From: Kent Borg <kentborg@borg.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Venkatesh Pallipadi <venki@google.com>,
Jarod Wilson <jarod@redhat.com>,
linux-crypto@vger.kernel.org, Matt Mackall <mpm@selenic.com>,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
John Stultz <johnstul@us.ibm.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
"David S. Miller" <davem@davemloft.net>,
Suresh Siddha <suresh.b.siddha@intel.com>
Subject: Re: [PATCH 4/5] tsc: wire up entropy generation function
Date: Mon, 13 Jun 2011 20:39:44 -0400 [thread overview]
Message-ID: <4DF6ADD0.6080607@borg.org> (raw)
In-Reply-To: <4DF690E4.1060004@zytor.com>
H. Peter Anvin wrote:
> However, the big issue with this is that it's recursive... what
causes this to
> be invoked... probably an interrupt, which is going to have been
> invoked by a timer, quite possible the TSC deadline timer. Oops.
I was assuming that drivers, responding to an interrupt from some
external event, would want to make this call.
Such as a network driver. The canonical example is an entropy-starved
server that doesn't see much light at all, let alone a local user with a
mouse. But such a server does see plenty of packets. Packets that go
through various delays before getting to the ethernet port.
And even if an outside observer could get past the physical security
that isolates such a poor starved server and tap at the ethernet port,
an ethernet port is still many centimeters, a lot of gates, and even
some firmware away from the IRQ pin, and that pin itself is some
distance from the TSC. Knowing that LSB is extremely hard. Knowing
exactly when the LSB is going to be sampled is extremely hard. Knowing
both presents very real theoretical hurdles. And those hurdles get much
higher with every meter of distance.
> at the very least I would multiply the low 32 bits of
> the TSC with a 32-bit prime number before mixing.
Two points:
1. Why look at the high-order bits? How are they going to have values
that cannot be inferred? If you are looking for entropy, the low-order
bits is where they're going keep it. (Think Willie Sutton.) If looking
at the low-byte is cheaper, then let's be cheap. If, however, if
looking at more bytes *is* as cheap, then there is no harm. But in any
case let's keep the code lean enough that it can be called from an
interrupt service routine.
2. Don't confuse collecting entropy with how to mix the pool. Whether
or not to multiply by a prime number is the domain of how to mix the
pool. Possibly we need a patch on that, too, you might have a point
there, but that is a different question from whether we should be
allowed a function to use the TSC to mix the pool. Different issues.
-kb, the Kent who insists that it is better to credit no entropy and be
safe, than to collect no entropy and be certain.
next prev parent reply other threads:[~2011-06-14 0:39 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-13 22:06 [PATCH 0/5] Feed entropy pool via high-resolution clocksources Jarod Wilson
2011-06-13 22:06 ` [PATCH 1/5] random: add new clocksource entropy interface Jarod Wilson
2011-06-13 22:06 ` [PATCH 2/5] clocksource: add support for entropy-generation function Jarod Wilson
2011-06-17 20:52 ` Thomas Gleixner
2011-06-17 21:19 ` Jarod Wilson
2011-06-13 22:06 ` [PATCH 3/5] hpet: wire up entropy generation function Jarod Wilson
2011-06-13 22:06 ` [PATCH 4/5] tsc: " Jarod Wilson
2011-06-13 22:27 ` Venkatesh Pallipadi
2011-06-13 22:35 ` Jarod Wilson
2011-06-13 22:36 ` H. Peter Anvin
2011-06-13 23:10 ` Matt Mackall
2011-06-14 18:11 ` H. Peter Anvin
2011-06-14 0:39 ` Kent Borg [this message]
2011-06-14 1:47 ` H. Peter Anvin
2011-06-14 12:39 ` Kent Borg
2011-06-14 14:33 ` Matt Mackall
2011-06-14 17:48 ` Kent Borg
2011-06-14 18:00 ` Matt Mackall
2011-06-14 20:04 ` Kent Borg
2011-06-14 21:04 ` Matt Mackall
2011-06-14 14:02 ` Jarod Wilson
2011-06-13 23:55 ` Kent Borg
2011-06-17 20:58 ` Thomas Gleixner
2011-06-13 22:06 ` [PATCH 5/5] misc: add clocksource-based entropy generation driver Jarod Wilson
2011-06-17 21:01 ` Thomas Gleixner
2011-06-13 22:38 ` [PATCH 0/5] Feed entropy pool via high-resolution clocksources john stultz
2011-06-14 14:25 ` Jarod Wilson
2011-06-13 23:15 ` Matt Mackall
2011-06-14 15:18 ` Jarod Wilson
2011-06-14 15:22 ` Jarod Wilson
2011-06-14 17:13 ` Matt Mackall
2011-06-14 20:17 ` Jarod Wilson
2011-06-14 21:45 ` Matt Mackall
2011-06-14 22:51 ` Jarod Wilson
2011-06-14 23:12 ` Matt Mackall
2011-06-15 14:49 ` Jarod Wilson
2011-06-15 20:06 ` Matt Mackall
2011-06-17 18:51 ` Jarod Wilson
2011-06-17 19:29 ` Neil Horman
2011-06-17 20:46 ` Matt Mackall
2011-06-17 19:48 ` hpas
2011-06-17 20:28 ` Matt Mackall
2011-06-18 22:40 ` H. Peter Anvin
2011-06-19 13:38 ` Neil Horman
2011-06-19 15:07 ` Herbert Xu
2011-06-20 0:01 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DF6ADD0.6080607@borg.org \
--to=kentborg@borg.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.hengli.com.au \
--cc=hpa@zytor.com \
--cc=jarod@redhat.com \
--cc=johnstul@us.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=venki@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).