kern: harvest entropy from callouts

74cf7cae4d ("softclock: Use dedicated ithreads for running callouts.") switched callouts away from the swi infrastructure. It turns out that this was a major source of entropy in early boot, which we've now lost. As a result, first boot on hardware without a 'fast' entropy source would block waiting for fortuna to be seeded with little hope of progressing without manual intervention. Let's resolve it by explicitly harvesting entropy in callout_process() if we've handled any callouts. cc/curthread/now seem to be reasonable sources of entropy, so use those. Discussed with: jhb (also proposed initial patch) Reported by: many Reviewed by: cem, markm (both csprng) Differential Revision: https://reviews.freebsd.org/D34150
2026-05-28 04:12:45 -04:00 · 2022-02-03 10:05:06 -06:00 · 2022-02-03 10:05:06 -06:00 · 642701abc8
commit 642701abc8
parent f026275e26
4 changed files with 18 additions and 2 deletions
--- a/sys/dev/random/fenestrasX/fx_pool.c
+++ b/sys/dev/random/fenestrasX/fx_pool.c
@ -164,6 +164,9 @@ static const struct fxrng_ent_char {
 	[RANDOM_UMA] = {
 		.entc_cls = &fxrng_lo_push,
 	},
+	[RANDOM_CALLOUT] = {
+		.entc_cls = &fxrng_lo_push,
+	},
 	[RANDOM_PURE_OCTEON] = {
 		.entc_cls = &fxrng_hi_push,	/* Could be made pull. */
 	},
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@ -349,7 +349,8 @@ static const char *random_source_descr[ENTROPYSOURCE] = {
 	[RANDOM_INTERRUPT] = "INTERRUPT",
 	[RANDOM_SWI] = "SWI",
 	[RANDOM_FS_ATIME] = "FS_ATIME",
-	[RANDOM_UMA] = "UMA", /* ENVIRONMENTAL_END */
+	[RANDOM_UMA] = "UMA",
+	[RANDOM_CALLOUT] = "CALLOUT", /* ENVIRONMENTAL_END */
 	[RANDOM_PURE_OCTEON] = "PURE_OCTEON", /* PURE_START */
 	[RANDOM_PURE_SAFE] = "PURE_SAFE",
 	[RANDOM_PURE_GLXSB] = "PURE_GLXSB",
--- a/sys/kern/kern_timeout.c
+++ b/sys/kern/kern_timeout.c
@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
+#include <sys/random.h>
 #include <sys/sched.h>
 #include <sys/sdt.h>
 #include <sys/sleepqueue.h>
@ -430,6 +431,11 @@ callout_get_bucket(sbintime_t sbt)
 void
 callout_process(sbintime_t now)
 {
+	struct callout_entropy {
+		struct callout_cpu *cc;
+		struct thread *td;
+		sbintime_t now;
+	} entropy;
 	struct callout *tmp, *tmpn;
 	struct callout_cpu *cc;
 	struct callout_list *sc;
@ -545,6 +551,11 @@ next:
 	avg_lockcalls_dir += (lockcalls_dir * 1000 - avg_lockcalls_dir) >> 8;
 #endif
 	if (!TAILQ_EMPTY(&cc->cc_expireq)) {
+		entropy.cc = cc;
+		entropy.td = curthread;
+		entropy.now = now;
+		random_harvest_queue(&entropy, sizeof(entropy), RANDOM_CALLOUT);
+
 		td = cc->cc_thread;
 		if (TD_AWAITING_INTR(td)) {
 			thread_lock_block_wait(td);
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@ -86,7 +86,8 @@ enum random_entropy_source {
 	RANDOM_SWI,
 	RANDOM_FS_ATIME,
 	RANDOM_UMA,	/* Special!! UMA/SLAB Allocator */
-	RANDOM_ENVIRONMENTAL_END = RANDOM_UMA,
+	RANDOM_CALLOUT,
+	RANDOM_ENVIRONMENTAL_END = RANDOM_CALLOUT,
 	/* Fast hardware random-number sources from here on. */
 	RANDOM_PURE_START,
 	RANDOM_PURE_OCTEON = RANDOM_PURE_START,