看板FB_security
标 题Re: Collecting entropy from device_attach() times.
发信站NCTU CS FreeBSD Server (Fri Sep 21 15:35:49 2012)
转信站ptt!csnews.cs.nctu!news.cs.nctu!FreeBSD.cs.nctu!freebsd.org!owner-free
--7mxbaLlpDEyR1+x6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Sep 19, 2012 at 03:34:59PM -0700, David O'Brien wrote:
> On Tue, Sep 18, 2012 at 11:14:22PM +0200, Pawel Jakub Dawidek wrote:
> > I experimented a bit with collecting entropy from the time it takes for
> > device_attach() to run (in CPU cycles). It seems that those times have
> > enough variation that we can use it for entropy harvesting. It happens
> > even before root is mounted, so pretty early.
>=20
> I like it. Microsoft harvests from something like 900 events/things.
> The more good things like this we find improves our security.
>=20
> > The patch is here:
> > http://people.freebsd.org/~pjd/patches/harvest_device_attach.patch
> > Comments?
>=20
> Embelishments:
Note that adding sysctl to turn off entropy harvesting from
device_attach() is pretty useless, as sysctls can be changed once we
start userland and then all device_attach() are already called (modulo
drivers loaded later). What I'd like to see is for all those sysctls to
have corresponding tunables, then it would make more sense.
> Index: sys/dev/random/randomdev_soft.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/dev/random/randomdev_soft.c (revision 240694)
> +++ sys/dev/random/randomdev_soft.c (working copy)
> @@ -158,6 +185,11 @@ random_yarrow_init(void)
> "Harvest serial net entropy");
> SYSCTL_ADD_PROC(&random_clist,
> SYSCTL_CHILDREN(random_sys_harvest_o),
> + OID_AUTO, "devprobe", CTLTYPE_INT | CTLFLAG_RW,
> + &harvest.devprobe, 1, random_check_boolean, "I",
> + "Harvest Device Probe entropy");
> + SYSCTL_ADD_PROC(&random_clist,
> + SYSCTL_CHILDREN(random_sys_harvest_o),
> OID_AUTO, "interrupt", CTLTYPE_INT | CTLFLAG_RW,
> &harvest.interrupt, 1, random_check_boolean, "I",
> "Harvest IRQ entropy");
> @@ -303,7 +341,7 @@ random_harvest_internal(u_int64_t someco
> KASSERT(origin =3D=3D RANDOM_START || origin =3D=3D RANDOM_WRITE ||
> origin =3D=3D RANDOM_KEYBOARD || origin =3D=3D RANDOM_MOUSE =
||
> origin =3D=3D RANDOM_NET || origin =3D=3D RANDOM_INTERRUPT ||
> - origin =3D=3D RANDOM_PURE,
> + origin =3D=3D RANDOM_PURE || origin =3D=3D RANDOM_DEVICE,
> ("random_harvest_internal: origin %d invalid\n", origin));
> =20
> /* Lockless read to avoid lock operations if fifo is full. */
> Index: sys/dev/random/harvest.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/dev/random/harvest.c (revision 240694)
> +++ sys/dev/random/harvest.c (working copy)
> @@ -48,7 +48,13 @@ __FBSDID("$FreeBSD$");
> static int read_random_phony(void *, int);
> =20
> /* Structure holding the desired entropy sources */
> -struct harvest_select harvest =3D { 1, 1, 1, 0 };
> +struct harvest_select harvest =3D {
> + 1, /*ethernet*/
> + 1, /*pt2pt*/
> + 1, /*intr*/
> + 0, /*swi*/
> + 1, /*devprobe*/
> +};
> static int warned =3D 0;
> =20
> /* hold the address of the routine which is actually called if
> Index: sys/sys/random.h
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/sys/random.h (revision 240495)
> +++ sys/sys/random.h (working copy)
> @@ -45,6 +45,7 @@ enum esource {
> RANDOM_NET,
> RANDOM_INTERRUPT,
> RANDOM_PURE,
> + RANDOM_DEVICE,
> ENTROPYSOURCE
> };
> void random_harvest(void *, u_int, u_int, u_int, enum esource);
> @@ -57,6 +58,7 @@ struct harvest_select {
> int point_to_point;
> int interrupt;
> int swi;
> + int device;
> };
> =20
> extern struct harvest_select harvest;
> Index: sys/kern/subr_bus.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/kern/subr_bus.c (revision 240495)
> +++ sys/kern/subr_bus.c (working copy)
> @@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
> #include <sys/condvar.h>
> #include <sys/queue.h>
> #include <machine/bus.h>
> +#include <sys/random.h>
> #include <sys/rman.h>
> #include <sys/selinfo.h>
> #include <sys/signalvar.h>
> @@ -53,6 +54,7 @@ __FBSDID("$FreeBSD$");
> #include <sys/bus.h>
> #include <sys/interrupt.h>
> =20
> +#include <machine/cpu.h>
> #include <machine/stdarg.h>
> =20
> #include <vm/uma.h>
> @@ -2760,8 +2762,10 @@ device_probe_and_attach(device_t dev)
> int
> device_attach(device_t dev)
> {
> + uint64_t attachtime;
> int error;
> =20
> + attachtime =3D get_cyclecount();
> device_sysctl_init(dev);
> if (!device_is_quiet(dev))
> device_print_child(dev->parent, dev);
> @@ -2784,6 +2788,10 @@ device_attach(device_t dev)
> dev->state =3D DS_ATTACHED;
> dev->flags &=3D ~DF_DONENOMATCH;
> devadded(dev);
> + if (harvest.devprobe)
> + random_harvest(&attachtime, sizeof(attachtime), 4, 0,
> + RANDOM_DEVICE);
> +
> return (0);
> }
> =20
> Index: etc/defaults/rc.conf
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- etc/defaults/rc.conf (revision 239610)
> +++ etc/defaults/rc.conf (working copy)
> @@ -642,6 +642,7 @@ entropy_file=3D"/entropy" # Set to NO to d
> entropy_dir=3D"/var/db/entropy" # Set to NO to disable caching entropy v=
ia cron.
> entropy_save_sz=3D"2048" # Size of the entropy cache files.
> entropy_save_num=3D"8" # Number of entropy cache files to save.
> +harvest_devprobe=3D"YES" # Entropy device harvests device probe randomne=
ss
> harvest_interrupt=3D"YES" # Entropy device harvests interrupt randomness
> harvest_ethernet=3D"YES" # Entropy device harvests ethernet randomness
> harvest_p_to_p=3D"YES" # Entropy device harvests point-to-point randomne=
ss
> Index: etc/rc.d/initrandom
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- etc/rc.d/initrandom (revision 239610)
> +++ etc/rc.d/initrandom (working copy)
> @@ -41,6 +63,12 @@ initrandom_start()
> if [ \! -z "${soft_random_generator}" ] ; then
> =20
> if [ -w /dev/random ]; then
> + if checkyesno harvest_devprobe; then
> + ${SYSCTL} kern.random.sys.harvest.devprobe=3D1 >/dev/null
> + echo -n ' interrupts'
> + else
> + ${SYSCTL} kern.random.sys.harvest.devprobe=3D0 >/dev/null
> + fi
> if checkyesno harvest_interrupt; then
> ${SYSCTL} kern.random.sys.harvest.interrupt=3D1 >/dev/null
> echo -n ' interrupts'
--=20
Pawel Jakub Dawidek
http://www.wheelsystems.com
FreeBSD committer
http://www.FreeBSD.org
Am I Evil? Yes, I Am!
http://tupytaj.pl
--7mxbaLlpDEyR1+x6
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlBb/LUACgkQForvXbEpPzRqbwCggYbw2eHuwSQ3ymbaOhoWH98w
7m4AmwQHghgTE7VWsaUs+5sU/cjKpJjB
=A9ZX
-----END PGP SIGNATURE-----
--7mxbaLlpDEyR1+x6--