Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r249631

Attempt to mitigate poor initialization of arc4 by one-shot
reinitialization from yarrow right after good entropy is harvested.

Approved by: secteam (delphij)

MFC r247334:

Correct a typo introduced in r153575, which gives inverted logic when
handling blocking semantics when seeding.

PR: kern/143298
Submitted by: James Juran <james juran baesystems com>
Reviewed by: markm

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Fix typos - remove duplicate "the".

PR: bin/154928
Submitted by: Eitan Adler <lists at eitanadler.com>
MFC after: 3 days

There is rubbish here
It is time to take it out
Now it is cleaner

Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom returns.

Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:11.arc4random

Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0 so that we can eventually MFC the
new kthread_xxx() calls.

Don't save SYSCTL_ADD_*() results in a local variable just to throw them
away; preserve the ones that are needed for further calls in the init
function and ignore the rest entirely.

Found with: Coverity Prevent(tm)
CID: 563

Use pause() rather than tsleep() on stack variables and function pointers.

Change msleep() and tsleep() to not alter the calling thread's priority
if the specified priority is zero. This avoids a race where the calling
thread could read a snapshot of it's current priority, then a different
thread could change the first thread's priority, then the original thread
would call sched_prio() inside msleep() undoing the change made by the
second thread. I used a priority of zero as no thread that calls msleep()
or tsleep() should be specifying a priority of zero anyway.

The various places that passed 'curthread->td_priority' or some variant
as the priority now pass 0.

Remove GIANT from device random.

Submitted by: ups

Revert to the more correct array size, and correct a KASSERT to
only allow proper values. ENTROPYSOURCE is a maxval+1, not an
allowable number.

Suggested loose protons in the solution: phk
Prefers to keep the pH close to seven: markm

Fix off-by-one (too little!) array size problem.

Detected by: Coverity (ID#661)

Check O_NONBLOCK not IO_NDELAY.

Don't include vnode.h

Don't change the priority to PUSER when sleeping, just keep the current
priority.

(1) Move from O(n) list copies to O(1) list concatenation, which is
supported for STAILQ via STAILQ_CONCAT().

(2) Maintain a count of the number of entries in the thread-local entropy
fifo so that we can keep the other fifo counts in synch.

MFC after: 3 weeks
MFC with: randomdev_soft.c revisions 1.5 and 1.6
Suggested by: jhb (1)

Assert that the entropy source category provided by a caller submitting
entropy is valid, as an invalid source will cause dereferencing of an
array of queues to an incorrect memory location.

Modify entropy harvesting locking strategy:

- Trade off granularity to reduce overhead, since the current model
doesn't appear to reduce contention substantially: move to a single
harvest mutex protecting harvesting queues, rather than one mutex
per source plus a mutex for the free list.

- Reduce mutex operations in a harvesting event to 2 from 4, and
maintain lockless read to avoid mutex operations if the queue is
full.

- When reaping harvested entries from the queue, move all entries from
the queue at once, and when done with them, insert them all into a
thread-local queue for processing; then insert them all into the
empty fifo at once. This reduces O(4n) mutex operations to O(2)
mutex operations per wakeup.

In the future, we may want to look at re-introducing granularity,
although perhaps at the granularity of the source rather than the
source class; both the new and old strategies would cause contention
between different instances of the same source (i.e., multiple
network interfaces).

Reviewed by: markm

Perform a lockless read to test whether an entropy havesting fifo is
full, avoiding the cost of mutex operations if it is. We re-test
once the mutex is acquired to make sure it's still true before doing
the -modify-write part of the read-modify-write. Note that due to
the maximum fifo depth being pretty deep, this is unlikely to improve
harvesting performance yet.

Approved by: markm

Start the entropy device insecure/unblocked. I'll be handing over
responsibility for critical randomness requirements (like sshd)
to rc.d/*

Requested by: many

Default to harvesting everything. This is to help give a faster
startup. harvesting can be turned OFF in etc/rc.d/* if it is a
burden.

Reorganise the entropy device so that high-yield entropy sources
can more easily be used INSTEAD OF the hard-working Yarrow.
The only hardware source used at this point is the one inside
the VIA C3 Nehemiah (Stepping 3 and above) CPU. More sources will
be added in due course. Contributions welcome!