Home | History | Annotate | Download | only in pci
History log of /src/sys/dev/pci/hifn7751.c
RevisionDateAuthorComments
 1.82  04-Aug-2023  riastradh entropy(9): Simplify stages. Split interrupt vs non-interrupt paths.

- Nix the entropy stage (cold, warm, hot). Just use the usual kernel
`cold' (cold: single-core, single-thread; interrupts may happen),
and don't make any three-way distinction about whether interrupts
or threads or other CPUs can be running.

Instead, while cold, use splhigh/splx or forbid paths to come from
interrupt context, and while warm, use mutex or the per-CPU hard
and soft interrupt paths for low latency. This comes at a small
cost to some interrupt latency, since we may stir the pool in
interrupt context -- but only for a very short window early at boot
between configure and configure2, so it's hard to imagine it
matters much.

- Allow rnd_add_uint32 to run in hard interrupt context or with spin
locks held, but defer processing to softint and drop samples on the
floor if buffer is full. This is mainly used for cheaply tossing
samples from drivers for non-HWRNG devices into the entropy pool,
so it is often used from interrupt context and/or under spin locks.

- New rnd_add_data_intr provides the interrupt-like data entry path
for arbitrary buffers and driver-specified entropy estimates: defer
processing to softint and drop samples on the floor if buffer is
full.

- Document that rnd_add_data is forbidden under spin locks outside
interrupt context (will crash in LOCKDEBUG), and inadvisable in
interrupt context (but technically permitted just in case there are
compatibility issues for now); later we can forbid it altogether in
interrupt context or under spin locks.

- Audit all uses of rnd_add_data to use rnd_add_data_intr where it
might be used in interrupt context or under a spin lock.

This fixes a regression from last year when the global entropy lock
was changed from IPL_VM (spin) to IPL_SOFTSERIAL (adaptive). Thought
I'd caught all the problems from that, but another one bit three
different people this week, presumably because of recent changes that
led to more non-HWRNG drivers entering the entropy consolidation
path from rnd_add_uint32.

In my attempt to preserve the rnd(9) API for the (now long-since
abandoned) prospect of pullup to netbsd-9 in my rewrite of the
entropy subsystem in 2020, I didn't introduce a separate entry point
for entering entropy from interrupt context or equivalent, i.e., spin
locks held, and instead made rnd_add_data rely on cpu_intr_p() to
decide whether to process the whole sample under a lock or only take
as much as there's buffer space for before scheduling a softint. In
retrospect, that was a mistake (though perhaps not as much of a
mistake as other entropy API decisions...), a mistake which is
finally getting rectified now by rnd_add_data_intr.

XXX pullup-10
 1.81  06-May-2023  andvar s/Regiser/Register/ and s/regester/register/ in comments.
 1.80  22-May-2022  riastradh branches: 1.80.4;
opencrypto: Make freesession callback return void.

No functional change intended: all drivers already return zero
unconditionally.
 1.79  22-May-2022  riastradh hifn(4): Prune dead branches. Assert session id validity.
 1.78  22-May-2022  riastradh hifn(4): Make ERESTART return more obvious.
 1.77  22-May-2022  riastradh hifn(4): Nix dead code. crp and callback are guaranteed nonnull.
 1.76  22-May-2022  riastradh hifn(4): hifn_compression always returns zero. Prune dead branches.
 1.75  22-May-2022  riastradh hifn(4): Fix error branches to do crypto_done, not return error.
 1.74  17-May-2020  riastradh pool_cache_prime, not pool_cache_lowat, as suggested by nick.
 1.73  17-May-2020  riastradh Missed a spot.
 1.72  17-May-2020  riastradh Rework hifn(4) RNG logic.

Previously we would read 34 bits of entropy into the pool and stop,
never to try again. This change finishes the conversion to an
on-demand source, although we still use a callout to (a) try again in
another second if the 7811 FIFO was emptied, and (b) wait at least
0.4 sec after we start the RNG to read anything from it as the
alleged documentation allegedly recommends.
 1.71  17-May-2020  riastradh Tweak locking and use a pool cache for commands and dmamaps.

This is enough to get the crypto decelerator working in LOCKDEBUG;
previously it would crash the moment you looked at it.
 1.70  17-May-2020  riastradh Merge updates from OpenBSD's hifn(4) crypto decelerator driver.

Highlights:

- Apply a ten-year-old fix to the driver's misuse of previously
exposed ciphertext as IV for the next ciphertext with CBC.

(Someone^TM should make sure there are no other drivers still doing
this...)

- Various zeroing of buffers.

- Various minor cosmetic changes.
 1.69  17-May-2020  riastradh Remove bogus comment.
 1.68  17-May-2020  riastradh De-#ifdef __OpenBSD__ify hifn7751.c.

Not really helpful; we can just use diff3 to merge updates.
 1.67  30-Apr-2020  riastradh rnd_attach_source calls the callback itself now.

No need for every driver to explicitly call it to prime the pool.

Eliminate now-unused <sys/rndpool.h>.
 1.66  30-Apr-2020  riastradh Don't attach rndsource until it's actually ready to run.
 1.65  29-Feb-2020  mlelstv Fix signed/unsigned comparisons. Send data little endian.
 1.64  18-Feb-2020  msaitoh No functional change:

- u_int*_t -> uint*_t
- whitespace fixes.
- KNF.
 1.63  27-Dec-2018  maxv branches: 1.63.6;
Remove M_COPY_PKTHDR, M_MOVE_PKTHDR, M_ALIGN and MH_ALIGN.
 1.62  05-Oct-2018  msaitoh Use pci_intr_establish_xname().
 1.61  14-May-2015  maxv branches: 1.61.16; 1.61.18;
Use-after-free. Found by Brainy.

ok christos@
 1.60  09-May-2015  riastradh Defer to a callout in hifn_rng_get. Fixes lock-against-self.

Still can't call rnd_add_data directly from an rndsource callback.

(Still plan to fix this with further rnd rototilling.)

XXX pullup netbsd-7
 1.59  09-May-2015  mrg initialise sc_mtx slightly earlier, before it is used on systems with rng.

fixes problem reported by msaitoh@.
 1.58  27-Apr-2015  christos fix mbuf leak on failure (Brainy)
 1.57  13-Apr-2015  riastradh Convert sys/dev to use <sys/rndsource.h>.
 1.56  10-Aug-2014  tls branches: 1.56.2; 1.56.4;
Merge tls-earlyentropy branch into HEAD.
 1.55  03-Jun-2014  msaitoh Avoid buffer overflow which was added in rev. 1.52.
This change fix a panic at boot time (PR#47950 Reported by Bert Kiers).

OK'd by tls.
 1.54  29-Mar-2014  christos branches: 1.54.2;
make pci_intr_string and eisa_intr_string take a buffer and a length
instead of relying in local static storage.
 1.53  03-Jan-2014  pgoyette Modularize
 1.52  13-Jun-2013  tls branches: 1.52.2;
Convert the entropy pool framework from pseudo-callout-driven to
soft interrupt driven operation.

Add a polling mode of operation -- now we can ask hardware random number
generators to top us up just when we need it (bcm2835_rng and amdpm
converted as examples).

Fix a stall noticed with repeated reads from /dev/random while testing.
 1.51  27-Oct-2012  chs split device_t/softc for all remaining drivers.
replace "struct device *" with "device_t".
use device_xname(), device_unit(), etc.
 1.50  02-Feb-2012  tls branches: 1.50.6;
Entropy-pool implementation move and cleanup.

1) Move core entropy-pool code and source/sink/sample management code
to sys/kern from sys/dev.

2) Remove use of NRND as test for presence of entropy-pool code throughout
source tree.

3) Remove use of RND_ENABLED in device drivers as microoptimization to
avoid expensive operations on disabled entropy sources; make the
rnd_add calls do this directly so all callers benefit.

4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might
have lead to slight entropy overestimation for some sources.

5) Add new source types for environmental sensors, power sensors, VM
system events, and skew between clocks, with a sample implementation
for each.

ok releng to go in before the branch due to the difficulty of later
pullup (widespread #ifdef removal and moved files). Tested with release
builds on amd64 and evbarm and live testing on amd64.
 1.49  30-Jan-2012  drochner Use pci_aprint_devinfo(9) instead of pci_devinfo+aprint_{normal,naive}
where it looks straightforward, and pci_aprint_devinfo_fancy in a few
others where drivers want to supply their own device names instead
of the pcidevs generated one. More complicated cases, where names
are composed at runtime, are left alone for now. It certainly makes
sense to simplify the drivers here rather than inventing a catch-all API.
This should serve as as example for new drivers, and also ensure
consistent output in the AB_QUIET ("boot -q") case. Also, it avoids
excessive stack usage where drivers attach child devices because the
buffer for the device name is not kept on the local stack anymore.
 1.48  29-Nov-2011  tls branches: 1.48.2;
Remove rnd_extract_data from the public kernel API (it is for use by the
stream generators only). Clean up some related minor issues.
 1.47  19-Nov-2011  tls First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:

An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.

A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.

The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.

An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.

A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.

An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.

In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.

The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.

The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.

A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.

The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.

Manual pages for the new kernel interfaces are forthcoming.
 1.46  13-Nov-2010  uebayasi branches: 1.46.8;
Don't pull in the whole uvm(9) API to access only PAGE_SIZE and
some other constants. These are provided by sys/param.h now.
 1.45  16-Jun-2010  hubertf Make debug message print more than the device name

OK mbalmer, jmcneill
 1.44  01-Feb-2010  hubertf branches: 1.44.2; 1.44.4;
Use uppercase for acronyms on output: DRAM, SRAM
 1.43  26-Nov-2009  njoly Cleanup interrupt establish error messages. Do not mix
aprint_error/aprint_normal/printf calls for a single line.
 1.42  28-Apr-2009  dyoung Use device_t, cfdata_t, and device_private().
 1.41  18-Apr-2009  tsutsui Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch
 1.40  18-Mar-2009  cegger bcopy -> memcpy
 1.39  18-Mar-2009  cegger bzero -> memset
 1.38  18-Mar-2009  cegger bcmp -> memcmp
 1.37  10-Apr-2008  cegger branches: 1.37.4; 1.37.12; 1.37.18;
use aprint_*_dev and device_xname
 1.36  02-Feb-2008  tls branches: 1.36.6;
From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless
actually asked to.

Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
 1.35  09-Jul-2007  ad branches: 1.35.8; 1.35.14;
Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
 1.34  04-Mar-2007  christos branches: 1.34.2; 1.34.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
 1.33  16-Nov-2006  christos branches: 1.33.4;
__unused removal on arguments; approved by core.
 1.32  12-Oct-2006  christos - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
 1.31  30-Aug-2006  christos branches: 1.31.2; 1.31.4;
static goes first
 1.30  28-Mar-2006  thorpej Use device_unit().
 1.29  25-Nov-2005  thorpej branches: 1.29.4; 1.29.6; 1.29.8; 1.29.10; 1.29.12;
- De-couple the software crypto implementation from the rest of the
framework. There is no need to waste the space if you are only using
algoritms provided by hardware accelerators. To get the software
implementations, add "pseudo-device swcr" to your kernel config.
- Lazily initialize the opencrypto framework when crypto drivers
(either hardware or swcr) register themselves with the framework.
 1.28  16-Oct-2005  tls branches: 1.28.6;
From Gilles Roy <groy@qnx.com>: don't increment buffer pointer twice
(once before callback, once *in* callback) for MAC transforms. How did
this driver ever work at all without this?
 1.27  16-Oct-2005  tls HAVE_CRYPTO_LZS, not HAVE_CRYPTO_LSZ (worse, it was inconsistently used)
 1.26  16-Oct-2005  tls Don't use rnd_extract_data to set up IVs for new sessions; it is very
expensive, and pointless. As elsewhere in the kernel (and as approved
under FIPS-140-2 by multiple test labs, incidentally) we use arc4 to
generate IVs here; there is no benefit to their being cryptographically
strong so long as there is a sufficient Hamming distance between them.
 1.25  15-Oct-2005  tls Add support for the hardware random number generator on the Hifn 7811
and 795x. This was present in the driver before, but disabled due to
problems with the actual randomness of generated numbers on the
ubiquitious 7900-series parts. The code here is far, far more
conservative than anyone else's driver for this RNG is -- but I
believe that conservatism is called for, because the 79xx RNG
design is missing a number of pieces from Hifn's "reference" 6500
RNG, and thus the numbers it generates must be treated with some
care.

Support for the 7811 RNG (which is a full-fledged 6500 type
generator) is pretty much the same here as in other variants of
this driver, except that it uses Hifn's "worst case" estimate of
actual entropy per output bit, so it will accumulate bits much
more slowly. The 7811 support is untested.
 1.24  15-Oct-2005  tls From OpenBSD hifn7751.c revision 1.149: enable the command-wait interrupt
even if there's only one request in the queue. Sometimes we seem to miss
multiple interrupts, and command-wait saves us.
 1.23  28-Jun-2005  thorpej branches: 1.23.2;
Use ANSI function decls and static.
 1.22  27-Feb-2005  perry nuke trailing whitespace
 1.21  29-Apr-2004  jonathan branches: 1.21.4; 1.21.6;
Identify AES-capable chips (7955, 7956) in the driver attach message.
 1.20  16-Nov-2003  jonathan branches: 1.20.2;
Support symmetric crypto ops, including AES, on hifn 7955 and 7956.
Not tested on 795[56], but compiles and matches FreeBSD-tested diffs.

Suggested by Sam Leffler <sam@errno.com>, as imported into FreeBSD by Sam.
Submitted to FreeBSD by Rajesh Vaidyanath <RVaidyanath@hifn.com>.
 1.19  28-Aug-2003  thorpej Remove an unnececssary PCI config read.
 1.18  28-Aug-2003  thorpej Hi/Fn is now spelled Hifn.
 1.17  28-Aug-2003  thorpej ANSI'ify (matches change in openbsd v1.140 of this file).
 1.16  28-Aug-2003  thorpej Print out a bit more information about which part is present at attach
time, generally tidy up autoconfiguration messages.
 1.15  30-Jul-2003  jonathan Discard previous driver; it didnt really do anything.

Replace with a new from-scratch port of recent OpenBSD hifn7751 source,
with changes to the crypto-framework calls to fit Sam Leffler's rework.
(Some of the attach-time changes from the previous driver were carried over).
Many thanks to Quentin Garnier (cube@cubidou.net) for testing an pre-release
of the driver and finding a couple of missing initializations.

Note that RNG support is temporarily disabled, until a potential issue
with RNG quality is investigated and resolved.
 1.14  03-May-2003  wiz branches: 1.14.2;
DMA, not dma nor Dma.
 1.13  31-Jan-2003  thorpej Use aprint_*().
 1.12  20-Jan-2003  simonb The Double-Semi-Colon Police.
 1.11  06-Jan-2003  wiz interrupt with two rs.
 1.10  02-Oct-2002  thorpej Add trailing ; to CFATTACH_DECL.
 1.9  30-Sep-2002  thorpej Use CFATTACH_DECL().
 1.8  27-Sep-2002  thorpej Declare all cfattach structures const.
 1.7  12-Jan-2002  tsutsui Call malloc(9) with M_ZERO flag instead of memset() after malloc().
 1.6  13-Nov-2001  lukem add RCSID
 1.5  07-Jul-2001  thorpej branches: 1.5.2;
bcmp -> memcmp
 1.4  07-Jul-2001  thorpej bzero -> memset
 1.3  07-Jul-2001  thorpej bcopy -> memcpy
 1.2  28-Dec-2000  sommerfeld branches: 1.2.2;
Change pci_intr_map to get interrupt source information from a "struct
pci_attach_args *" instead of from four separate parameters which in
all cases were extracted from the same "struct pci_attach_args".

This both simplifies the driver api, and allows for alternate PCI
interrupt mapping schemes, such as one using the tables described in
the Intel Multiprocessor Spec which describe interrupt wirings for
devices behind pci-pci bridges based on the device's location rather
the bridge's location.

Tested on alpha and i386; welcome to 1.5Q
 1.1  12-Oct-2000  itojun branches: 1.1.2;
hifn7751 crypto card driver. from openbsd.
does nothing useful at this moment - initailize the chip, that's all.
TODO: crypto logic framework in kernel (see openbsd sys/crypto)
TODO: ipsec frontend (need major rework in ipsec tree - should start with busywait)
TODO: character device frontend
 1.1.2.3  05-Jan-2001  bouyer Sync with HEAD
 1.1.2.2  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
A i386 GENERIC kernel compiles without the siop, ahc and bha drivers
(will be updated later). i386 IDE/ATAPI and ncr work, as well as
sparc/esp_sbus. alpha should work as well (untested yet).
siop, ahc and bha will be updated once I've updated the branch to current
-current, as well as machine-dependant code.
 1.1.2.1  12-Oct-2000  bouyer file hifn7751.c was added on branch thorpej_scsipi on 2000-11-20 11:42:20 +0000
 1.2.2.5  07-Jan-2003  thorpej Sync with HEAD.
 1.2.2.4  18-Oct-2002  nathanw Catch up to -current.
 1.2.2.3  28-Feb-2002  nathanw Catch up to -current.
 1.2.2.2  14-Nov-2001  nathanw Catch up to -current.
 1.2.2.1  24-Aug-2001  nathanw Catch up with -current.
 1.5.2.3  10-Oct-2002  jdolecek sync kqueue with -current; this includes merge of gehenna-devsw branch,
merge of i386 MP branch, and part of autoconf rototil work
 1.5.2.2  11-Feb-2002  jdolecek Sync w/ -current.
 1.5.2.1  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.14.2.6  11-Dec-2005  christos Sync with head.
 1.14.2.5  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.14.2.4  04-Mar-2005  skrll Sync with HEAD.

Hi Perry!
 1.14.2.3  21-Sep-2004  skrll Fix the sync with head I botched.
 1.14.2.2  18-Sep-2004  skrll Sync with HEAD.
 1.14.2.1  03-Aug-2004  skrll Sync with HEAD
 1.20.2.1  05-May-2004  tron Pull up revision 1.21 (requested by jonathan in ticket #239):
Identify AES-capable chips (7955, 7956) in the driver attach message.
 1.21.6.1  19-Mar-2005  yamt sync with head. xen and whitespace. xen part is not finished.
 1.21.4.1  29-Apr-2005  kent sync with -current
 1.23.2.4  04-Feb-2008  yamt sync with head.
 1.23.2.3  03-Sep-2007  yamt sync with head.
 1.23.2.2  30-Dec-2006  yamt sync with head.
 1.23.2.1  21-Jun-2006  yamt sync with head.
 1.28.6.1  29-Nov-2005  yamt sync with head.
 1.29.12.1  31-Mar-2006  tron Merge 2006-03-31 NetBSD-current into the "peter-altq" branch.
 1.29.10.1  19-Apr-2006  elad sync with head.
 1.29.8.2  03-Sep-2006  yamt sync with head.
 1.29.8.1  01-Apr-2006  yamt sync with head.
 1.29.6.1  22-Apr-2006  simonb Sync with head.
 1.29.4.1  09-Sep-2006  rpaulo sync with head
 1.31.4.2  10-Dec-2006  yamt sync with head.
 1.31.4.1  22-Oct-2006  yamt sync with head
 1.31.2.1  18-Nov-2006  ad Sync with head.
 1.33.4.1  12-Mar-2007  rmind Sync with HEAD.
 1.34.4.1  11-Jul-2007  mjf Sync with head.
 1.34.2.1  01-Jul-2007  ad Adapt to callout API change.
 1.35.14.1  18-Feb-2008  mjf Sync with HEAD.
 1.35.8.1  23-Mar-2008  matt sync with HEAD
 1.36.6.1  02-Jun-2008  mjf Sync with HEAD.
 1.37.18.1  13-May-2009  jym Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.
 1.37.12.1  28-Apr-2009  skrll Sync with HEAD.
 1.37.4.3  11-Aug-2010  yamt sync with head.
 1.37.4.2  11-Mar-2010  yamt sync with head
 1.37.4.1  04-May-2009  yamt sync with head.
 1.44.4.2  05-Mar-2011  rmind sync with head
 1.44.4.1  03-Jul-2010  rmind sync with head
 1.44.2.1  17-Aug-2010  uebayasi Sync with HEAD.
 1.46.8.3  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.46.8.2  30-Oct-2012  yamt sync with head
 1.46.8.1  17-Apr-2012  yamt sync with head
 1.48.2.1  18-Feb-2012  mrg merge to -current.
 1.50.6.4  03-Dec-2017  jdolecek update from HEAD
 1.50.6.3  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.50.6.2  23-Jun-2013  tls resync from head
 1.50.6.1  20-Nov-2012  tls Resync to 2012-11-19 00:00:00 UTC
 1.52.2.1  18-May-2014  rmind sync with head
 1.54.2.2  10-Aug-2014  tls Rebase.
 1.54.2.1  07-Apr-2014  tls Be a little more clear and consistent about harvesting entropy from devices:

1) deprecate RND_FLAG_NO_ESTIMATE

2) define RND_FLAG_COLLECT_TIME, RND_FLAG_COLLECT_VALUE

3) define RND_FLAG_ESTIMATE_TIME, RND_FLAG_ESTIMATE_VALUE

4) define RND_FLAG_DEFAULT: RND_FLAG_COLLECT_TIME|
RND_FLAG_COLLECT_VALUE|RND_FLAG_ESTIMATE_TIME

5) Make entropy harvesting from environmental sensors a little more generic
and remove it from individual sensor drivers.

6) Remove individual open-coded delta-estimators for values from a few
places in the tree (uvm, environmental drivers).

7) 0 -> RND_FLAG_DEFAULT, actually gather entropy from various drivers
that had stubbed out code, other minor cleanups.
 1.56.4.1  06-Jun-2015  skrll Sync with HEAD
 1.56.2.3  15-May-2015  snj Pull up following revision(s) (requested by maxv in ticket #763):
sys/dev/pci/hifn7751.c: revisions 1.58, 1.61
fix mbuf leak on failure (Brainy)
--
Use-after-free. Found by Brainy.
 1.56.2.2  11-May-2015  msaitoh Pull up following revision(s) (requested by mrg in ticket #750):
sys/dev/pci/hifn7751.c: revision 1.59
initialise sc_mtx slightly earlier, before it is used on systems with rng.
fixes problem reported by msaitoh@.
 1.56.2.1  11-May-2015  msaitoh Pull up following revision(s) (requested by riastradh in ticket #748):
sys/dev/pci/hifn7751.c: revision 1.60
Defer to a callout in hifn_rng_get. Fixes lock-against-self.
Still can't call rnd_add_data directly from an rndsource callback.
(Still plan to fix this with further rnd rototilling.)
XXX pullup netbsd-7
 1.61.18.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.61.18.1  10-Jun-2019  christos Sync with HEAD
 1.61.16.2  18-Jan-2019  pgoyette Synch with HEAD
 1.61.16.1  20-Oct-2018  pgoyette Sync with head
 1.63.6.1  29-Feb-2020  ad Sync with head.
 1.80.4.1  11-Aug-2023  martin Pull up following revision(s) (requested by riastradh in ticket #319):

sys/dev/pci/ubsec.c: revision 1.64
sys/dev/pci/hifn7751.c: revision 1.82
lib/libc/gen/getentropy.3: revision 1.5
lib/libc/gen/getentropy.3: revision 1.6
share/man/man4/rnd.4: revision 1.41
lib/libc/sys/getrandom.2: revision 1.2
lib/libc/sys/getrandom.2: revision 1.3
share/man/man5/rc.conf.5: revision 1.193
share/man/man7/entropy.7: revision 1.5
share/man/man7/entropy.7: revision 1.6
share/man/man7/entropy.7: revision 1.7
share/man/man7/entropy.7: revision 1.8
etc/security: revision 1.130
share/man/man7/entropy.7: revision 1.9
etc/security: revision 1.131
sys/crypto/cprng_fast/cprng_fast.c: revision 1.19
sys/sys/rndio.h: revision 1.3
tests/lib/libc/sys/t_getrandom.c: revision 1.5
etc/defaults/rc.conf: revision 1.164
etc/defaults/rc.conf: revision 1.165
sys/sys/rndsource.h: revision 1.10
sys/kern/kern_entropy.c: revision 1.62
sys/kern/kern_entropy.c: revision 1.63
sys/kern/kern_entropy.c: revision 1.64
sys/kern/subr_cprng.c: revision 1.44
sys/kern/kern_entropy.c: revision 1.65
sys/kern/kern_clock.c: revision 1.149
sys/dev/pci/viornd.c: revision 1.22
share/man/man9/rnd.9: revision 1.32
sys/kern/subr_prf.c: revision 1.202
sys/sys/rndsource.h: revision 1.8
sys/sys/rndsource.h: revision 1.9
share/man/man7/entropy.7: revision 1.10

1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in
parallel with assessment of only confident entropy sources (seed,
HWRNG) for security warnings like sshd keys in motd and daily
insecurity report.

2. Make multiuser boot wait for first /dev/random output soon after
loading a seed and configuring rndctl, so that getentropy(3) meets
its contract starting early at boot without introducing blocking
paths that could cause hangs in init(8) or single-user mode.
Operators can choose to disable this wait in rc.conf.

3. Fix some bugs left over from reducing the global entropy lock from
a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL.

4. Update man pages.

RSS XML Feed