachtime {
+ char name[24];
+ uint64_t delta;
+} attachtimes[MAXNATTACHTIMES];
+static int nattachtimes;
+SYSCTL_OPAQUE(_hw, OID_AUTO, attachtimes, CTLFLAG_RD,
+ &attachtimes, sizeof(attachtimes), "S,attachtimes",
+ "time spent in device_attach()");
+
/*
* Used to attach drivers to devclasses.
*/
@@ -2760,8 +2773,10 @@
int
device_attach(device_t dev)
{
+ uint64_t attachtime;
int error;
+ attachtime = get_cyclecount();
device_sysctl_init(dev);
if (!device_is_quiet(dev))
device_print_child(dev->parent, dev);
@@ -2784,6 +2799,15 @@
dev->state = DS_ATTACHED;
dev->flags &= ~DF_DONENOMATCH;
devadded(dev);
+ attachtime = get_cyclecount() - attachtime;
+ if (nattachtimes < MAXNATTACHTIMES) {
+ strlcpy(attachtimes[nattachtimes].name, dev->nameunit,
+ sizeof(attachtimes[nattachtimes]));
+ attachtimes[nattachtimes].delta = htobe64(attachtime);
+ ++nattachtimes;
+ }
+ random_harvest(&attachtime, sizeof(attachtime), 4, 0, RANDOM_DEVICE);
+
return (0);
}
More information about the freebsd-security
mailing list