Bug 230876 - save-entropy: Sync saved random data
Summary: save-entropy: Sync saved random data
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Conrad Meyer
URL: https://reviews.freebsd.org/D19742
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-25 00:50 UTC by Conrad Meyer
Modified: 2019-03-31 18:56 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Conrad Meyer freebsd_committer freebsd_triage 2018-08-25 00:50:30 UTC 
libexec/save-entropy/save-entropy.sh should probably fsync the directory it modifies as well as the new file it creates to ensure newly saved entropy makes it to disk in the event of a crash.

(The entire point of save-entropy is to make saved-entropy RNG seeding crash-resistant — otherwise we could just rely on rc.d/random's shutdown component.)
Comment 1 commit-hook freebsd_committer freebsd_triage 2019-03-31 04:58:22 UTC 
A commit references this bug:

Author: cem
Date: Sun Mar 31 04:57:51 UTC 2019
New revision: 345744
URL: https://svnweb.freebsd.org/changeset/base/345744

Log:
  random(4): Attempt to persist entropy promptly

  The goal of saving entropy in Fortuna is two-fold: (1) to provide early
  availability of the random device (unblocking) on next boot; and (2), to
  have known, high-quality entropy available for that initial seed.  We know
  it is high quality because it's output taken from Fortuna.

  The FS&K paper makes it clear that Fortuna unblocks when enough bits have
  been input that the output //may// be safely seeded.  But they emphasize
  that the quality of various entropy sources is unknown, and a saved entropy
  file is essential for both availability and ensuring initial
  unpredictability.

  In FreeBSD we persist entropy using two mechanisms:

  1. The /etc/rc.d/random shutdown() function, which is used for ordinary
     shutdowns and reboots; and,

  2. A cron job that runs every dozen minutes or so to persist new entropy, in
     case the system suffers from power loss or a crash (bypassing the
     ordinary shutdown path).

  Filesystems are free to cache dirty data indefinitely, with arbitrary flush
  policy.  Fsync must be used to ensure the data is persisted, especially for
  the cron job save-entropy, whose entire goal is power loss and crash safe
  entropy persistence.

  Ordinary shutdown may not need the fsync because unmount should flush out
  the dirty entropy file shortly afterwards.  But it is always possible power
  loss or crash occurs during the short window after rc.d/random shutdown runs
  and before the filesystem is unmounted, so the additional fsync there seems
  harmless.

  PR:		230876
  Reviewed by:	delphij, markj, markm
  Approved by:	secteam (delphij)
  Differential Revision:	https://reviews.freebsd.org/D19742

Changes:
  head/libexec/rc/rc.d/random
  head/libexec/save-entropy/save-entropy.sh