Re: [PATCH] /dev/random: Insufficient of entropy on manyarchitectures

From: Theodore Ts'o
Date: Tue Sep 10 2013 - 11:04:30 EST

Next message: David Woodhouse: "Re: [GIT PULL 0/3] ARM: SoC: Second round of changes for v3.12"
Previous message: Joel Fernandes: "Re: [PATCH] RFC: interrupt consistency check for OF GPIO IRQs"
In reply to: Geert Uytterhoeven: "Re: [PATCH] /dev/random: Insufficient of entropy on many architectures"
Next in thread: Stephan Mueller: "Re: [PATCH] /dev/random: Insufficient of entropy on many architectures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 10, 2013 at 01:31:41PM +0200, Stephan Mueller wrote:
> Hi,
>
> /dev/random uses the get_cycles() function to obtain entropy in addition to jiffies and the event value of hardware events.
>
> Typically the high-resolution timer of get_cycles delivers the majority of entropy, because the event value is quite deterministic and jiffies are very coarse.
>
> However, on the following architectures, get_cycles will return 0....

I am working on this issue with the MIPS maintainers, and on all of
the platforms where we have some kind of counter which is derived from
the CPU cycle clock, we should use it. So for example there is a
register on MIPS which is incremented on every single clock cycle mod
the number of entries in the TLB. This isn't sufficient for
get_cycles() in general, but what I am thinking about doing is
defining interface random_get_fast_cycles() which can be get_cycles()
on those platforms that have such an interface, but on platforms that
don't we can try to do something else.

> The following patch uses the clocksource clock for a time value in
> case get_cycles returns 0. As clocksource may not be available
> during boot time, a flag is introduced which allows random.c to
> check the availability of clocksource.

I'm a bit concerned about doing things this way because reading the
clocksource clock might be quite heavyweight, and we need something
which is very low overhead, since we call get_cycles() on every single
interrupt. If reading fom the clocksource clock is the equivalent of
a L3 cache miss (or worse) doing this on every single interrupt could
be highly problematic. So I think we will need to implement a
random_get_fast_cycles() for each platform for which get_cycles() is
not available. In some cases we may be able to use the local clock
source (if that's the best we can do), but in others, that may not be
appropriate at all.

Cheers,

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Woodhouse: "Re: [GIT PULL 0/3] ARM: SoC: Second round of changes for v3.12"
Previous message: Joel Fernandes: "Re: [PATCH] RFC: interrupt consistency check for OF GPIO IRQs"
In reply to: Geert Uytterhoeven: "Re: [PATCH] /dev/random: Insufficient of entropy on many architectures"
Next in thread: Stephan Mueller: "Re: [PATCH] /dev/random: Insufficient of entropy on many architectures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]