From: "Jörn Engel" <joern@purestorage.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH] random: make try_to_generate_entropy() more robust
Date: Sat, 19 Oct 2019 07:37:30 -0700 [thread overview]
Message-ID: <20191019143501.GF31027@cork> (raw)
In-Reply-To: <alpine.DEB.2.21.1910191214490.2098@nanos.tec.linutronix.de>
On Sat, Oct 19, 2019 at 12:49:52PM +0200, Thomas Gleixner wrote:
>
> One slightly related thing I was looking into is that the mixing of
> interrupt entropy is always done from hard interrupt context. That has a
> few issues:
>
> 1) It's pretty visible in profiles for high frequency interrupt
> scenarios.
>
> 2) The regs content can be pretty boring non-deterministic when the
> interrupt hits idle.
>
> Not an issue in the try_to_generate_entropy() case probably, but
> that still needs some careful investigation.
>
> For #1 I was looking into a trivial storage model with a per cpu ring
> buffer, where each entry contains the entropy data of one interrupt and let
> some thread or whatever handle the mixing later.
Or you can sum up all regs.
unsigned long regsum(struct pt_regs *regs)
{
unsigned long *r = (void *)regs;
unsigned long sum = r[0];
int i;
for (i = 1; i < sizeof(*regs) / sizeof(*r); i++) {
sum += r[i];
}
return sum;
}
Takes 1 cycle per register in the current form, half as much if the
compiler can be convinced to unroll the loop. That's cheaper than
rdtsc() on most/all CPUs.
If interrupt volume is high, the regsum should be good enough. The
final mixing can be amortized as well. Once the pool is initialized,
you can mix new entropy once per jiffy or so and otherwise just add to a
percpu counter or something like that.
> That would allow to filter out 'constant' data (#) but it would also give
> Joerns approach a way to get to some 'random' register content independent
> of the context in which the timer softirq is running in.
Jörn
--
Given two functions foo_safe() and foo_fast(), the shorthand foo()
should be an alias for foo_safe(), never foo_fast().
-- me
prev parent reply other threads:[~2019-10-19 14:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20191018203704.GC31027@cork>
2019-10-18 20:42 ` [PATCH] random: make try_to_generate_entropy() more robust Jörn Engel
2019-10-18 22:58 ` Linus Torvalds
2019-10-19 2:25 ` Linus Torvalds
2019-10-19 7:39 ` Ingo Molnar
2019-10-19 10:13 ` Thomas Gleixner
2019-10-19 10:49 ` Thomas Gleixner
2019-10-19 14:37 ` Jörn Engel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191019143501.GF31027@cork \
--to=joern@purestorage.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox