head 1.1; access; symbols netbsd-11-0-RC3:1.1 netbsd-11-0-RC2:1.1 netbsd-11-0-RC1:1.1 perseant-exfatfs-base-20250801:1.1 netbsd-11:1.1.0.4 netbsd-11-base:1.1 netbsd-10-1-RELEASE:1.1.2.2 netbsd-10:1.1.0.2; locks; strict; comment @# @; 1.1 date 2024.08.26.13.38.28; author riastradh; state Exp; branches 1.1.2.1; next ; commitid OSEvXNBQ6e5tUknF; 1.1.2.1 date 2024.08.26.13.38.28; author martin; state dead; branches; next 1.1.2.2; commitid tFVNF0IZFD0fqZsF; 1.1.2.2 date 2024.10.09.13.25.12; author martin; state Exp; branches; next ; commitid tFVNF0IZFD0fqZsF; desc @@ 1.1 log @acpivmgenid(4): New driver for virtual machine generation ID. Added to amd64/ALL and i386/ALL kernel configurations, and made available as a loadable module acpivmgenid.kmod on x86, for now. TBD: Add to all ACPI-supporting GENERIC kernels. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork @ text @# $NetBSD$ .include "../Makefile.inc" .PATH: ${S}/dev/acpi KMOD= acpivmgenid IOCONF= acpivmgenid.ioconf SRCS= acpi_vmgenid.c .include @ 1.1.2.1 log @file Makefile was added on branch netbsd-10 on 2024-10-09 13:25:12 +0000 @ text @d1 11 @ 1.1.2.2 log @Pull up following revision(s) (requested by riastradh in ticket #939): distrib/sets/lists/debug/module.md.amd64: revision 1.18 sys/modules/Makefile: revision 1.292 lib/libc/gen/arc4random.c: revision 1.34 lib/libc/gen/arc4random.c: revision 1.35 lib/libc/gen/arc4random.c: revision 1.36 lib/libc/gen/arc4random.c: revision 1.37 sys/kern/kern_entropy.c: revision 1.70 lib/libc/gen/arc4random.c: revision 1.38 sys/kern/kern_entropy.c: revision 1.71 lib/libc/gen/getentropy.3: revision 1.8 distrib/sets/lists/modules/md.amd64: revision 1.103 share/man/man4/rnd.4: revision 1.42 share/man/man4/rnd.4: revision 1.44 lib/libc/include/arc4random.h: revision 1.1 distrib/sets/lists/man/mi: revision 1.1786 sys/arch/i386/conf/GENERIC: revision 1.1258 sys/modules/acpivmgenid/acpivmgenid.ioconf: revision 1.1 sys/arch/amd64/conf/ALL: revision 1.190 distrib/sets/lists/debug/mi: revision 1.446 sys/arch/i386/conf/ALL: revision 1.521 lib/libc/gen/Makefile.inc: revision 1.219 distrib/sets/lists/debug/module.md.i386: revision 1.12 sys/dev/acpi/acpi_vmgenid.c: revision 1.1 sys/dev/acpi/acpi_vmgenid.c: revision 1.2 lib/libc/include/reentrant.h: revision 1.22 sys/arch/evbarm/conf/GENERIC64: revision 1.219 share/man/man4/Makefile: revision 1.735 distrib/sets/lists/modules/md.i386: revision 1.100 distrib/sets/lists/tests/mi: revision 1.1334 lib/libc/gen/arc4random.3: revision 1.22 sys/dev/acpi/files.acpi: revision 1.133 lib/libc/gen/arc4random.3: revision 1.23 tests/lib/libc/gen/t_arc4random.c: revision 1.1 sys/sys/entropy.h: revision 1.6 sys/arch/amd64/conf/GENERIC: revision 1.614 sys/modules/acpivmgenid/Makefile: revision 1.1 share/man/man4/acpivmgenid.4: revision 1.1 lib/libc/gen/Makefile.inc: revision 1.220 tests/lib/libc/gen/Makefile: revision 1.56 share/man/man4/acpivmgenid.4: revision 1.2 share/man/man4/acpivmgenid.4: revision 1.3 (all via patch) Catch up with all the lint warnings since exit on warning was disabled. Disable 'missing header declaration' and 'nested extern' warnings for now. acpivmgenid(4): New driver for virtual machine generation ID. Added to amd64/ALL and i386/ALL kernel configurations, and made available as a loadable module acpivmgenid.kmod on x86, for now. TBD: Add to all ACPI-supporting GENERIC kernels. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork entropy(9): Factor out subroutines to reset and gather entropy. `Reset' means we keep the data in the pool, but assume it had zero entropy. `Gather' means we request samples from all on-demand sources and wait for the synchronous ones to complete. No functional change intended, other than to expose new symbols -- just preparation to expose these to acpivmgenid(4), so it can use these when the VM host notifies us that we, the guest, have been cloned. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork acpivmgenid(4): Reset and gather entropy on VM clone notification. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random(3): Reseed if system entropy epoch changes. This can happen, for example, if the system is a VM instance, and the VM is cloned. This incurs the cost of a system call on every arc4random call, which is unfortunate, but 1. we don't currently have a (machine-independent) mechanism for exposing a read-only page to userland shared by the kernel to enable a cheaper access path to the entropy epoch; and 2. the algorithm here -- a simple application of ChaCha -- is likely also a bottleneck and could be much cheaper by (a) using sys/crypto/chacha for machine-dependent vectorized ChaCha code, and (b) filling a buffer (somewhere between a cipher block and a page) in a batch at a time, instead of running ChaCha to generate only 32 bytes at a time. So although this might be a performance hit, the security benefit is worthwhile and we have a clear path to do better than reversing the performance hit later. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork acpivmgenid(4): Nix BUGS that have been squashed. Reference kern.entropy.epoch for the remaining bug (which is a performance issue, not a security issue). PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork entropy(9): Allow unprivileged reads of sysctl kern.entropy.epoch. Applications need this in order to know when to reseed. (We should also expose it through a page shared read-only with userland for cheaper access, but until we do, let's let applications get at it through sysctl.) PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random.c: Fix test program. This isn't wired up anywhere, but let's reduce the bitrot. It was helpful in reminding me that kern.entropy.epoch was, for reasons I can't remember, restricted to privileged access. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork amd64, evbarm, i386: Add acpivmgenid(4) to GENERIC. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork rnd(4): Document kern.entropy.epoch is unprivileged and elaborate. Cross-reference acpivmgenid(4). PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random(3): Note that arc4random respects kern.entropy.epoch. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork Add debug info for new acpivmgenid module arc4random(3): Add automatic tests. This verifies that: - arc4random zeroes its state and reseeds itself on fork - arc4random reseeds itself on entropy consolidation (e.g., VM clone) - arc4random falls back to global state if it can't allocate local state because address space limits cause mmap to fail NOTE: This adds a new libc symbol __arc4random_global, but it's in the reserved namespace and only used by t_arc4random, so no libc minor bump. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork getentropy(3): Note intent to reseed on VM clone, and caveats. Tidy markup and pacify some mandoc -Tlint complaints while here. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork Bump dates on man pages recently updated to mention VM clones. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random(3): Pacify some of lint's complaints. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random: suppress another lint warning @ text @a0 11 # $NetBSD: Makefile,v 1.1 2024/08/26 13:38:28 riastradh Exp $ .include "../Makefile.inc" .PATH: ${S}/dev/acpi KMOD= acpivmgenid IOCONF= acpivmgenid.ioconf SRCS= acpi_vmgenid.c .include @