Re: [PATCH 01/10] random: make 'add_interrupt_randomness()' dosomething sane

From: Matt Mackall
Date: Thu Jul 05 2012 - 14:56:04 EST

Next message: Eldad Zack: "Re: [PATCH 2/2] sunrpc/cache.h: replace simple_strtoul"
Previous message: Linus Torvalds: "Re: [PATCH 01/10] random: make 'add_interrupt_randomness()' dosomething sane"
In reply to: Theodore Ts'o: "[PATCH 01/10] random: make 'add_interrupt_randomness()' do something sane"
Next in thread: Linus Torvalds: "Re: [PATCH 01/10] random: make 'add_interrupt_randomness()' dosomething sane"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2012-07-05 at 14:12 -0400, Theodore Ts'o wrote:
> We've been moving away from add_interrupt_randomness() for various
> reasons: it's too expensive to do on every interrupt, and flooding the
> CPU with interrupts could theoretically cause bogus floods of entropy
> from a somewhat externally controllable source.
>
> This solves both problems by limiting the actual randomness addition
> to just once a second or after 128 interrupts, whicever comes first.
> During that time, the interrupt cycle data is buffered up in a per-cpu
> pool. Also, we make sure the the nonblocking pool used by urandom is
> initialized before we start feeding the normal input pool. This
> assures that /dev/urandom is returning unpredictable data as soon as
> possible.
>
> (Based on an original patch by Linus, but significantly modified by
> tytso.)

This series generally looks good to me, thanks for working on this. Some
notes:

a) now that you have a lockless collection path, you can drop the
trickle logic that protects against thrashing the lock
b) you can drop the last of the IRQF_SAMPLE_RANDOM users (and the
corresponding deprecation notice)
c) this code looks like it might credit timer interrupts with entropy on
a system otherwise sitting in the idle loop:

> - if (state == NULL)
> + if ((fast_pool->count & 255) &&
> + !time_after(now, fast_pool->last + HZ))
> return;
>
> - DEBUG_ENT("irq event %d\n", irq);
> - add_timer_randomness(state, 0x100 + irq);
> + fast_pool->last = now;
> +
> + r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool;
> + mix_pool_bytes(r, &fast_pool->pool, sizeof(fast_pool->pool));
> + credit_entropy_bits(r, 1);

I think you should demand a minimum number of events > HZ to actually
credit any valid entropy.

But I also still think the whole entropy counting/blocking scheme ought
to be dropped and /dev/random should become identical to /dev/urandom.
This series gets very close to the point where that's feasible.

--
Mathematics is the supreme nostalgia of our time.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eldad Zack: "Re: [PATCH 2/2] sunrpc/cache.h: replace simple_strtoul"
Previous message: Linus Torvalds: "Re: [PATCH 01/10] random: make 'add_interrupt_randomness()' dosomething sane"
In reply to: Theodore Ts'o: "[PATCH 01/10] random: make 'add_interrupt_randomness()' do something sane"
Next in thread: Linus Torvalds: "Re: [PATCH 01/10] random: make 'add_interrupt_randomness()' dosomething sane"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]