Re: [PATCH 01/10] random: make 'add_interrupt_randomness()' do something sane

[Matt Mackall <mpm@selenic.com>]

On Fri, 2012-07-06 at 12:52 -0400, Theodore Ts'o wrote:
> On Fri, Jul 06, 2012 at 09:24:00AM -0700, Linus Torvalds wrote:
> > On Fri, Jul 6, 2012 at 6:01 AM, Theodore Ts'o <tytso@mit.edu> wrote:
> > > What in the world is "fast count"?  I've grepped for it,
> > > and I can't find it.
> > 
> > It's your own fast-pool counter that Matt was talking about.
> 
> When he said "check it against HZ", it confused me, since there's no
> way to compare it against HZ.  But yes, I can certainly not give any
> credit for entropy if __IRQF_TIMER is set, or keep track of whether
> the previous interrupt had __IRQF_TIMER set in its descriptor.  That's
> simple enough.
> 
> I thought he was saying there was some way to distinguish between
> interrupts triggered by the clock interrupt versus other devices on
> the same irq channel --- and I couldn't figure out any to do that in
> an architecture independent way.

Sorry.. offline for the weekend.

Let me restate:

- on some architectures, we will call into the RNG on timer interrupts
- this is generally desirable, as most time sources are asynchronous to
sched_clock() and thus a source of entropy
- we also want to keep conditional checks like IRQF_TIMER off the fast
path
- but on systems where the timer interrupt is the primary time source,
we may get effectively no entropy when the system is quiescent
- so we should check the fast pool count against HZ before crediting
- but even then, we still should mix the fast pool

Something like:

add_some_randomness(...) /* always mix */
if (fast_pool->count > HZ) {
  fast_pool->count = 0;
  credit_entropy_pool(...); /* only credit when we've got > HZ events */
}

That should be safe on all systems.

-- 
Mathematics is the supreme nostalgia of our time.