| History log of /src/share/man/man4/acpivmgenid.4 |
| Revision | | Date | Author | Comments |
| 1.4 |
| 10-Oct-2024 |
rin | branches: 1.4.4;
acpi{hed,vmgenid}(4), apei(4): Sync HISTORY with reality
These got successfully back-ported into 10.1 :)
|
| 1.3 |
| 28-Aug-2024 |
riastradh | branches: 1.3.2;
Bump dates on man pages recently updated to mention VM clones.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
|
| 1.2 |
| 26-Aug-2024 |
riastradh | acpivmgenid(4): Nix BUGS that have been squashed.
Reference kern.entropy.epoch for the remaining bug (which is a
performance issue, not a security issue).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
|
| 1.1 |
| 26-Aug-2024 |
riastradh | acpivmgenid(4): New driver for virtual machine generation ID.
Added to amd64/ALL and i386/ALL kernel configurations, and made
available as a loadable module acpivmgenid.kmod on x86, for now.
TBD: Add to all ACPI-supporting GENERIC kernels.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
|
| 1.3.2.3 |
| 10-Oct-2024 |
martin | Additionally pull up following revision(s) (requested by rin in ticket #939):
share/man/man4/acpihed.4: revision 1.3
share/man/man4/apei.4: revision 1.3
share/man/man4/acpivmgenid.4: revision 1.4
acpi{hed,vmgenid}(4), apei(4): Sync HISTORY with reality
These got successfully back-ported into 10.1 :)
|
| 1.3.2.2 |
| 09-Oct-2024 |
martin | Pull up following revision(s) (requested by riastradh in ticket #939):
distrib/sets/lists/debug/module.md.amd64: revision 1.18
sys/modules/Makefile: revision 1.292
lib/libc/gen/arc4random.c: revision 1.34
lib/libc/gen/arc4random.c: revision 1.35
lib/libc/gen/arc4random.c: revision 1.36
lib/libc/gen/arc4random.c: revision 1.37
sys/kern/kern_entropy.c: revision 1.70
lib/libc/gen/arc4random.c: revision 1.38
sys/kern/kern_entropy.c: revision 1.71
lib/libc/gen/getentropy.3: revision 1.8
distrib/sets/lists/modules/md.amd64: revision 1.103
share/man/man4/rnd.4: revision 1.42
share/man/man4/rnd.4: revision 1.44
lib/libc/include/arc4random.h: revision 1.1
distrib/sets/lists/man/mi: revision 1.1786
sys/arch/i386/conf/GENERIC: revision 1.1258
sys/modules/acpivmgenid/acpivmgenid.ioconf: revision 1.1
sys/arch/amd64/conf/ALL: revision 1.190
distrib/sets/lists/debug/mi: revision 1.446
sys/arch/i386/conf/ALL: revision 1.521
lib/libc/gen/Makefile.inc: revision 1.219
distrib/sets/lists/debug/module.md.i386: revision 1.12
sys/dev/acpi/acpi_vmgenid.c: revision 1.1
sys/dev/acpi/acpi_vmgenid.c: revision 1.2
lib/libc/include/reentrant.h: revision 1.22
sys/arch/evbarm/conf/GENERIC64: revision 1.219
share/man/man4/Makefile: revision 1.735
distrib/sets/lists/modules/md.i386: revision 1.100
distrib/sets/lists/tests/mi: revision 1.1334
lib/libc/gen/arc4random.3: revision 1.22
sys/dev/acpi/files.acpi: revision 1.133
lib/libc/gen/arc4random.3: revision 1.23
tests/lib/libc/gen/t_arc4random.c: revision 1.1
sys/sys/entropy.h: revision 1.6
sys/arch/amd64/conf/GENERIC: revision 1.614
sys/modules/acpivmgenid/Makefile: revision 1.1
share/man/man4/acpivmgenid.4: revision 1.1
lib/libc/gen/Makefile.inc: revision 1.220
tests/lib/libc/gen/Makefile: revision 1.56
share/man/man4/acpivmgenid.4: revision 1.2
share/man/man4/acpivmgenid.4: revision 1.3
(all via patch)
Catch up with all the lint warnings since exit on warning was disabled.
Disable 'missing header declaration' and 'nested extern' warnings for now.
acpivmgenid(4): New driver for virtual machine generation ID.
Added to amd64/ALL and i386/ALL kernel configurations, and made
available as a loadable module acpivmgenid.kmod on x86, for now.
TBD: Add to all ACPI-supporting GENERIC kernels.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
entropy(9): Factor out subroutines to reset and gather entropy.
`Reset' means we keep the data in the pool, but assume it had zero
entropy. `Gather' means we request samples from all on-demand
sources and wait for the synchronous ones to complete.
No functional change intended, other than to expose new symbols --
just preparation to expose these to acpivmgenid(4), so it can use
these when the VM host notifies us that we, the guest, have been
cloned.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
acpivmgenid(4): Reset and gather entropy on VM clone notification.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
arc4random(3): Reseed if system entropy epoch changes.
This can happen, for example, if the system is a VM instance, and the
VM is cloned.
This incurs the cost of a system call on every arc4random call, which
is unfortunate, but
1. we don't currently have a (machine-independent) mechanism for
exposing a read-only page to userland shared by the kernel to
enable a cheaper access path to the entropy epoch; and
2. the algorithm here -- a simple application of ChaCha -- is likely
also a bottleneck and could be much cheaper by
(a) using sys/crypto/chacha for machine-dependent vectorized
ChaCha code, and
(b) filling a buffer (somewhere between a cipher block and a page)
in a batch at a time, instead of running ChaCha to generate
only 32 bytes at a time.
So although this might be a performance hit, the security benefit is
worthwhile and we have a clear path to do better than reversing the
performance hit later.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
acpivmgenid(4): Nix BUGS that have been squashed.
Reference kern.entropy.epoch for the remaining bug (which is a
performance issue, not a security issue).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
entropy(9): Allow unprivileged reads of sysctl kern.entropy.epoch.
Applications need this in order to know when to reseed. (We should
also expose it through a page shared read-only with userland for
cheaper access, but until we do, let's let applications get at it
through sysctl.)
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
arc4random.c: Fix test program.
This isn't wired up anywhere, but let's reduce the bitrot. It was
helpful in reminding me that kern.entropy.epoch was, for reasons I
can't remember, restricted to privileged access.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
amd64, evbarm, i386: Add acpivmgenid(4) to GENERIC.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
rnd(4): Document kern.entropy.epoch is unprivileged and elaborate.
Cross-reference acpivmgenid(4).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
arc4random(3): Note that arc4random respects kern.entropy.epoch.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
Add debug info for new acpivmgenid module
arc4random(3): Add automatic tests.
This verifies that:
- arc4random zeroes its state and reseeds itself on fork
- arc4random reseeds itself on entropy consolidation (e.g., VM clone)
- arc4random falls back to global state if it can't allocate local
state because address space limits cause mmap to fail
NOTE: This adds a new libc symbol __arc4random_global, but it's in
the reserved namespace and only used by t_arc4random, so no libc
minor bump.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
getentropy(3): Note intent to reseed on VM clone, and caveats.
Tidy markup and pacify some mandoc -Tlint complaints while here.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
Bump dates on man pages recently updated to mention VM clones.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
arc4random(3): Pacify some of lint's complaints.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
arc4random: suppress another lint warning
|
| 1.3.2.1 |
| 28-Aug-2024 |
martin | file acpivmgenid.4 was added on branch netbsd-10 on 2024-10-09 13:25:11 +0000
|
| 1.4.4.2 |
| 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.4.4.1 |
| 10-Oct-2024 |
perseant | file acpivmgenid.4 was added on branch perseant-exfatfs on 2025-08-02 05:55:10 +0000
|
