From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Herbert Xu" <herbert@gondor.apana.org.au>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Cc: "Nícolas F. R. A. Prado" <nfraprado@collabora.com>,
"Eric Biggers" <ebiggers@kernel.org>,
"James Bottomley" <James.Bottomley@hansenpartnership.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
regressions@lists.linux.dev, kernel@collabora.com,
"Tejun Heo" <tj@kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Kees Cook" <keescook@chromium.org>, "Torsten Duwe" <duwe@lst.de>,
"H. Peter Anvin" <hpa@zytor.com>, "Theodore Ts'o" <tytso@mit.edu>,
"Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: Re: [v3 PATCH] hwrng: core - Remove add_early_randomness
Date: Thu, 23 May 2024 12:53:04 +0300 [thread overview]
Message-ID: <D1GXKODMD4S8.1J12D4GOEQWPL@kernel.org> (raw)
In-Reply-To: <Zk7K7hw-XIHmPs26@gondor.apana.org.au>
On Thu May 23, 2024 at 7:49 AM EEST, Herbert Xu wrote:
> On Wed, May 22, 2024 at 03:53:23PM -0700, Linus Torvalds wrote:
> >
> > That said, looking at the code in question, there are other oddities
> > going on. Even the "we found a favorite new rng" case looks rather
> > strange. The thread we use - nice and asynchronous - seems to sleep
> > only if the randomness source is emptied.
> >
> > What if you have a really good source of hw randomness? That looks
> > like a busy loop to me, but hopefully I'm missing something obvious.
>
> Yes that does look strange. So I dug up the original patch at
>
> https://lore.kernel.org/all/20140317165012.GC1763@lst.de/
>
> and therein lies the answer. It's relying on random.c to push back
> when the amount of new entropy exceeds what it needs. IOW we will
> sleep via add_hwgenerator_randomness when random.c decides that
> enough is enough. In fact the rate is much less now compared to
> when the patch was first applied.
Just throwing something because came to mind, not a serious suggestion.
In crypto_larval_lookup I see statements like this:
request_module("crypto-%s", name);
You could potentially bake up a section/table to vmlinux which would
have entries like:
"module name", 1/0
'1' would mean built-in. Then for early randomness use only stuff
that is built-in.
Came to mind from arch/x86/realmode for which I baked in a table
for relocation (this was a collaborative work with H. Peter Anvin
in 2012 to make trampoline code relocatable but is still a legit
example to do such shenanigans in a subystem).
BR, Jarkko
next prev parent reply other threads:[~2024-05-23 9:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0f68c283ff4bbb89b8a019d47891f798c6fff287.camel@HansenPartnership.com>
[not found] ` <CAMj1kXHi4r8KY9GvX573kwqvLpMfX-J=K2hWiGAKkf5bnicwYQ@mail.gmail.com>
[not found] ` <0d260c2f7a9f67ec8bd2305919636678d06000d1.camel@HansenPartnership.com>
[not found] ` <CAMj1kXFE_R_x10BVkU+8vrMz0RHiX0+rz-ZL+w08FH2CLQHZXA@mail.gmail.com>
[not found] ` <66ec985f3ee229135bf748f1b0874d5367a74d7f.camel@HansenPartnership.com>
[not found] ` <dfb0d930-7cbe-46c5-be19-d132b4906ecf@notapiano>
[not found] ` <D1C2NPOBHAHK.20O4IME8OK1FH@kernel.org>
[not found] ` <20240518043115.GA53815@sol.localdomain>
[not found] ` <ZkhS1zrobNwAuANI@gondor.apana.org.au>
[not found] ` <00bcfa65-384d-46ae-ab8b-30f12487928b@notapiano>
2024-05-21 2:53 ` [v2 PATCH] crypto: api - Do not load modules if called by async probing Herbert Xu
2024-05-21 19:37 ` Nícolas F. R. A. Prado
2024-05-22 5:37 ` [v3 PATCH] hwrng: core - Remove add_early_randomness Herbert Xu
2024-05-22 11:51 ` Jarkko Sakkinen
2024-05-23 4:50 ` Herbert Xu
2024-05-22 19:19 ` Nícolas F. R. A. Prado
2024-05-22 22:53 ` Linus Torvalds
2024-05-23 4:49 ` Herbert Xu
2024-05-23 9:53 ` Jarkko Sakkinen [this message]
2024-05-23 9:58 ` Herbert Xu
2024-05-23 10:07 ` Jarkko Sakkinen
2024-05-23 10:02 ` Jarkko Sakkinen
2024-05-23 10:40 ` Torsten Duwe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D1GXKODMD4S8.1J12D4GOEQWPL@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=duwe@lst.de \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel@collabora.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfraprado@collabora.com \
--cc=regressions@lists.linux.dev \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox