The NetBSD Project

CVS log for src/share/man/man4/acpivmgenid.4

[BACK] Up to [cvs.NetBSD.org] / src / share / man / man4

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.3.2.3: download - view: text, markup, annotated - select for diffs
Thu Oct 10 09:40:36 2024 UTC (3 months, 1 week ago) by martin
Branches: netbsd-10
CVS tags: netbsd-10-1-RELEASE
Diff to: previous 1.3.2.2: preferred, colored; next MAIN 1.4: preferred, colored
Changes since revision 1.3.2.2: +2 -2 lines
Additionally pull up following revision(s) (requested by rin in ticket #939):

	share/man/man4/acpihed.4: revision 1.3
	share/man/man4/apei.4: revision 1.3
	share/man/man4/acpivmgenid.4: revision 1.4

acpi{hed,vmgenid}(4), apei(4): Sync HISTORY with reality
These got successfully back-ported into 10.1 :)

Revision 1.4: download - view: text, markup, annotated - select for diffs
Thu Oct 10 09:05:45 2024 UTC (3 months, 1 week ago) by rin
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -2 lines
acpi{hed,vmgenid}(4), apei(4): Sync HISTORY with reality

These got successfully back-ported into 10.1 :)

Revision 1.3.2.2: download - view: text, markup, annotated - select for diffs
Wed Oct 9 13:25:11 2024 UTC (3 months, 1 week ago) by martin
Branches: netbsd-10
Diff to: previous 1.3.2.1: preferred, colored
Changes since revision 1.3.2.1: +108 -0 lines
Pull up following revision(s) (requested by riastradh in ticket #939):

	distrib/sets/lists/debug/module.md.amd64: revision 1.18
	sys/modules/Makefile: revision 1.292
	lib/libc/gen/arc4random.c: revision 1.34
	lib/libc/gen/arc4random.c: revision 1.35
	lib/libc/gen/arc4random.c: revision 1.36
	lib/libc/gen/arc4random.c: revision 1.37
	sys/kern/kern_entropy.c: revision 1.70
	lib/libc/gen/arc4random.c: revision 1.38
	sys/kern/kern_entropy.c: revision 1.71
	lib/libc/gen/getentropy.3: revision 1.8
	distrib/sets/lists/modules/md.amd64: revision 1.103
	share/man/man4/rnd.4: revision 1.42
	share/man/man4/rnd.4: revision 1.44
	lib/libc/include/arc4random.h: revision 1.1
	distrib/sets/lists/man/mi: revision 1.1786
	sys/arch/i386/conf/GENERIC: revision 1.1258
	sys/modules/acpivmgenid/acpivmgenid.ioconf: revision 1.1
	sys/arch/amd64/conf/ALL: revision 1.190
	distrib/sets/lists/debug/mi: revision 1.446
	sys/arch/i386/conf/ALL: revision 1.521
	lib/libc/gen/Makefile.inc: revision 1.219
	distrib/sets/lists/debug/module.md.i386: revision 1.12
	sys/dev/acpi/acpi_vmgenid.c: revision 1.1
	sys/dev/acpi/acpi_vmgenid.c: revision 1.2
	lib/libc/include/reentrant.h: revision 1.22
	sys/arch/evbarm/conf/GENERIC64: revision 1.219
	share/man/man4/Makefile: revision 1.735
	distrib/sets/lists/modules/md.i386: revision 1.100
	distrib/sets/lists/tests/mi: revision 1.1334
	lib/libc/gen/arc4random.3: revision 1.22
	sys/dev/acpi/files.acpi: revision 1.133
	lib/libc/gen/arc4random.3: revision 1.23
	tests/lib/libc/gen/t_arc4random.c: revision 1.1
	sys/sys/entropy.h: revision 1.6
	sys/arch/amd64/conf/GENERIC: revision 1.614
	sys/modules/acpivmgenid/Makefile: revision 1.1
	share/man/man4/acpivmgenid.4: revision 1.1
	lib/libc/gen/Makefile.inc: revision 1.220
	tests/lib/libc/gen/Makefile: revision 1.56
	share/man/man4/acpivmgenid.4: revision 1.2
	share/man/man4/acpivmgenid.4: revision 1.3

	(all via patch)

Catch up with all the lint warnings since exit on warning was disabled.

Disable 'missing header declaration' and 'nested extern' warnings for now.
acpivmgenid(4): New driver for virtual machine generation ID.

Added to amd64/ALL and i386/ALL kernel configurations, and made
available as a loadable module acpivmgenid.kmod on x86, for now.
TBD: Add to all ACPI-supporting GENERIC kernels.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

entropy(9): Factor out subroutines to reset and gather entropy.
`Reset' means we keep the data in the pool, but assume it had zero
entropy.  `Gather' means we request samples from all on-demand
sources and wait for the synchronous ones to complete.

No functional change intended, other than to expose new symbols --
just preparation to expose these to acpivmgenid(4), so it can use
these when the VM host notifies us that we, the guest, have been
cloned.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

acpivmgenid(4): Reset and gather entropy on VM clone notification.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random(3): Reseed if system entropy epoch changes.
This can happen, for example, if the system is a VM instance, and the
VM is cloned.

This incurs the cost of a system call on every arc4random call, which
is unfortunate, but
1. we don't currently have a (machine-independent) mechanism for
   exposing a read-only page to userland shared by the kernel to
   enable a cheaper access path to the entropy epoch; and
2. the algorithm here -- a simple application of ChaCha -- is likely
   also a bottleneck and could be much cheaper by
   (a) using sys/crypto/chacha for machine-dependent vectorized
       ChaCha code, and
   (b) filling a buffer (somewhere between a cipher block and a page)
       in a batch at a time, instead of running ChaCha to generate
       only 32 bytes at a time.
So although this might be a performance hit, the security benefit is
worthwhile and we have a clear path to do better than reversing the
performance hit later.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

acpivmgenid(4): Nix BUGS that have been squashed.
Reference kern.entropy.epoch for the remaining bug (which is a
performance issue, not a security issue).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

entropy(9): Allow unprivileged reads of sysctl kern.entropy.epoch.

Applications need this in order to know when to reseed.  (We should
also expose it through a page shared read-only with userland for
cheaper access, but until we do, let's let applications get at it
through sysctl.)
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random.c: Fix test program.

This isn't wired up anywhere, but let's reduce the bitrot.  It was
helpful in reminding me that kern.entropy.epoch was, for reasons I
can't remember, restricted to privileged access.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

amd64, evbarm, i386: Add acpivmgenid(4) to GENERIC.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

rnd(4): Document kern.entropy.epoch is unprivileged and elaborate.
Cross-reference acpivmgenid(4).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random(3): Note that arc4random respects kern.entropy.epoch.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
Add debug info for new acpivmgenid module

arc4random(3): Add automatic tests.

This verifies that:
- arc4random zeroes its state and reseeds itself on fork
- arc4random reseeds itself on entropy consolidation (e.g., VM clone)
- arc4random falls back to global state if it can't allocate local
  state because address space limits cause mmap to fail

NOTE: This adds a new libc symbol __arc4random_global, but it's in
the reserved namespace and only used by t_arc4random, so no libc
minor bump.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

getentropy(3): Note intent to reseed on VM clone, and caveats.

Tidy markup and pacify some mandoc -Tlint complaints while here.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

Bump dates on man pages recently updated to mention VM clones.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random(3): Pacify some of lint's complaints.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random: suppress another lint warning

Revision 1.3.2.1
Wed Aug 28 14:39:16 2024 UTC (4 months, 3 weeks ago) by martin
Branches: netbsd-10
FILE REMOVED
Changes since revision 1.3: +0 -108 lines
file acpivmgenid.4 was added on branch netbsd-10 on 2024-10-09 13:25:11 +0000

Revision 1.3: download - view: text, markup, annotated - select for diffs
Wed Aug 28 14:39:16 2024 UTC (4 months, 3 weeks ago) by riastradh
Branches: MAIN
Branch point for: netbsd-10
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -2 lines
Bump dates on man pages recently updated to mention VM clones.

PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

Revision 1.2: download - view: text, markup, annotated - select for diffs
Mon Aug 26 15:28:58 2024 UTC (4 months, 3 weeks ago) by riastradh
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +12 -16 lines
acpivmgenid(4): Nix BUGS that have been squashed.

Reference kern.entropy.epoch for the remaining bug (which is a
performance issue, not a security issue).

PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

Revision 1.1: download - view: text, markup, annotated - select for diffs
Mon Aug 26 13:38:28 2024 UTC (4 months, 3 weeks ago) by riastradh
Branches: MAIN
acpivmgenid(4): New driver for virtual machine generation ID.

Added to amd64/ALL and i386/ALL kernel configurations, and made
available as a loadable module acpivmgenid.kmod on x86, for now.

TBD: Add to all ACPI-supporting GENERIC kernels.

PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>