From: "Jörn Engel" <joern@logfs.org>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: "Jörg-Volker Peetz" <jvpeetz@web.de>,
"John Stultz" <john.stultz@linaro.org>,
"Stephan Mueller" <smueller@chronox.de>,
LKML <linux-kernel@vger.kernel.org>,
dave.taht@bufferbloat.net,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"Thomas Gleixner" <tglx@linutronix.de>
Subject: Re: [PATCH,RFC] random: make fast_mix() honor its name
Date: Sun, 22 Sep 2013 16:53:34 -0400 [thread overview]
Message-ID: <20130922205334.GC4584@logfs.org> (raw)
In-Reply-To: <20130922212752.GB7321@thunk.org>
On Sun, 22 September 2013 17:27:52 -0400, Theodore Ts'o wrote:
>
> The structure of the mixing functions in /dev/random has been well
> studied, and validatetd in a number of different academic papers. So
> I prefer to stick with the basic architecture, even as it is scaled
> down for speed reasons and beause the pool is smaller.
And I want to keep that function. Essentially the point of fast_mix()
is to ratelimit _mix_pool_bytes(). Naïve ratelimiting would simply
discard the input once the ratelimit has been reached. My proposal is
to still use the input bits, but use a really cheap mixing function.
Your version of fast_mix() failed in the "really cheap" department.
As a result, it showed up in profiles and at least one idiot (me)
reverted to naïve ratelimiting. It could have been worse, I was
explicitly asked twice to just remove the call to
add_interrupt_randomness().
So don't think of my patch as weakening the mixing, but as
strengthening the ratelimited mixing. If we have few interrupts,
_mix_pool_bytes() will be run once a second, if we have many it will
be run once every 64 interrupts. And in the latter case, the input
for _mix_pool_bytes() is much better than with naïve ratelimiting.
And you should do the same for add_timer_randomness(), where again you
have ratelimiting. Once trickle_thresh is reached your code simply
discards most randomness. Only once in 4096 call do you use all the
bits you get - most of which will be predictable. Why not use a cheap
mixing function for the other 4095 calls and ensure we have many good
bits on call 4096?
Jörn
--
You can't tell where a program is going to spend its time. Bottlenecks
occur in surprising places, so don't try to second guess and put in a
speed hack until you've proven that's where the bottleneck is.
-- Rob Pike
next prev parent reply other threads:[~2013-09-22 22:12 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-10 11:31 [PATCH] /dev/random: Insufficient of entropy on many architectures Stephan Mueller
2013-09-10 11:46 ` Geert Uytterhoeven
2013-09-10 15:04 ` Theodore Ts'o
2013-09-10 16:54 ` Stephan Mueller
2013-09-10 18:25 ` Theodore Ts'o
2013-09-10 19:15 ` Stephan Mueller
2013-10-10 6:50 ` Pavel Machek
2013-10-14 21:13 ` Theodore Ts'o
2013-09-10 20:48 ` Geert Uytterhoeven
2013-09-10 21:14 ` Theodore Ts'o
2013-09-11 6:49 ` Stephan Mueller
2013-09-12 11:59 ` Geert Uytterhoeven
2013-09-12 12:08 ` Stephan Mueller
2013-09-12 12:15 ` Geert Uytterhoeven
2013-09-12 12:35 ` Stephan Mueller
2013-09-12 12:47 ` Geert Uytterhoeven
2013-09-12 12:57 ` Stephan Mueller
2013-09-12 21:18 ` Jörn Engel
2013-09-13 11:33 ` Thorsten Glaser
2013-09-12 14:25 ` Theodore Ts'o
2013-09-10 19:38 ` John Stultz
2013-09-10 19:44 ` John Stultz
2013-09-10 19:47 ` Stephan Mueller
2013-09-10 20:35 ` John Stultz
2013-09-10 20:38 ` Theodore Ts'o
2013-09-10 20:46 ` John Stultz
2013-09-10 21:10 ` Theodore Ts'o
2013-09-10 22:08 ` John Stultz
2013-09-10 22:33 ` Theodore Ts'o
2013-09-11 0:31 ` John Stultz
2013-09-11 0:50 ` Theodore Ts'o
2013-09-11 1:14 ` John Stultz
2013-09-12 20:46 ` H. Peter Anvin
2013-09-12 21:07 ` Jörn Engel
2013-09-12 23:31 ` Theodore Ts'o
2013-09-12 23:35 ` Jörn Engel
2013-09-13 0:00 ` Jörn Engel
2013-09-16 15:40 ` [PATCH,RFC] random: make fast_mix() honor its name Jörn Engel
2013-09-21 21:25 ` Theodore Ts'o
2013-09-21 21:41 ` Theodore Ts'o
2013-09-22 3:05 ` Theodore Ts'o
2013-09-22 21:01 ` Jörg-Volker Peetz
2013-09-22 21:27 ` Theodore Ts'o
2013-09-22 20:53 ` Jörn Engel [this message]
2013-09-22 23:36 ` Theodore Ts'o
2013-09-23 0:16 ` Jörn Engel
2013-09-23 2:43 ` Theodore Ts'o
2013-09-23 15:02 ` Jörn Engel
2013-09-23 7:39 ` Jörg-Volker Peetz
2013-09-22 20:31 ` Jörn Engel
2013-09-22 20:14 ` Jörn Engel
2013-09-12 21:31 ` [PATCH] /dev/random: Insufficient of entropy on many architectures Jörn Engel
2013-09-13 5:36 ` Stephan Mueller
2013-09-13 11:54 ` Thorsten Glaser
2013-09-13 19:29 ` Theodore Ts'o
2013-09-13 15:26 ` Jörn Engel
2013-09-13 18:59 ` Theodore Ts'o
2013-09-15 11:12 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130922205334.GC4584@logfs.org \
--to=joern@logfs.org \
--cc=dave.taht@bufferbloat.net \
--cc=fweisbec@gmail.com \
--cc=john.stultz@linaro.org \
--cc=jvpeetz@web.de \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
--cc=tglx@linutronix.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.