Our second n2k14 hackathon report comes from Theo de Raadt (deraadt@), who writes,
First off, I completed a series of changes to the random subsystem.
The bootblocks now try to read a file (/etc/random.seed) out of the
root filesystem, mix it with data from the random instructions or tsc
clock, and pass it the kernel. This small pool is given to the kernel
using a special ELF random segment, so that fairly strong entropy is
available right from kernel startup. For instance, the stack
protector is correctly initialized from the get-go. Since large
amounts of raw entropy are available, a bunch of "startup problem"
code could be deleted or rewritten. We can now call the arc4random
functions in the kernel from the earliest point possible. As the
kernel becomes more alive step by step, it folds new entropy
information into the pool.
Regarding the /etc/random.seed file, some sequencing improvements were
made to /etc/rc to update this file, as well feed the random number
generator better with other saved entropy sources. I think it is
pretty good.. the remaining work is on clock mixing in the bootblocks
of the remaining architectures.
My second task was to look into fixing a glaring and ugly ioctl
problem in pf. For historical reasons the kernel and pfctl share
datastructures far too closely. There is a shortcut that we can take,
but I wanted to investigate a cleaner solution, since it will be an
ABI break either way. In discussions I estimated it would be around
6000 lines of diff.... and the estimate turned out to be right. The
change remains unfinished because the separation is not complete.
Anchors have complicated things badly. I'll revisit it.
I also worked on some improved infrastructure for the signed releases
coming up in 5.5. Since we do snapshots all the time, we need a robust
pipeline for signing files. Still learning..
In between, I kept flipping back and forth towards work on
suspend-resume. I continue finding small glitches in the order of
operations. It was also a real pleasure to chat with Mark Kettenis
throughout the hackathon about the worst suspend-resume problem
area (video), and Joel Sing about the possibility of eventually
hibernating on softraid.
Throughout the week there were many other interruptions...
A big thank you from the Undeadly editors to Theo for the work and the report!
By the time you read this, there should be more n2k14 reports in the pipeline. Stay tuned.